RPC mitigations against CPU speculative execution vulnerabilities

Rackspace continues to evaluate and address a set of speculative execution vulnerabilities affecting certain CPUs. You can find more information about the vulnerabilities in the following locations:

Spectre and Meltdown

Details related to the vulnerabilities can be found in:

Spectre and Meltdown variants 3A and 4 (May 21, 2018)

Details related to the vulnerabilities can be found in:

L1 Terminal Fault (L1TF) or Foreshadow (August 14, 2018)

Details related to the vulnerabilities can be found in:

Rackspace Private Cloud - OpenStack

Ubuntu has released the following articles to explain the impact of these vulnerabilities:

Additional Ubuntu security notices have been opened for QEMU/libvirt:

Mitigation

HP and Dell previously released microcode updates to mitigate Ubuntu Openstack, but they pulled those patches from circulation due to instability concerns. Currently, we are waiting for microcode and firmware updates from our hardware
vendors.

📘

Patching hardware and software will result in hypervisor and possible API downtime. Patching the microcode and firmware may result in hypervisor and API downtime

Rackspace Private Cloud - Red Hat

Red Hat has published various articles that explain the impact of these vulnerabilities. The following packages contain the necessary errata to remediate and address the anticipated performance impacts associated with the fix:

Mitigation

After receiving a customer request, Rackspace will apply the errata to the Red Hat OSP-based Rackspace Private Cloud – Red Hat environments.

📘

The ability to fully remediate these vulnerabilities is pending the availability of updated vendor firmware and microcode updates. After the firmware and microcode updates are available, a second maintenance that will result in hypervisor downtime will be needed.

Further remediation might be needed, because evaluation of these vulnerabilities continues. When additional information becomes available, we will provide updates.

As always, contact your support team if you have any questions.