Spectre Variants 3a and 4 (Spectre-NG) and Linode: What you need to know

May 22, 2018 4:03 pm

Intel announced details and mitigation information for Spectre variant 4 known as “Speculative Store Bypass” on May 21, 2018. The details and mitigation notes describe a microcode update which also addresses variant 3a named “Rogue System Register Read.”

Variants 3a and 4 are considered “Side-Channel Vulnerability Variants.” Variant 4 is focused around speculative store bypass, and could potentially impact processes local to your Linode. Based on our current understanding of this issue, we do not believe it’s possible to exploit this vulnerability to gain access to the host hypervisor or other Linodes. We have not seen exploit code in the wild yet. However, we highly recommend that you update the packages on your Linode to the latest version as a preventative measure.

So far it’s looking like we will need to apply microcode and software updates to achieve full mitigation for this vulnerability. The microcode is currently in beta, and our security and engineering teams will be working with Intel to evaluate this and its impact on our host fleet.

Depending on the effectiveness of the microcode and software updates, we may be required to reboot the fleet. In the event that reboots are necessary, we’re committed to providing at least two full weeks of notice to all customers. At a high level, we are not anticipating any actions for a few months. The security of our customers is of critical importance to us, and we will continue providing information here as it becomes available.

Leave a Reply