SoftNAS is aware of and has been monitoring the issues related to the CPU Vulnerabilities (Spectre and Meltdown) and is providing the below guidance and direction to SoftNAS customers. More details on the vulnerability can be found online, including the Google Project Zero team analysis at https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html.
Information
SoftNAS is including kernel updates in the latest (3.7) release for the Spectre and Meltdown vulnerabilities. As the SoftNAS virtual appliance runs in a VM within the Azure, AWS, or VMWare environment, this kernel update and the fixes provided by each platform will mitigate the risk. As such, no action beyond upgrading to the latest version of SoftNAS Cloud® is necessary. SoftNAS will provide any update to this guidance in the near future should this guidance change.
Step-by-step Insctructions
Public-Cloud platforms:
At this time SoftNAS feels there are no further steps needed.
VMWare: Please follow the instructions provided by VMWare here: https://www.vmware.com/security/advisories/VMSA-2018-0002.html
Related articles
AWS: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Azure: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
VMWare: https://www.vmware.com/security/advisories/VMSA-2018-0002.html