Issue Date: 01/05/2018
Title: Panzura Security Advisory CloudFS-2018-001
Classification: Low
Status: Open
Affected Products: CloudFS 6.x and 7.x

Summary

OS kernel memory leak vulnerability in Intel processors

Details

On January 4th, Intel partially announced a security vulnerability where an attacker can run malicious code to gain access to kernel memory outside of what has been allocated for the process; full details will be announced on January 9th. All the major cloud service providers, OS and hypervisor vendors are in the process of upgrading their environments to implement a fix for this vulnerability.

Since Panzura Freedom Filer is an appliance and does not host other VMs, allow customer or 3rd party software to run on the filer, there is no opportunity to gain direct access and exploit the Intel memory access vulnerability.

For customers running Filers in AWS or Azure, the cloud service providers are taking proactive steps to implement a fix and reboot the servers in the next couple of days. As a result, customers may experience a temporary outage during the reboot process.

For customers running Filers as a Virtual Machine in a VMware environment, please refer to www.vmware.com/us/security/advisories/VMSA-2018-0002.html regarding patch updates from VMware.

Please contact support@panzura.com, if you have any questions or concerns regarding the Intel memory leak vulnerability.

Back to Advisories List