Intel Meltdown and Spectre Vulnerabilities and the Scale HC3



  • A group of platform vulnerabilities have been identified to exist for many CPUs, including the Intel x86 class of processors. These vulnerabilities exploit flaws in the Intel processor itself, affecting all Intel based servers, including the Scale Computing HC3 platforms. These vulnerabilities have been publicized as Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715). Many technical details are publicly available here:

    https://meltdownattack.com/

    How Vulnerable is HC3?

    Meltdown, as described in the research paper[1], does not affect our Hypercore Operating System (HCOS) directly due to our use of hardware virtual machines (HVM). Additionally, because the host OS is locked down, and users do not have access to introduce or run arbitrary code on the host, an ordinary user cannot read host kernel or physical memory. The operating systems of guest VMs, however, are vulnerable, and must be patched using the recommendations of the OS provider to mitigate against this threat.

    Spectre[2], on the other hand, is comprised of multiple vulnerabilities which are more difficult to exploit, but remain dangerous. One of these techniques is demonstrably able to read host memory from within a guest VM[3]. This is a serious threat to security

    Addressing both of these vulnerabilities is currently our top priority.

    When Will an Update be Available?

    The Scale Computing Software Engineering team has been closely monitoring all available information to make the best decisions for mitigating and correcting these issues with the Scale HC3 platform. We have made this our top priority and are currently testing our initial patch for the core issues and plan to have a release available in the coming days. Our Engineering and Quality Assurance teams are working diligently to fully test and verify the stability and viability for production use. We will update with a more accurate time frame as it is available or as new information is released.

    As best practices and at all times, Scale Computing recommends[4], proper planning, testing, and implementation of infrastructure backups, security access control mechanisms, and that regular software updates be applied to all guest VM software and operating systems.

    [1] Meltdown Paper https://meltdownattack.com/meltdown.pdf
    [2] Spectre Paper https://spectreattack.com/spectre.pdf
    [3] Google Project Zero Blog https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
    [4] Information Security with HC3 https://www.scalecomputing.com/wp-content/uploads/2017/01/whitepaper_information_security_hc3.pdf