While all customer instances are protected as described above, we recommend that customers patch their instance operating systems to isolate software running within the same instance and mitigate process-to-process concerns of CVE-2017-5754. Recommended Customer Actions for AWS Batch, Amazon EC2, Amazon Elastic Beanstalk, Amazon Elastic Container Service, Amazon Elastic MapReduce, and Amazon Lightsail We have not observed meaningful performance impact for the overwhelming majority of EC2 workloads. This issue has been addressed for AWS hypervisors, and no instance can read the memory of another instance, nor can any instance read AWS hypervisor memory. Instance-to-instance concerns assume an untrusted neighbor instance could read the memory of another instance or the AWS hypervisor. Please see “PV Instance Guidance” information further below concerning para-virtualized (PV) instances.Īll instances across the Amazon EC2 fleet are protected from all known instance-to-instance concerns of the CVEs previously listed. See “Amazon Linux AMI” information further below. Customers must upgrade to the latest Amazon Linux kernel or AMI to effectively mitigate process-to-process concerns of CVE-2017-5754 within their instance. Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754Ī second kernel release for Amazon Linux has been made available, which addresses KPTI bugs and improves mitigations for CVE-2017-5754.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |