Intel recently disclosed two new security vulnerabilities – L1D Eviction Sampling (CVE-2020-0549) and Vector Register Sampling (CVE-2020-0548) – that could allow for data leakage between guests that share the same physical CPU. Customers don’t need to take any action at the moment (no need to power off your Linodes), but we want to provide everyone with details on what we’re doing to keep our platform secure in response to this disclosure.
This vulnerability affects a small subset of hosts (100 hosts) within our fleet and our existing patches for L1TF and MDS offer us partial mitigations. Additionally, we’ve worked hard to diversify our hardware fleet to further reduce our exposure to such vulnerabilities. Our AMD-based hosts are unaffected.
We’re working closely with Intel to obtain updated microcode that will allow us to fully mitigate these vulnerabilities. We believe it’ll be possible to apply mitigations without any downtime. If reboots or migrations become necessary, we’ll communicate with affected customers via a Support ticket. We remain committed to providing at least two full weeks notice for any customer-affecting maintenance that may be necessary to apply these mitigations.
If you have any questions about this, please feel free to reach out to us via a Support ticket opened through the Linode Manager.
– Linode
Comments