As related in ourprevious post, we are working towards the L1 Terminal Fault (L1TF) mitigations deployment and wanted to provide a brief update.
Current situationThe mitigations for all published CVEs have now been applied to all the sites DE-FRA-1 , CH-GVA-2 , CH-DK-2 and AT-VIE-1 . Unlike most cloud providers, the rollout has been performed in most cases without any impact to your instances and business.
One of the attack involve the use of the so called SMT CPU feature, known as HyperThreading. We’re currently relying on this feature. The current and only workaround requires to disable it as there’s no software mitigation available. We’re currently still evaluating the opportunity to do so since it may cause a very important impact on your instances.
A few additional other important vulnerabilities have also been mitigated:
Spectre Variant 4, CVE-2018-3639 linux Kernel TCP Reassembly Algorithm Remote Denial of Service Vulnerability, CVE-2018-5390To be fully protected, you need to apply updates from your OS vendor. Linux distributions and windows come with the appropriate countermeasures.
For existing instances, a stop and start from our portal or API is also highly recommended in order to enable the new CPU features.
Linux users may test their current protection level using this checker .
