By now, you have likely heard about the recently reported Meltdown vulnerability [https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/] that affects all Intel processors. This was first publicly reported last week after extensive private research that had been underway. Unlike other recent security vulnerabilities such as Dirty Cow, the impact of meltdown is widespread affecting all hardware based on Intel processors, which is a size-able segment in the market.
We wanted to update you on what this means for your Gemini Appliances, clarify the risk and update you on our mitigation efforts, working with our hardware partners and the security community.
What is Meltdown? Meltdown is a processor-based vulnerability that potentially exposes sensitive data from one user/process to other users/processes by taking advantage of a feature built in to Intel processors referred to as “speculative execution”. The vulnerability has existed for over 20 years, but was just discovered. The deep technical details are available here [https://meltdownattack.com/], and not the focus of this update.
There have been no known exploits to date, but the important point here is that this is widely acknowledged to be a critical vulnerability that needs to be addressed.
Impact to Gemini Appliances All Gemini Hardware appliances, as with a large portion of the hardware market, rely on Intel processors. As such, they are theoretically exposed to the same risk as all other intel-based hardware that you are hearing reports about. While the architecture of the Gemini software itself doesn’t provide easy avenues for exploitation of this processor vulnerability, it remains a risk that we take seriously and encourage our customers to do the same.
How will this be Fixed? Because this is rooted in processor architecture, this is different from other vulnerabilities in how it needs to be addressed. It requires a BIOS update to the processor provided by the hardware vendor. It also requires updates to the OS kernel used by the Gemini Appliance.
We have been working with our hardware suppliers and OS communities and are awaiting their progress before we can provide a packaged fix.
What To Expect As of Monday morning, Dell has made available an update to the BIOS.
We have also received updates to the OS kernel utilized by the appliance.
We are currently in the process of applying, testing and certifying these updates so we can make them available as quickly as possible, hopefully in the next couple of days.
The update will likely be in the form of an Update Pack similar to other Gemini maintenance updates and will apply the necessary patches to the BIOS and OS. Other instructions will be provided.
More Information Due to the incredibly wide ranging impact of this problem, much has been written over the past few days about Meltdown and “Spectre”, which is a similar vulnerability that affects other processors beyond Intel. A particularly helpful and understandable explanation is provided here [https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-here%E2%80%99s-what-you-need-know] by Red Hat. We especially like their plain-english explanation of the “speculative execution” aspect. Also, see here [http://www.dell.com/support/contents/us/en/4/article/product-support/self-support-knowledgebase/software-and-downloads/support-for-meltdown-and-spectre] for Dell’s update on the same issue.
We want to reiterate that we concur with the security experts that this is a critical vulnerability that needs to be addressed. That said, there have been no reported exploits, and the Gemini software or hardware architecture does not present any notable risk surface areas beyond what’s been reported.
We will update you as soon as the fix is ready to download. Our support team is on hand to answer any questions and assist you with the update.