On May 21, 2018, kernel patches were released for “Speculative Store Bypass” (also known as “Variant 4”), the latest bug related to the speculative execution vulnerabilities that first came to light under the names Spectre and Meltdown.
When the initial vulnerabilities were announced, the remediations required a combination of software fixes in the Linux kernel and hardware fixes in the form of microcode or firmware for physical CPUs inside the computers.
The same is true with this latest update. Red Hat will begin rolling out the new kernels to all OpenShift servers, but full remediation of this flaw will not be complete until all components are patched, including the corresponding firmware and microcode as required. As such, until our cloud providers apply the corresponding update to the underlying hardware, the software changes will not take effect.
Vulnerability Article: https://access.redhat.com/security/vulnerabilities/ssbd
Updates will be posted as they become available.
Red Hat OpenShift SRE Team
About the author
Dave Baker has been with Red Hat since 2017. He's currently working as a Design Architect in the Secure Engineering team within Product Security, and has spent the last years in various security related roles helping to protect Red Hat OpenShift Container Platform and many other products.