Checking and applying patches for Spectre/Meltdown vulnerabilities on your hosts
Find out how to apply patches for the Spectre and Meltdown vulnerabilities
Objective
To find general information on Spectre and Meltdown, please refer to our detailed guide and our guide for each OS.
This guide will explain how to apply patches for the Spectre and Meltdown vulnerabilities.
Requirements
- You must have a user account with access to vSphere.
Instructions
As a reminder:
| Variant | Vulnerable? | Fixed by the patch? |
|---|---|---|
| Variant 1: bounds check bypass (CVE-2017-5753) - Spectre | YES | YES |
| Variant 2: branch target injection (CVE-2017-5715) - Spectre | YES | YES |
| Variant 3: rogue data cache load (CVE-2017-5754) - Meltdown | NO |
Meltdown (CVE-2017-5754) does not affect ESXI because ESXI does not run non-verified user codes.
For Private Cloud solutions, there is planned scheduled maintenance to apply a patch for this vulnerability automatically on vulnerable hosts. You can find information about this scheduled maintenance on the associated task (English translation below French text).
Check the host version
To check your host version, log in to your vSphere interface and go to the host summary, in the Configuration section:
The corrected versions are as follows:
- ESXi 6.5: 7388607
- ESXi 6.0: 6921384
- ESXi 5.5: 6480324
If you have an older version of these builds, you will need to update your host. As a reminder, an automatic update will be scheduled by OVH. However, you can also perform this update manually.
Update your host with the patch associated with the vulnerability
Update your host by switching it to maintenance mode (your host will be rebooted during the procedure), and use the VMware Update Manager plugin.
The patches are as follows:
- ESXi 6.0 – ESXi600-201711101-SG
- ESXi 5.5 – ESXi550-201709101-SG
This version 5.5 patch is only for CVE-2017-5715, not CVE-2017-5753.
In the list of patches, you can use the filter so that only the patch you are searching for appears. This way, you can just select this patch.
After the update is complete, your host will no longer be vulnerable, and you can use it again.
Go further
Join our community of users on https://community.ovh.com/en/.
Did you find this guide useful?
Please feel free to give any suggestions in order to improve this documentation.
Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.
Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.
Thank you. Your feedback has been received.