Meltdown and Spectre Vulnerability Patching Guidance
Platform9 is aware of the recently-discovered vulnerabilities known as Meltdown and Spectre. These vulnerabilities can allow a rogue process to access other processes and memory running on the same device. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM.
The issues are detailed in the following Common Vulnerabilities and Exposures (CVE) bulletins:
Mitigation
Platform9 recommends operators patch all compute hosts running Platform9, and subsequently patch all workloads running on Platform9.
Note: It is important to check with your hardware and software vendors to verify that their corresponding patches can be applied, as some updates may result in unintended consequences.
Patches should first be applied in a test environment to evaluate operational impact before applying to production environments. After patching, performance impacts may vary, depending on use cases. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect, if possible.
Platform-specific patching instructions
Follow the instructions below in order to patch compute hosts in your environment.