SoftNAS is aware of and has been monitoring the issues related to the CPU Vulnerabilities (Spectre and Meltdown) and is providing the below guidance and direction to SoftNAS customers. More details on the vulnerability can be found online, including the Google Project Zero team analysis at https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html.
Information
The SoftNAS virtual appliance runs in a VM within the Azure, AWS, or VMWare environment. Once the appropriate platform changes are made, the SoftNAS appliance will be protected from these vulnerabilities. Given that, SoftNAS recommends against making any yum kernel updates be run on any SoftNAS environment at this time. SoftNAS is in the process of evaluating the impact of any such yum updates and recommends customers DO NOT run any YUM kernel updates until proper due diligence has been performed by SoftNAS. SoftNAS will provide any update to this guidance in the near future if the guidance changes.
SoftNAS closely monitors the Linux communities and we have seen several reports of negative impacts to systems after yum kernel updates have been performed, thus our guidance to NOT run any kernel updates on SoftNAS systems until we have had proper time to perform due diligence on such changes
Step-by-step Insctructions
Public-Cloud platforms:
At this time SoftNAS feels there are no further steps needed
VMWare: Please follow the instructions provided by VMWare here: https://www.vmware.com/security/advisories/VMSA-2018-0002.html
Related articles
AWS: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Azure: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
VMWare: https://www.vmware.com/security/advisories/VMSA-2018-0002.html