List of CVEs
Short description of the attacks
Microarchitectural Store Buffer Data Sampling (MSBDS)
A side channel attack against CPU’s store buffers, also known as Fallout.
Microarchitectural Load Port Data Sampling (MLPDS)
A side channel attack against CPU’s load ports.
Microarchitectural Fill Buffer Data Sampling (MFBDS)
A side channel attack against CPU’s fill buffers, also known as RIDL or ZombieLoad.
Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
A side channel attack against CPU’s fill buffers.
Virtuozzo Infrastructure Platform 2.5
Virtuozzo 6 - Containers
Virtuozzo 6 - Virtual Machines
Containers for Windows 6.0
As soon as Virtuozzo updates are available, install the updates and reboot the server. Consider disabling Hyper-threading (see the discussion below).
Virtuozzo server is running containers only, no virtual machines
Install the update on the host server, reboot the server.
Virtuozzo server is running trusted virtual machines
Install the update on the host server and update the guest systems, reboot the server and guest virtual machines.
Virtuozzo server is running untrusted virtual machines
Along with the host and guests’ updates, it might be necessary to disable simultaneous multithreading (Hyper-threading) completely. This mitigation is not enabled by default due to significant performance impact.
SMT (Hyper-threading in terms of Intel) technology improves system performance by utilizing two logical processors on each physical core. The MDS attacks allows a malicious virtual machine guest, running on one thread, to access data brought another thread.
The full mitigation of the vulnerability is not possible without disabling Hyper-threading. However, disabling the HT technology severely impacts the system performance. In case one still wants to disable SMT, there are two ways to do it:
Disable SMT (Hyper-threading, HT) in system BIOS, or
Pass the ‘nosmt’ flag as a kernel boot parameter in the GRUB configuration file.
14.05.2019: Initial publication.
16.05.2019: Added the advisory links for Virtuozzo 6 and Virtuozzo containers 4.7 kernel update.
17.05.2019: Added the advisory link for Virtuozzo containers for Windows.
18.05.2019: Added the advisory link for Virtuozzo 7.
20.05.2019: Added the advisory link for Virtuozzo 6 userspace update.
22.05.2019: Added the advisory link for Virtuozzo Infrastructure Platform.