Skip to main content
Delphix

TB042 CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown)

 

 

Alert Type

Security

Response

Delphix has evaluated our data masking, virtualization, and reporting capabilities to determine the impact of the Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) bugs and can confirm that we are not directly vulnerable to these issues. These vulnerabilities are only exploited by executing special purpose code and the Delphix software does not provide any mechanism to execute such code. All of the software that is run in a Delphix virtual machine is installed via Delphix-provided virtual disk and upgrade images.

As with any virtual machine, the Delphix VM may be a victim of these attacks which can be mitigated at the hypervisor layer. Please verify that none of your other systems and applications are affected and follow all vendor recommendations for remediation, including the hypervisor software that runs Delphix VMs. US-CERT has released a statement along with links to all available patches.

Additional Information

For more information on these bugs please see:

CVE-2017-5753

CVE-2017-5715

CVE-2017-5754

US-CERT - TA 18-004A