The Meltdown and Spectre vulnerabilities were announced publicly on 3rd January 2018 and these vulnerabilities can affect a multitude of products.

Arbor has provided the following article ID 4149 at the Arbor Support Site. Whilst it is early days, engineering are exploring the possibility of a software patch, once the performance impacts of such a patch are better understood we will be able to further communicate an updated response.

CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Meltdown and Spectre Vulnerabilities
Answer ID 4149 Updated 01/05/2018 05:49 PM

What is the impact to Arbor Products on vulnerabilities CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Meltdown and Spectre?


On 03 January 2018 two new security vulnerabilities were announced broadly in the media. One is known as Meltdown (CVE-2017-5754) and the other is known as Spectre (CVE-2017-5753 and CVE-2017-5715). Both vulnerabilities exist due to flaws in CPU hardware implementations (including Intel, AMD, and ARM processors). These vulnerabilities concern an issue with certain processors (including Intel, AMD, and ARM processors) whereby an attacker can coerce a process into leaking privileged information from either its own memory space or from kernel memory.

Root Cause and Impact

At the time of this writing, all currently available and supported versions of Arbor products ship on a platform that is affected by these vulnerabilities. However, CVE-2017-5753 and CVE-2017-5715 are not impacting as Arbor does not utilize this functionality OR it is disabled by design prior to shipping. CVE-2017-5754 is low impact as exploitation of this vulnerability requires 'local access'; that is, the ability for an attacker to execute untrusted code on the target system. Arbor products do not allow non-admin users to execute arbitrary code on the appliance (this would require root access).

Impact on Arbor Products

Please see table below for details on product impact for each specific vulnerability:




No impact to Arbor products because BPF JIT is disabled at runtime in our kernel


No impact to Arbor products because they do not use the hypervisor host


Low impact because running arbitrary code on Arbor products requires root access


Additional References