Response to CPU Vulnerabilities

Information for Google Cloud Customers on CPU Vulnerabilities

Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance. Independent researchers separately discovered and named these vulnerabilities “Spectre” and “Meltdown.”

This page collects all the information that Google Cloud has made available to date on these issues, our response, and steps you may take to protect your organization.

• May 14, 2019: Product Status: Microarchitectural Data Sampling (MDS)
• Aug 14, 2018: An overview of “L1TF” speculative vulnerabilities disclosed by Intel
• Jan 17, 2018: CPU Vulnerability Security with Matt Linton and Paul Turner on the GCP Podcast
• Jan 11, 2018: Additional details on how Google was able to mitigate the more challenging variants with negligible impact to performance
• Jan 5, 2018: Answers to common questions we received from customers
• Jan 4, 2018: Technical explanation of the Retpoline software mitigation technique developed and deployed by Google
• Jan 4, 2018: Additional details on mitigations
• Jan 3, 2018: A detailed description of the vulnerabilities and impact to Google products
• Jan 3, 2018: An essential high level summary of the impact to Google Cloud products

For information about the current state of specific Google Cloud products and any actions you can or should take, if needed, visit the following resources:

• Product-specific help details for each Google product
• GCP Security Bulletins for additional details regarding the current state of GCP

Please take time to review the posts above in their entirety, as they represent all of the information we have at this time regarding these vulnerabilities.