Security Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715


Upcloud notification on their VM hosts
Yesterday, on January 3rd, 2018, Intel confirmed information regarding independent research findings that have uncovered security vulnerabilities in their processors. Further research has shown that this affects all modern processors, including models used by UpCloud and other cloud service providers. The vulnerabilities may allow an attacker to escape the confinement of the Virtual Machine guest operating system’s memory and allow attackers to gather sensitive data from underlying computing device.

Since a key component in virtualized environments is the ability to isolate access to the guest operating systems only, patching this vulnerability is of major importance. Our engineers have been actively investigating and researching the vulnerability since it was discovered.

We have been preparing to roll-out global security updates in an accelerated pace to our underlying cloud infrastructure environment in the coming days. The emergency maintenance window will be further communicated on our status page. (Please subscribe to the status page to receive notifications of future updates!)

These updates will unfortunately affect a portion of our users’ cloud servers in the manner of scheduled reboots, but we aim to resolve this as seamless and disruption-free as possible for all our users. More details regarding the schedule of these will follow shortly.

In the meantime, we recommend all users to often and regularly check for security updates to their cloud servers operating system and install any recommended updates. And should you have any further questions, don’t hesitate in contacting our support staff by replying to this message.

Further reading:


Interesting update from Linode
We are continuing to investigate this issue and wanted to provide a brief update as to where we are:

  • We are postponing all unrelated maintenances to focus our efforts and resources on mitigating this issue.
  • As discussed by the Scaleway team earlier today, due to the incomplete information provided by hardware manufacturers, we joined forces with other potentially impacted cloud hosting providers including Scaleway, Packet, and OVH. We’ve created a dedicated communications channel to share information and work together to address the Meltdown & Spectre vulnerabilities.
  • We are continuing internal evaluation and testing of mitigations.
  • We have discussions set for tomorrow for a deeper dive with the hardware providers.
We will continue providing updates here as appropriate.

Adam H

Just got an email from Ramnode for anyone else using their services :

This message is to all KVM virtual server customers. As you may be aware, hardware-level bugs (Meltdown and Spectre - Meltdown and Spectre) have recently been published which impact almost all Intel processors. We have applied software updates to our KVM host nodes in order to patch these vulnerabilities. However, all host nodes must be rebooted for the changes to take effect. Due to the severity of these vulnerabilities, we will be performing emergency reboots beginning today at 4 PM eastern (GMT -5). Please note the following:

- We cannot promise what time any particular host will be rebooted. We plan to start with our Netherlands and east coast US servers (ATL / NYC), then move to the west coast (SEA / LA).

- You will need to run updates and reboot your individual servers in order to patch these vulnerabilities within your servers. Our host level reboots will not apply the patches to your individual VPSs.

- If your VPS fails to boot properly after our host level reboots, please make sure you do not have a CDROM / ISO mounted on your VPS in the SolusVM CP. If you do, please unmount it and reboot from SolusVM. If you do not have an ISO mounted and your VPS won't boot, please use the VNC viewer to check for kernel panic and select a working kernel to boot into.

- Most nodes will only take a few minutes to reboot. However, HDD nodes (CKVM) will take longer due to size and I/O constraints. We hope to keep reboots under 30 minutes for these servers, but clean shutdowns will take some time.

- Because these patches are software fixes for hardware problems, there may be some performance degradation after they are applied. We will monitor and do our best to prevent significant decreases in the performance you've come to expect from RamNode. There may be future updates to address these potential performance issues.

Another email will be sent out when we have applied currently unavailable patches for those of you who also have OpenVZ containers with us.

We apologize for the inconvenience caused by these bugs. We will post any additional updates on our @NodeStatus Twitter feed. Please follow RamNode Status (@NodeStatus) on Twitter for network related news and updates.


I'm currently rebooting the dedicated servers I have, which includes the shared hosting services, and the VPS node. Minimal downtime (less than 1 minute per server is expected).