Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Meltdown and Spectre Vulnerabilities"

From EGIWiki
Jump to navigation Jump to search
 
(42 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{svg-header}}  
{{svg-header}}  
 
{{DeprecatedAndMovedTo|new_location=https://advisories.egi.eu/Meltdown_and_Spectre_Vulnerabilities}}
More information is likely to be added in the coming days. This is an initial version. 
 
== Purpose of this page  ==
 
To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities, which we consider relevant to the EGI infrastructure.
 
== What are they?  ==
 
These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. However patches are available which mitigate these problems.
 
Meltdown affects most Intel chips, and has CVE-2017-5754
 
Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715.
 
Here you will find more information  [http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/]
 
[https://meltdownattack.com/ https://meltdownattack.com/ ], [https://spectreattack.com/ https://spectreattack.com/] and [https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html]
 
== CERN information  ==
 
CERN has compiled information which is useful for many EGI sites
 
[https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml]
 
== Intel Information  ==
 
Product patches
 
[https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File]
 
== RedHat Information  ==
 
RedHat description:
 
[https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution]
 
[https://access.redhat.com/articles/3307751 https://access.redhat.com/articles/3307751]
 
 
 
RedHat CVE info: [https://access.redhat.com/security/cve/CVE-2017-5754]
 
[https://access.redhat.com/security/cve/CVE-2017-5754 https://access.redhat.com/security/cve/CVE-2017-5754]
 
[https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5753]
 
[https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5715]
 
 
 
RHEL6:
 
kernel-2.6.32-696.18.7.el6: [https://access.redhat.com/errata/RHSA-2018:0008 https://access.redhat.com/errata/RHSA-2018:0008]
 
microcode_ctl-1.17-25.2.el6_9: [https://access.redhat.com/errata/RHSA-2018:0013 https://access.redhat.com/errata/RHSA-2018:0013]
 
RHEL7:
 
kernel-3.10.0-693.11.6.el7: [https://access.redhat.com/errata/RHSA-2018:0007 https://access.redhat.com/errata/RHSA-2018:0007]
 
microcode_ctl-2.1-22.2.el7: [https://access.redhat.com/errata/RHSA-2018:0012 https://access.redhat.com/errata/RHSA-2018:0012]
 
linux-firmware-20170606-57.gitc990aae.el7_4: [https://access.redhat.com/errata/RHSA-2018:0014 https://access.redhat.com/errata/RHSA-2018:0014]
 
<br> qemu-kvm:
 
RHEL6:
 
qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0024 https://access.redhat.com/errata/RHSA-2018:0024]
 
libvirt: [https://access.redhat.com/errata/RHSA-2018:0030 https://access.redhat.com/errata/RHSA-2018:0030]
 
RHEL7:
 
qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0023 https://access.redhat.com/errata/RHSA-2018:0023]
 
libvirt: [https://access.redhat.com/errata/RHSA-2018:0029 https://access.redhat.com/errata/RHSA-2018:0029]
 
== Scientific Linux  ==
 
SL6:
 
[https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/]
 
SL7:
 
[https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/]
 
<br>
 
qemu-kvn:
 
SL6:
 
qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180024-1/ http://scientificlinux.org/category/sl-errata/slsa-20180024-1/]
 
libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180030-1/ http://scientificlinux.org/category/sl-errata/slsa-20180030-1/]
 
SL7:
 
qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180023-1/ http://scientificlinux.org/category/sl-errata/slsa-20180023-1/]
 
libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180029-1/ http://scientificlinux.org/category/sl-errata/slsa-20180029-1/]
 
== Ubuntu  ==
 
[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown]
 
== CentOS ==
 
This is discussed in the centos-announce Security mails for January
 
[https://lists.centos.org/pipermail/centos-announce/2018-January/date.html  https://lists.centos.org/pipermail/centos-announce/2018-January/date.html]
 
 
== Xen  ==
 
* [https://xenbits.xen.org/xsa/advisory-254.html https://xenbits.xen.org/xsa/advisory-254.html]
* [https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/]
* [https://wiki.xenproject.org/wiki/Xen_Project_Meltdown_and_Spectre_Technical_FAQ https://wiki.xenproject.org/wiki/Xen_Project_Meltdown_and_Spectre_Technical_FAQ]
* [https://wiki.xenproject.org/wiki/Respond_to_Meltdown_and_Spectre https://wiki.xenproject.org/wiki/Respond_to_Meltdown_and_Spectre]
 
== Other Cloud related  ==
 
The Kernel update of the hypervisor appears to be enough to ensure the isolation of the VMs.
 
[https://www.qemu.org/2018/01/04/spectre/ https://www.qemu.org/2018/01/04/spectre/]

Latest revision as of 10:33, 19 July 2022