Important information about Intel Side Channel Vulnerability L1TF

Post image

As you may have read elsewhere in the media, Intel recently published details of a new side-channel attack called L1 terminal fault (L1TF). The L1TF issue only affects hardware capable of simultaneous multithreading (SMT) and which has the SMT feature enabled.

We have been aware of the L1TF issue since it was announced, and have been working with Intel, our hardware vendors, and other cloud providers to better understand the impact of the issue and to mitigate the risk to customers.

A small portion of VC1 instances, about 10%, are running on servers with SMT capable processors. We are taking steps to mitigate the L1TF issue through a combination of firmware updates, kernel updates, and tuning of the L1 cache eviction policy.

We will be informing customers with affected VC1 instances in advance of any maintenance required to implement L1TF mitigations.

All customers with Pro X64 instances are running on hardware impacted by the L1TF issue. We are working with our hardware vendors to implement the microcode fixes and will inform customers of maintenance required to finish implementing the L1TF mitigations.

To summarize the impact of L1TF to our customers:

  • C1 and ARM64 offers are unaffected by the L1TF issue as they do not use Intel processors

  • C2 and START offers are not affected as their processors do not support SMT

  • A small subset of VC1 instances reside on hardware vulnerable to L1TF

  • Pro customers with X64 instances reside on hardware vulnerable to L1TF

  • Cloud hosting customers are not impacted

  • Some few of our Web hosting servers are vulnerable to L1TF and will be fixed by a new kernel soon.

We expect to have complete L1TF mitigations in place in the coming days and weeks, during which we will contact the affected customers directly to notify them of any maintenance required.

Author image

Benedikt Rollik

Technical Writer