Follow

K-CORE02: Kinetica Spectre and Meltdown Security Guidelines

This document provides guidelines on how to address vulnerabilities Spectre and Meltdown in a Kinetica environment.

 

Overview

The recent speculative execution CVEs (CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715) address three potential attacks across a wide variety of architectures and hardware platforms. In many cases, these fixes also require microcode updates from the hardware vendors.

While there is no need to patch Kinetica directly in response to these vulnerabilities, there are security precautions that should be taken to help prevent breaches in the underlying software hardware components Kinetica relies on.

 

Action

To mitigate your potential risk from these two vulnerabilities, we recommend the following steps:

  • Perform all necessary updates in relation to the vulnerabilities as provided by your Linux Vendor. The vulnerability has already been addressed by all Kinetica supported Linux distributions
  • Update the NVIDIA driver that Kinetica relies on for communication with the GPU to version 384.111 or higher

 

Although Kinetica is not aware of any Kinetica specific exploits tied to Spectre or Meltdown at this time, we will continue to monitor developments closely given the potential impact of this vulnerability.

We remain committed to supporting you as more is learned about these vulnerabilities and as always, are here to help.

Should you have any questions or concerns, please visit our support page, official documentation page or email us at support@kinetica.com

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.