Created: Jan 06, 2018 14:57 Closed: Feb 25, 2019 12:28
CLOSED - Maintenance
Regarding the different CVE publicized
- CVE-2017-5715 (branch target injection – Spectre)
- CVE-2017-5753 (bounds check bypass – Spectre)
- CVE-2017-5754 (rogue data cache load – Meltdown)
On Dedicated Servers, customer operations ARE REQUIRED in order to mitigate the Meltdown flaw.
Your system need to be updated: http://travaux.ovh.net/?do=details&id=29257.
If you are running an OVH Kernel, you can simply enable the 'Netboot' feature and reboot your system (https://docs.ovh.com/gb/en/dedicated/kernel-netboot/#boot-from-network-mode)
Spectre flaws mitigation is not available for the moment.
Our teams are working on the deployment of an Intel microcode (during the system boot and/or EFI). This microcode would require kernel counter-measures (understand patch/update) to fully mitigate against Variant 2 / CVE-2017-5715 (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr).