Along with the rest of the IT industry, Intel has made OVH aware of some specific vulnerabilities concerning certain processor architectures. Two of these vulnerabilities make it possible to carryout side-channel attacks, based on the same kind of mechanism as previously disclosed in January 2018 named ‘Spectre’.
These new vulnerabilities are variants of ‘Spectre’ and are called ‘Spectre Variant 3a’ (CVE-2018-3640, and ‘Spectre Variant 4’ (CVE-2018-3639), also known as ‘SpectreNG’ or ‘Spectre New Generation’. Though they are closely related to ‘Spectre’, they have enough difference to be considered specific flaws and will require additional action(s) for certain CPU architectures.
Once made aware of these vulnerabilities, OVH immediately mobilized its team to understand the implication, evaluate risks and develop an action plan to secure its infrastructures. We will continue to work with Intel, our partners, and manufactures to mitigate any risks to our customers.