In addition to this doc, there is an active #meltdown channel in our Community Slack.

On January 3rd, 2018, Project Zero - a team of security analysts at Google - published a lengthy blog post detailing how they had managed to manipulate a feature in most modern CPUs to efficiently dump memory from privileged memory from a non-privileged process.

For example, if exploited correctly, a tenant in one virtual machine could read memory from another virtual machine running on the same bare metal host, or a non-privileged user could log keystrokes of another user logged into the same system.

As a result of this disclosure, cloud operators providing virtual machines to their customers have needed to upgrade their hypervisors to protect their users against this type of attack, and all operating system distros are in the process of updating their kernels and microcode to mitigate these types of attacks as well.

Variants

There are two categories (3 variants) of attacks being discussed, with varying updates available.

Spectre - Variants 1/2

RHEL and CentOS appear to have completed the effort around the kernel and microcode to mitigate this attack, while other distros are waiting for kernel patches to be applied upstream and microcode to be released by Intel.

Meltdown - Variant 3 

The fixes for variant 3 have been merged into the kernel upstream and the backport and downstream processes are happening rapidly.

Implications

Packet provides users access to single tenant bare metal instances, not virtual machines with a shared hypervisor. As such, you may have less immediate risk unless you're running a multi-tenant cloud or container service on top of Packet compute.
__________

Even if you are not running a multi-tenant service on top of Packet bare metal, this style of attack presents risk and we strongly recommend that you update your operating system as soon as updates are available.
__________

We are also actively going through the process of updating all of our installable operating systems as updates become available. We will be updating this page as updates are made available.

Operating Systems Status

       ESXi: More information about available VMWare patches here
       CentOS:
Actively working to update.
       CoreOS: Actively working to update.
       NixOS: 17.09 includes updated kernels with KPTI patches. Details here.
       Scientific Linux: Actively working to update.
       Alpine: Assessing status.
       Debian: Assessing status.
       FreeBSD: Assessing status.
       Windows: Assessing status.
       Ubuntu:  16.04 / 17.04 / & 17.10 have updated kernels with KPTI patches (details)

Hardware Status

       All Intel processors are affected
       The Cavium ThunderX processor is not affected
       The HiSilicon Taishan processor is affected

We are also working with all of our hardware vendors to get BIOS microcode updates on all of our Intel-based systems.

Looking for More Help?

You can always reach out to us via email, live chat or return to our home page.

Did this answer your question?