These vulnerabilities allow a non-privileged process to read sensitive data in memory, thus accessing privileged information from the kernel or other processes.
For more information on these vulnerabilities:
Your Virtual Machine (VM) is only vulnerable if it allows running third-party/rogue applications or scripts.
You can consider your VM non-vulnerable if your VM is a secured and closed system that does not allow running rogue code (i.e. the vulnerabilities cannot be exploited), unless an attacker founds other vulnerabilities to break into your VM.
The DGW firmware in the Mediatrix system, by itself, is not vulnerable since it does not allow running rogue code:
But it is theoretically possible, for a Virtual Machine compromised by the Spectre vulnerability, to read memory outside the Virtual Machine and access sensitive data of the Mediatrix system. The best protection against this is to secure your VM, to make sure there is no known means an attacker can use to break into your VM.
Media5 also recommends to always keep your Sentinel 400 up-to-date with to the latest DGW firmware version.
Linux kernels have a new feature called KPTI (previously known as KAISER) that protects against Meltdown.
If your Virtual Machine is vulnerable, Media5 recommends that you upgrade your kernel to a version that supports KPTI, and enable it.
For more information on KPTI:
Important Enabling KPTI may impact the performance of your Virtual Machine.
Enabling KPTI may impact the performance of your Virtual Machine.
There are different mitigation techniques against Spectre:
As the time this document was written, Mitigation #1 could not be applied, as Intel had not yet released a microcode update for the CPU of the Sentinel 400.
If your Virtual Machine is vulnerable, Media5 recommends applying Mitigation #2. See
details. Important Mitigation techniques against Spectre may impact the performance of your Virtual Machine.
Mitigation techniques against Spectre may impact the performance of your Virtual Machine.
Copyright © 2019 Media5 Corporation.
This document contains information that is proprietary to Media5 Corporation.
Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.
This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.
Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.