Intel released yesterday a statement regarding an important security advisory. This vulnerability has been dubbed L1 Terminal Fault (L1TF).
The following relevant CVEs have been created:
- CVE-2018-3620
- CVE-2018-3646
These attacks are feasible on Intel processors such as the ones Exoscale relies on. This vulnerability may expose the in-memory data of any guest running on the same processor core. An attacker could potentially use an instance to view another instancs’s memory. However, it should not be possible to target a specific instance and remain difficult to exploit.
To ensure this vulnerability can not be exploited on Exoscale, we are currently testing Linux kernels containing software mitigations. Once we are confident that no regression will occur, we will roll-out the update to all hypervisors. It is likely to happen in the coming days. As usual, the rollout will be performed without any impact to your instances and business.
Should you need any additional detail, reach us through support. If you need to divulge any sensitive information, you may follow the procedure described in our Security page.
What should you do?
As a customer, you are still responsible for keeping your system up to date. Depending on your instance type, updates may or may not already be available.
Please refer to your operating system vendor for additional information. For reference, here are links to the appropriate vendor pages for our most used OS templates: