Meltdown and Spectre

Meltdown and Spectre

These are new variety of vulnerabilities which are getting exposed. These vulnerabilities are not in any applications, library or in the kernel. These newly found vulnerabilities are in the way instruction sets are used.
CVEID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

These new class of vulnerabilites needs either intel firmware upgrade and/or kernel upgrade to completely remediate this.

The complete detail description can be seen in https://meltdownattack.com/

How to verify:

For sles you can update the kernel and can verify whether the vulnerabilities are fixed or not using 

> cat /sys/devices/system/cpu/vulnerabilities/meltdown

Mitigation: PTI

> cat /sys/devices/system/cpu/vulnerabilities/spectre_v1

Mitigation: Barriers

> cat /sys/devices/system/cpu/vulnerabilities/spectre_v2

Mitigation: Full generic retpoline

Side Effect:

note that the new fixes causes some degree of performance loss, so be careful to verify application level performance on the setup where fix are applied.