Google’s Project Zero (GPZ) announced a set of flaws in CPU architectures!
Google’s Project Zero (GPZ) (think tank of leading edge security researchers) announced a set of flaws in CPU architectures that create two kinds of vulnerabilities: the most important and impactful security vulnerability in 2018. This affects any software running on Intel chips, no matter the operating system or vendor. This affects every Intel processor since 1995 that implements out-of-order execution, except Itanium, and the Atom before 2013. The vulnerabilities were discovered by collaborating researchers at University of Pennsylvania, University of Maryland, Graz University of Technology, Cyberus Technology, Rambus Cryptography Research Division, University of Adelaide and Data61 along with researchers at GPZ.
They have named the flaws Spectre and Meltdown. You can find the academic paper on Spectre on this page (PDF)and the paper on Meltdown on this page (also PDF). I am providing mirrored copies of both PDF papers on our site because at the time of writing, both source websites were down, probably due to excess traffic. Spectre Mirror and Meltdown Mirror.
So far we are seeing notifications of maintenance or reboots for the following hosts and cloud providers:
- Amazon is reporting that they have patched most of the underlying operating systems for AWS and will complete the rest soon. They are saying that customers are responsible for updating the operating systems of their instances and have provided information to do that.
- Linode are saying that they will need to do a “fleet-wide reboot” to protect against these issues. Keep an eye on their blog for updates.
- DigitalOcean are reporting that they also may need to reboot droplets and are monitoring the situation.
- Vultr are reporting a reboot may be needed.
If your cloud provider is not listed above, keep an eye on their blog and Twitter account for updates.