| Table of Contents |
|---|
| What is MDS? |
| Is your VM at risk? |
| What should you do? |
| What did SURFsara do? |
The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that leak data across protection boundaries that are architecturally supposed to be secure. The vulnerabilities have been labeled Fallout, RIDL (Rogue In-Flight Data Load) and ZombieLoad. (Wikipedia)
Hackers may exploit MDS to steal information processed by your VM’s CPU. This could include sensitive data. For this to succeed, the hacker must have gained access to a VM next to yours.
Further txternal technical documentation:
Now that we implemented the mitigations described below, your VMs are no longer at risk.
If you need more information, please send an email to helpdesk@surfsara.nl with your question.
As always, keep your VM’s operating system and applications up to date and at least install all security updates. In case of a kernel update you need to reboot as well.
SURFsara follows the developments closely and we implemented all known mitigations against MDS.
Unfortunately, his has a noticeable impact on the performance.
Hyper threading is a way to double the CPU count with a small performance drop and we have to switch this off as part of the mitigation against MDS.
This means, however, that the number of available CPUs has halved.
In order to service more users at the same time, we consider overcommitting CPUs. We did not do this in the past, but with hyper threading off the capacity has halved.
Please note that overcommitting is considered safe w.r.t. MDS.
We continually update the apps with the latest security patches. When in doubt, please download a fresh app and build on that. After downloading, keep it up to date (see What should you do?).