*** MicroFocus has release the following in a Knowledge Base article on these vulnerabilities... ***

Title : Meltdown and Spectre Security Flaws

Document ID : KM03071562

OS :

Updated : 2018-Jan-11

*** Problem ***

Vertica engineers have run performance tests using the operating system patches for the Meltdown and Spectre security flaws. Based on the results, Vertica recommends that, for minimal performance impact and addressing most security issues, customers enable the PTI and IBPB features but not the IBRS feature.

Earlier this month, researchers announced two speculative execution security vulnerabilities in chips that are present in most modern processors.

Meltdown: Meltdown allows multiple processes on a processor to access the contents of another process's memory. This vulnerability has only be verified on Intel processors: CVE-2017-5754 (https://nvd.nist.gov/vuln/detail/CVE-2017-5754)

Spectre: Spectre affects processors that implement branch prediction and speculative execution. This vulnerability may allow processes to read and modify the data cache.

Two variants of Spectre has been verified on several modern processors: Variant 1 CVE-2017-5753 (https://nvd.nist.gov/vuln/detail/CVE-2017-5753) and Variant 2 CVE-2017-5715 (https://nvd.nist.gov/vuln/detail/CVE-2017-5715). Variant 1 is fixed with a kernel patch. You cannot disable this patch and there is no measureable performance impact from this patch.

There are three optional patches that ship in current hotfixes of most Linux distributions. They install the following features:

KPTI (Kernel Page Table Isolation) protects against Meltdown. Implemented in the kernel.

IBRS (Indirect Branch Restricted Speculation) protects against Spectre Variant 2. Implemented in the kernel and CPU microcode.

IBPB (Indirect Branch Prediction Barrier) protects against Spectre Variant 2. Implemented in the kernel and CPU microcode.

For more detailed information about these patches, see https://access.redhat.com/articles/3311301.

*** There is a table in the MicroFocus KB article here with benchmarks ***
https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/facetsearch/document/KM03071562

For further details, graphs and FAQs please review attached document. You may also find the complete notification at one of the following URLS:

https://my.vertica.com/blog/vertica-test-results-operating-system-patches-meltdown-spectre-security-flaws/

https://forum.vertica.com/discussion/239346/vertica-test-results-for-operating-system-patches-for-meltdown-and-spectre-security-flaws#latest

https://www.linkedin.com/pulse/vertica-test-results-operating-system-patches-spectre-technical-team/

*** MicroFocus has release the following in a Knowledge Base article on these vulnerabilities... ***

Title : Meltdown and Spectre Security Flaws

Document ID : KM03071562

OS :

Updated : 2018-Jan-11

*** Problem: ***

Vertica engineers have run performance tests using the operating system patches for the Meltdown and Spectre security flaws. Based on the results, Vertica recommends that, for minimal performance impact and addressing most security issues, customers enable the PTI and IBPB features but not the IBRS feature.

Earlier this month, researchers announced two speculative execution security vulnerabilities in chips that are present in most modern processors.

Meltdown: Meltdown allows multiple processes on a processor to access the contents of another process's memory. This vulnerability has only be verified on Intel processors: CVE-2017-5754 (https://nvd.nist.gov/vuln/detail/CVE-2017-5754)

Spectre: Spectre affects processors that implement branch prediction and speculative execution. This vulnerability may allow processes to read and modify the data cache.

Two variants of Spectre has been verified on several modern processors: Variant 1 CVE-2017-5753 (https://nvd.nist.gov/vuln/detail/CVE-2017-5753) and Variant 2 CVE-2017-5715 (https://nvd.nist.gov/vuln/detail/CVE-2017-5715). Variant 1 is fixed with a kernel patch. You cannot disable this patch and there is no measureable performance impact from this patch.

There are three optional patches that ship in current hotfixes of most Linux distributions. They install the following features:

KPTI (Kernel Page Table Isolation) protects against Meltdown. Implemented in the kernel.

IBRS (Indirect Branch Restricted Speculation) protects against Spectre Variant 2. Implemented in the kernel and CPU microcode.

IBPB (Indirect Branch Prediction Barrier) protects against Spectre Variant 2. Implemented in the kernel and CPU microcode.

For more detailed information about these patches, see https://access.redhat.com/articles/3311301.

*** There is a table in the MicroFocus KB article here with benchmarks ***
https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/facetsearch/document/KM03071562

For further details, graphs and FAQs please review attached document. You may also find the complete notification at one of the following URLS:

https://my.vertica.com/blog/vertica-test-results-operating-system-patches-meltdown-spectre-security-flaws/

https://forum.vertica.com/discussion/239346/vertica-test-results-for-operating-system-patches-for-meltdown-and-spectre-security-flaws#latest

https://www.linkedin.com/pulse/vertica-test-results-operating-system-patches-spectre-technical-team/