Addressing the Spectre and Meltdown Vulnerabilities (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715) for CA Performance Management (CAPM)
Document ID :
Last Modified Date :
Show Technical Document Details
CA Performance Management
IM Reporting / Admin / Configuration:IMADMN
CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 identified security vulnerabilities in industry-wide "multiple microarchitectural (hardware) implementation issues affecting many modern microprocessors, requiring updates to the Linux kernel, virtualization-related components, and/or in combination with a microcode update.”
"An unprivileged attacker can use these flaws to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures.”
This is for the first generation of Spectre & Meltdown vulnerabilities. If you are looking for the second generation vulnerabilities, that is discussed in the following KB article:
Addressing the Second Generation Spectre and Meltdown Vulnerabilities (CVE-2018-3639) for the API Management Product Suite
Are any of the CA Performance Management components vulnerable to the Spectre and/or Meltdown vulnerabilities?
Are there any sizing and capacity considerations for CA Performance Management components once the host operating system is patched?
CA Performance Management
Components currently known to be affected:
All components installed on Linux operating systems are exposed.
Customers will need to update the host operating system. The vendor of the host operating system should have issued such a patch. The components themselves do not require patching.
Workaround / Resolution:
Patches have been issued by host operating system vendors. Customers are advised to apply vendor-provided patches to hardware that is being used to run the CA Performance Manager components as they become available.
Customers need to update the kernel by performing the following steps:
Access the affected CA Performance Management component host.
sudo yum update
and then verify and accept the update.
Once the update has been completed, reboot the machine.
Access the machine again.
Verify that all three (3) CVEs have been fixed by typing
rpm -q --changelog kernel | egrep 'CVE-2017-5715|CVE-2017-5753|CVE-2017-5754'
Sizing and Performance Impacts:
Testing with the RedHat OS patches in house has shown minimal impact to the CAPM components (including Vertica DB) CPU usage for our typical load test with the kernel default settings. These tests took place with our Intel Haswell CPU systems. Since the impact was minimal, no change to the sizing recommendations for CAPM components was warranted. Individual customers may see different results on CPU usage depending upon their particular user workload and their particular environment.
Meltdown & Spectre information:
Red Hat article on these vulnerabilities:
Red Hat article on OS patches and settings:
Meltdown & Spectre Vulnerability Statement from CA:
Vertica statement on
Meltdown & Spectre:
Was this information helpful?