Mugwump's Fish World
General Category => News and Announcements => Topic started by: BallAquatics on November 18, 2019, 06:07:04 PM
Hi there,
Intel released a statement regarding Machine Check Error Avoidance on Page Size Change. We have rolled out mitigation efforts across our entire fleet and are writing to let you know that our platform is secure and your Droplets and data will not be impacted and you do not need to take any action.
While customers updating to the latest kernels from OS providers may see that the status is vulnerable, we want to assure you that your Droplets are safe because we've implemented mitigation at the hypervisor level.
Machine Check Error Avoidance on Page Size Change is a significant security issue. If an attacker were able to create a Droplet colocated with another user's Droplet, they could exploit the vulnerability, giving them the ability to shutdown that Droplet within a few minutes. We acted quickly to roll out our mitigations and ensure our users were not vulnerable to any attacks.
You may have also heard about the TSX Asynchronous Abort (TAA) vulnerability announced by Intel. This vulnerability does not impact our platform. https://pages.news.digitalocean.com/n/uVX100JIU60V0y03CWaEDh0 (https://pages.news.digitalocean.com/n/uVX100JIU60V0y03CWaEDh0)
The security of our platform and our users' data is our top priority, and we're taking every measure to ensure our customers remain secure, including keeping you informed of updates about vulnerabilities that may impact your account. For more information, you can read Intel's deep dive. https://pages.news.digitalocean.com/n/n0EW0Wz03aX60DI0Jh10VCU (https://pages.news.digitalocean.com/n/n0EW0Wz03aX60DI0Jh10VCU)
Thanks,
Team DigitalOcean
Quote from: BallAquatics on November 18, 2019, 06:07:04 PM
Hi there,
Intel released a statement regarding Machine Check Error Avoidance on Page Size Change. We have rolled out mitigation efforts across our entire fleet and are writing to let you know that our platform is secure and your Droplets and data will not be impacted and you do not need to take any action.
While customers updating to the latest kernels from OS providers may see that the status is vulnerable, we want to assure you that your Droplets are safe because we've implemented mitigation at the hypervisor level.
Machine Check Error Avoidance on Page Size Change is a significant security issue. If an attacker were able to create a Droplet colocated with another user's Droplet, they could exploit the vulnerability, giving them the ability to shutdown that Droplet within a few minutes. We acted quickly to roll out our mitigations and ensure our users were not vulnerable to any attacks.
You may have also heard about the TSX Asynchronous Abort (TAA) vulnerability announced by Intel. This vulnerability does not impact our platform. https://pages.news.digitalocean.com/n/uVX100JIU60V0y03CWaEDh0 (https://pages.news.digitalocean.com/n/uVX100JIU60V0y03CWaEDh0)
The security of our platform and our users' data is our top priority, and we're taking every measure to ensure our customers remain secure, including keeping you informed of updates about vulnerabilities that may impact your account. For more information, you can read Intel's deep dive. https://pages.news.digitalocean.com/n/n0EW0Wz03aX60DI0Jh10VCU (https://pages.news.digitalocean.com/n/n0EW0Wz03aX60DI0Jh10VCU)
Thanks,
Team DigitalOcean
"Asynchronous'....had to look up why?....and this made sense......I did some early work helping(6 of us) assemble some of the first modems years ago..winging as we went at first...used fiber optics...Belden Cable Labs was next door...fun job...
In telecommunications, asynchronous communication is transmission of data, generally without the use of an external clock signal, where data can be transmitted intermittently rather than in a steady stream. Any timing required to recover data from the communication symbols is encoded within the symbols.