TB042 CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown)
Alert Type
Security
Response
Delphix has evaluated our data masking, virtualization, and reporting capabilities to determine the impact of the Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) bugs and can confirm that we are not directly vulnerable to these issues. These vulnerabilities are only exploited by executing special purpose code and the Delphix software does not provide any mechanism to execute such code. All of the software that is run in a Delphix virtual machine is installed via Delphix-provided virtual disk and upgrade images.
As with any virtual machine, the Delphix VM may be a victim of these attacks which can be mitigated at the hypervisor layer. Please verify that none of your other systems and applications are affected and follow all vendor recommendations for remediation, including the hypervisor software that runs Delphix VMs. US-CERT has released a statement along with links to all available patches.
Additional Information
For more information on these bugs please see: