Intel released recently a statement regarding an important security advisory. This vulnerability has been dubbed Microarchitectural Data Sampling (MDS) Vulnerability.
The following relevant CVEs have been created:
- CVE-2018-12126
- CVE-2018-12130
- CVE-2018-12127
- CVE-2019-11091
These attacks are feasible on Intel processors such as the ones Exoscale relies on. This vulnerability may expose the in-memory data of any guest running on the same processor core. An attacker could potentially gain access to sensitive data, secrets, or credentials. However, it should not be possible to target a specific instance and remain relatively difficult to exploit.
To ensure this vulnerability can not be exploited on Exoscale, we are currently testing updated processor microcodes as well as Linux kernels containing software mitigations. Once we are confident that no regression will occur, we will roll-out the update to all hypervisors. It is likely to happen in the coming days. As usual, the rollout will be performed without any impact to your instances and business.
Should you need any additional detail, please reach us through support. If you need to divulge any sensitive information, you may follow the procedure described in our Security page.
What should you do?
As a customer, you are still responsible for keeping your system up to date. Depending on your instance type, updates may or may not already be available.
We recommend to apply all available security updates for your instance. Please refer to your operating system vendor for additional information. For reference, here are links to the appropriate vendor pages for our most used OS templates:
Ubuntu
- https://ubuntu.com/security/CVE-2018-3620
- https://ubuntu.com/security/CVE-2018-12130
- https://ubuntu.com/security/CVE-2018-12127
- https://ubuntu.com/security/CVE-2019-11091