Meltdown and Spectre Attacks
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.
- All versions of Pivotal software products are potentially affected.
Users of affected versions should apply the following mitigation:
- Mitigations for these issues are expected to be necessary at several levels, including infrastructure and operating systems. Information for major providers is available on the Meltdown/Spectre website .
- Further information about Cloud Foundry will be posted when available .
- Further information about other Pivotal products will be posted on this page as it becomes available.
- If you have further questions, please contact Pivotal Support at https://support.pivotal.io.
-  https://meltdownattack.com
-  https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html
-  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
-  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
-  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
-  https://www.cloudfoundry.org/meltdown-spectre-attacks/