I’ve been watching much of the Speculative Side Channel issues (AKA Specter and Meltdown) that have arisen as of late with processors such as Intel (INTC), AMD (AMD), and ARM. I wanted to make it easy for everyone (and myself) to find information that’s been helpful since this bug was announced. Many of the links below come from the first Dell Technologies link below.
Before I share links I want to note that I Work for Dell Technologies and am a member of social media advocacy programs at Dell Technologies, VMware (VMW), and NVIDIA (NVDA). With that fully disclosed let me share some links.
Dell Technologies:
- Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking): http://www.dell.com/support/article/us/en/04/sln308588
- Dell EMC products (Dell EMC Storage products): https://support.emc.com/kb/516117 (login required)
- Dell Client products: http://www.dell.com/support/article/SLN308587
- Dell Data Security products: www.dell.com/support/article/sln308615
- RSA products: https://community.rsa.com/docs/DOC-85418 (login required)
- VCE products: http://support.vce.com/kA2A0000000PHXB (login required)
VMware:
- VMWare: https://www.vmware.com/security/advisories/VMSA-2018-0002.html
- Validating compliance of VMSA-2018-0002 and BIOS update: https://virtualcornerstone.com/2018/01/08/validating-compliance-of-vmsa-2018-0002-and-bios-update/ (thanks vbish for this one)
Citrix:
NVIDIA:
- Answer ID 4611: http://nvidia.custhelp.com/app/answers/detail/a_id/4611
Others:
- Microsoft: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
- RedHat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
- SuSe: https://www.suse.com/support/kb/doc/?id=7022512
- Ubuntu : https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
Other References:
- Intel Security Advisory: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- AMD Advisory: http://www.amd.com/en/corporate/speculative-execution
- Microsoft Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- Nutanix: Nutanix Security Advisory #07 (Nutanix Support Portal login required)
- Google Project Zero Blog Post: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- Research Papers: https://meltdownattack.com
- Initial Benchmarks Of The Performance Impact Resulting From Linux’s x86 Security Changes: https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2
- Behind the scenes of a bug collision: https://cyber.wtf/author/andersfogh1974/
- RDS2016 – Meltdown / Spectre patch KB4056890 breaks shadowing: https://social.technet.microsoft.com/Forums/windowsserver/en-US/704b4280-24be-4407-9dbf-ad9609b2e975/rds2016-meltdown-spectre-patch-kb4056890-breaks-shadowing?forum=winserverTS
- Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems: https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
- Meltdown and Spectre Patches May Increase CPU Load [Initial Findings]: https://www.lakesidesoftware.com/blog/meltdown-and-spectre-patches-may-increase-cpu-load-initial-findings
- Intel Security Issue Update: Addressing Reboot Issues: https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/
Please follow up with your individual vendors for further details.
