On May 21, 2018, kernel patches were released for “Speculative Store Bypass” (also known as “Variant 4”), the latest bug related to the speculative execution vulnerabilities that first came to light under the names Spectre and Meltdown.
When the initial vulnerabilities were announced, the remediations required a combination of software fixes in the Linux kernel and hardware fixes in the form of microcode or firmware for physical CPUs inside the computers.
The same is true with this latest update. Red Hat will begin rolling out the new kernels to all OpenShift servers, but full remediation of this flaw will not be complete until all components are patched, including the corresponding firmware and microcode as required. As such, until our cloud providers apply the corresponding update to the underlying hardware, the software changes will not take effect.
Vulnerability Article: https://access.redhat.com/security/vulnerabilities/ssbd
Updates will be posted as they become available.
Red Hat OpenShift SRE Team