Intel CPU Flaws & Bare Metal - Is Single Tenancy the Answer?

As many of you may have found out, two huge security vulnerabilities in Intel CPUs were found by security researchers. They were dubbed Meltdown and Spectre, and there is a worldwide rush to mitigate the damage before the bad guys exploit them. Cloud providers scramble to apply patches as they become available.

As a Bigstep client you too will be instructed on how to proceed, but we feel it is important to note that as bare metal users, Bigstep metal cloud clients are not at risk of being attacked through a VM residing on the same host because obviously the hosts are all single tenant and there is no virtualization layer.

This does not mean however that patches should not be applied because these exploits could allow an already compromised host to be further compromised by allowing the execution of code above the compromised user’s privilege level.

As of the time of writing of this article the following patches are available for Linux platforms:

1. RHEL 7.x

2. CentOS 7.x

3. Fedora 26/27

4. Debian stretch

5. Arch Linux

6. Gentoo Linux

1. Windows Server (*with issues)
2. SQL Server 2016 and 2017

Bigstep is already working on applying fixes where needed, and will issue instructions for applying the patches shortly.