Determine how you're affected by a major security vulnerability in modern CPU chips
In addition to this doc, there is an active #meltdown channel in our Community Slack.
On January 3rd, 2018, Project Zero - a team of security analysts at Google - published a lengthy blog post detailing how they had managed to manipulate a feature in most modern CPUs to efficiently dump memory from privileged memory from a non-privileged process.
For example, if exploited correctly, a tenant in one virtual machine could read memory from another virtual machine running on the same bare metal host, or a non-privileged user could log keystrokes of another user logged into the same system.
As a result of this disclosure, cloud operators providing virtual machines to their customers have needed to upgrade their hypervisors to protect their users against this type of attack, and all operating system distros are in the process of updating their kernels and microcode to mitigate these types of attacks as well.
There are two categories (3 variants) of attacks being discussed, with varying updates available.
Spectre - Variants 1/2
RHEL and CentOS appear to have completed the effort around the kernel and microcode to mitigate this attack, while other distros are waiting for kernel patches to be applied upstream and microcode to be released by Intel.
Meltdown - Variant 3
The fixes for variant 3 have been merged into the kernel upstream and the backport and downstream processes are happening rapidly.
Packet provides users access to single tenant bare metal instances, not virtual machines with a shared hypervisor. As such, you may have less immediate risk unless you're running a multi-tenant cloud or container service on top of Packet compute.
Even if you are not running a multi-tenant service on top of Packet bare metal, this style of attack presents risk and we strongly recommend that you update your operating system as soon as updates are available.
We are also actively going through the process of updating all of our installable operating systems as updates become available. We will be updating this page as updates are made available.
Operating Systems Status
ESXi: More information about available VMWare patches here
CentOS: Actively working to update.
CoreOS: Actively working to update.
NixOS: 17.09 includes updated kernels with KPTI patches. Details here.
Scientific Linux: Actively working to update.
Alpine: Assessing status.
Debian: Assessing status.
FreeBSD: Assessing status.
Windows: Assessing status.
Ubuntu: 16.04 / 17.04 / & 17.10 have updated kernels with KPTI patches (details)
All Intel processors are affected
The Cavium ThunderX processor is not affected
The HiSilicon Taishan processor is affected
We are also working with all of our hardware vendors to get BIOS microcode updates on all of our Intel-based systems.