Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Meltdown and Spectre Vulnerabilities"

From EGIWiki
Jump to navigation Jump to search
Line 36: Line 36:


[https://access.redhat.com/articles/3307751 https://access.redhat.com/articles/3307751]
[https://access.redhat.com/articles/3307751 https://access.redhat.com/articles/3307751]


RedHat CVE info:   
RedHat CVE info:   
Line 43: Line 44:


[https://access.redhat.com/security/cve/CVE-2017-5715  https://access.redhat.com/security/cve/CVE-2017-5715]
[https://access.redhat.com/security/cve/CVE-2017-5715  https://access.redhat.com/security/cve/CVE-2017-5715]
qemu-kvn
  - RHEL6
      - qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0024 https://access.redhat.com/errata/RHSA-2018:0024]
      - libvirt: [https://access.redhat.com/errata/RHSA-2018:0030 https://access.redhat.com/errata/RHSA-2018:0030]
  - RHEL7
      - qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0023 https://access.redhat.com/errata/RHSA-2018:0023]
      - libvirt: [https://access.redhat.com/errata/RHSA-2018:0029 https://access.redhat.com/errata/RHSA-2018:0029]


==Scientific Linux ==
==Scientific Linux ==


[https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/]
[https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/]
qemu-kvn
  - SL6
      - qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180024-1/ http://scientificlinux.org/category/sl-errata/slsa-20180024-1/]
      - libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180030-1/ http://scientificlinux.org/category/sl-errata/slsa-20180030-1/]
  - SL7
      - qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180023-1/ http://scientificlinux.org/category/sl-errata/slsa-20180023-1/]
      - libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180029-1/ http://scientificlinux.org/category/sl-errata/slsa-20180029-1/]
==Ubuntu==
[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown]


==Xen==
==Xen==

Revision as of 12:02, 11 January 2018

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Meltdown and Spectre Vulnerabilities


Baustelle.png This page is under construction.


Purpose of this page

To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities.

What are they?

These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. However patches are available which mitigate these problems.

Meltdown affects most Intel chips, and has CVE-2017-5754

Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715.

These are described in the register at http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

https://meltdownattack.com/ and https://spectreattack.com/

CERN information

CERN has compiled information which is useful for may EGI sites

https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml

Intel Information

Product patches

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File

RedHat Information

RedHat description https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://access.redhat.com/articles/3307751


RedHat CVE info: https://access.redhat.com/security/cve/CVE-2017-5754

https://access.redhat.com/security/cve/CVE-2017-5753

https://access.redhat.com/security/cve/CVE-2017-5715

qemu-kvn

  - RHEL6
     - qemu-kvm: https://access.redhat.com/errata/RHSA-2018:0024


     - libvirt: https://access.redhat.com/errata/RHSA-2018:0030
  - RHEL7
     - qemu-kvm: https://access.redhat.com/errata/RHSA-2018:0023


     - libvirt: https://access.redhat.com/errata/RHSA-2018:0029


Scientific Linux

https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/

qemu-kvn

  - SL6
     - qemu-kvm: http://scientificlinux.org/category/sl-errata/slsa-20180024-1/


     - libvirt: http://scientificlinux.org/category/sl-errata/slsa-20180030-1/
  - SL7
     - qemu-kvm: http://scientificlinux.org/category/sl-errata/slsa-20180023-1/
     - libvirt: http://scientificlinux.org/category/sl-errata/slsa-20180029-1/


Ubuntu

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Xen

https://xenbits.xen.org/xsa/advisory-254.html

Other Cloud related

The Kernel update of the hypervisor appears to be enough to ensure the isolation of the VMs.

https://www.qemu.org/2018/01/04/spectre/