Your Webhosting Questions
Answered by the Webhosting Experts

Intel CPU Exploits Meltdown and Spectre – What You Need to Know

—-Updated 1/10/18 1:25m EST—–


Remediation Steps:

Ubuntu 14, 16, 17

apt-get update 
apt-get dist-upgrade 

reboot to complete the update

—-Updated 1/8/18 10:55am EST—–


Remediation Steps:
Follow the instructions found at

—-Updated 1/6/18 3:03pm EST—–


CloudLinux 6
Remediation Steps:
Run the following command to patch CloudLinux 6 servers.
yum clean all && yum update kernel-firmware && yum install kernel-2.6.32-896.16.1.lve1.4.49.el6
CloudLinux 7
Update is still in testing. Check back here for more details

—-Updated 1/6/18 2:12pm EST—–

OS Specific Information

Redhat (CentOS & ScifiLinux included)

Performance impact details as provided by RedHat- The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms, each requiring slightly different fixes. In many cases, these fixes also require microcode updates from the hardware vendors. Red Hat has delivered updated Red Hat Enterprise Linux kernels that focus on securing customer deployments. The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems. The performance impact depends on the hardware and the applications in place.

In order to provide more detail, Red Hat’s performance team has categorized the performance results for Red Hat Enterprise Linux 7, (with similar behavior on Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 5), on a wide varietyof benchmarks based on performance impact:

Measurable: 8-19% – Highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions are impacted between 8-19%. Examples include OLTP Workloads (tpc), sysbench,pgbench, netperf (< 256 byte), and fio (random I/O to NvME).

Modest: 3-7% – Database analytics, Decision Support System (DSS), and Java VMs are impacted less than the “Measurable” category. These applications may have significant sequential disk or network traffic, but kernel/device driversare able to aggregate requests to moderate level of kernel-to-user transitions. Examples include SPECjbb2005, Queries/Hour and overall analytic timing (sec).

Small: 2-5% – HPC (High Performance Computing) CPU-intensive workloads are affected the least with only 2-5% performance impact because jobs run mostly in user space and are scheduled using cpu-pinning or numa-control. Examples include Linpack NxN on x86 and SPECcpu2006.

Minimal: Linux accelerator technologies that generally bypass the kernel in favor of user direct access are the least affected, with less than 2% overhead measured. Examples tested include DPDK (VsPERF at 64 byte) and OpenOnload (STAC-N). Userspace accesses to VDSO like get-time-of-day are not impacted. We expect similar minimal impact for other offloads.

NOTE: Because microbenchmarks like netperf/uperf, iozone, and fio are designed to stress a specific hardware component or operation, their results are not generally representative of customer workload. Some microbenchmarks have shown a larger performance impact, related to the specific area they stress.


Remediation Steps:

  1. Login to root via SSH and run the following command: yum update.
  2. Confirm kernel can be downloaded, once accepting the new kernel it should download and install, once complete it will say “Complete!”
  3. Reboot the system to apply the kernel with the command: reboot now

Debian (Ubuntu)

No Updates have been released in regards to the CVE’s we will update this once more information has been provided by Debian and Ubuntu Security Teams. So please keep in mind to update at your own risk, and please keep in mind itlooks like these attacks have been known for sometime but they do not know if this has been used maliciously in the wild, so if you do not want to hammer performance or cannot afford to, you are advised against this update until further information has been provided to the public and the programming communities can then see what exactly needs to be patched in order for it to be completely secure.

Remediation Steps: awaiting

Clients with KernelCare (CentOS)

Kernelcare updates are likely going to be out Sunday/Monday for first releases for EL7 (RedHat/CentOS/CloudLinux 7). You can manually patch your server now if you choose not to wait for kernelcare updates by running CentOS kernal updates via yum update followed by a reboot.


Clients on Sparknode VMs

There are situations where the guests on the Xen Kernel based hypervisors do not reboot properly after updating the guest virtual maching. We are working on this situation and request you please check back routinetly for updates.

Windows Based Platforms

Remediation Steps:
Please check into Windows Updates and reboot the server to complete the installation. With windows there are also registry entries that need to be made, In fact they just added a 3rd one today. Also AV has to be update to be compatible and there is still issues with the mssql patches, It is also possible that even if the AV is updated the update will not be pulled by windows update which means a 4th registry entry has to be made.


VMWare has posted information for each version at the link below-

—-Updated 1/5/18 6:00pm EST—-

It has recently been discovered that most Intel processors contain 2 exploits known as Meltdown and Spectre. Security engineers within Intel and each operating system’s community are working to provide patches to eliminate this threat. We will provide timely updates regarding the situation as new information and patches are released.

Windows dedicated server customers- Microsoft has already released a patch so you will want to make sure you have performed your updates today. We have provided a link below to an article covering how to ensure your anti-virus is not blocking this patch.

Managed Linux dedicated server customers– If you are running CentOS 6.x or 7.x we have updated your kernel already and now you just need to perform a reboot. We are, however, asking each customer to go ahead and perform one more Yum update themselves prior to the reboot just to be safe. For our managed customers not running Redhat, CentOS 6 or 7 please be on the lookout for emails from us providing important information regarding our patching your server(s) and possible instruction to immediately reboot your server. cPanel has posted their latest updates on the subject here.

Self-managed Linux dedicated server customers– please be diligent in your research of how to patch your particular environment and OS. We will post timely updates and instruction per OS as it becomes available. Redhat, CentOS 6 and 7 should be able to patch their servers now by performing a Yum update followed by a reboot.

You can find more information regarding Meltdown and Spectre at:

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your account or if you are on the go, please reach out from your valid account email to us here at: [email protected]. We are also available to you through our phone and live chat system 24/7/365.

Tags +