Cloud Foundry Logo
blog single gear
Security Advisory

Meltdown and Spectre Attacks

Meltdown and Spectre Attacks

Severity

Advisory/Critical

Description

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.

Affected Products and Versions

All versions of Cloud Foundry are potentially affected. More information will be added to this page as it is made available.

Mitigation

  • Mitigations for these issues are expected to be necessary at several levels, including infrastructure and operating systems. Information for major providers is available on the Meltdown/Spectre website [1].
  • The Cloud Foundry Project intends to provide new versions of stemcells as soon as updates are released upstream.
    • Update: As of January 24, BOSH stemcells for Ubuntu [11] have been released to mitigate Meltdown and Spectre. Further releases from Ubuntu are possible but none are currently expected. [6]
    • Windows stemcells v1200.13 available on bosh.io address Microsoft’s guidance for protection against “speculative execution side-channel vulnerabilities”[9] . For vSphere, see instructions for building the stemcell [10].

See the following table for information related to specific infrastructures. We will update this table as more information is available.

Cloud Provider Hypervisor Patch Status
Amazon AWS AWS hypervisors are now mostly protected and require VM instance restarts
Google Cloud Google infrastructure is patched and used live migration for VM instance restarts
Microsoft Azure Azure mostly updated and requires VM instance restarts
OpenStack OpenStack Vendor dependent
VMWare vSphere See VMWare knowledge base article for updates

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES