Microarchitectural Data Sampling (MDS) Advisory: On 14 May 2019, Intel released a statement regarding Microarchitectural Data Sampling (MDS), a significant security vulnerability that affects cloud providers with multi-tenant environments, including DigitalOcean. In addition to the steps we are taking described on our blog, we strongly recommend that you update your internal Droplet kernels to ensure you have the latest available bug fixes and security patches. You can verify that your Droplets are patched with the instructions here.
All Droplets created after March 2017 use internal kernels by default, and older Droplets can be configured to support internal kernels with the DigitalOcean GrubLoader kernel.
If you’re not sure whether your Droplet manages its kernels internally, visit its detail page in the control panel and click Kernel in the navigation. If the kernel management page has the following message, your Droplet is set to use internal kernels natively:
The kernel for this Droplet is not managed within the control panel. Instead, you can upgrade the kernel from within the Droplet.
If you see a Select a Kernel menu with a Change button and the following description instead, your Droplet is using legacy external kernel management:
This will update your configuration. Then power off the server from the command line and boot it from the control panel and the new kernel will be active. To revert, simply select ‘Original Kernel’ and follow the same process.
If your Droplet is using legacy kernel management, you can switch to the DigitalOcean GrubLoader kernel to support internal kernels.
Use the DigitalOcean GrubLoader kernel to allow a legacy Droplet with external kernel management to use internally-managed kernels.
Upgrade your Droplet's internal kernel to the latest supported version.
Modify your Droplet to boot into a specific, non-default kernel version.