These bugs are not possible to exploit
Our guest VM does not have to be restarted with new kernel patches (whenever they become available), because no user can execute code on neither our dedicated plans or shared plans so there’s no way to exploit these bugs.
You can read more detailed information about these two security bugs that are affecting most of today's computers here: https://spectreattack.com/
AWS and GCE were able to patch their host machines without affecting the running instances. Azure and Softlayer restarted all their host machines the past couple of days. DigitalOcean and Rackspace are still not patched but will probably be during the 9th of January.
Patched and didn’t require a host machine restartAWS: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Patched and restarted host machinesAzure: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
Not yet patchedDigitalOcean: https://blog.digitalocean.com/a-message-about-intel-security-findings/