Last Updated on November 29, 2019 by Christopher G Mendla
Cert has published links to guidance from vendors regarding Meltdown and Spectre. It includes Amazon AWS, Android and numerous other vendors. You almost certainly have to apply the patches but the performance impact is hideous (30 percent).
See the CERT bulletin for details.
Alert (TA18-004A)Meltdown and Spectre Side-Channel Vulnerability Guidance
NCCIC encourages users and administrators to refer to their OS vendors for the most recent information. However, the table provided below lists available advisories and patches. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.
Note the last sentence of the quote above. The vulnerability is in the Hardware. It would be prudent to patch as soon as patches are available but keep in mind that this is most likely a stopgap until the firmware or CPUs can be replaced with chips not affected by the vulnerability.
Note the next quote:
After patching, performance may be diminished by up to 30 percent. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect if possible.
As I mentioned in an earlier post, I seriously doubt that systems have 30 percent excess capacity. I am not happy with a 30 percent loss of performance in my Intel based laptop.
Some of the vendors on the list are :Amazon, AMD, Android, Apple, Chromium, Citrix, Debian, Google, Linux, Microsoft, Mozilla, NVIDIA, Trend Micro, VMWare.
Keep in mind, that is only a partial list. New information will be added as the situation develops.
IMHO, this is a MAJOR FAIL.
See other posts from this blog regarding Meltdown
See other posts from this blog regarding Spectre
Note – until things settle down the Meltdown tag will give all related posts (as of Jan 2018)