Processor Speculative Execution Research Disclosure

Update As Of: 2018/02/02 11:30 AM EST


Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

EC2 Servers

All instances across the Webcargo fleet are protected from all known instance-to-instance concerns of CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. Instance-to-instance concerns assume an untrusted neighbor instance could read the memory of another instance or the AWS hypervisor. This issue has been addressed for AWS hypervisors, and no instance can read the memory of another instance, nor can any instance read AWS hypervisor memory. We have not observed meaningful performance impact for the  EC2 workloads.

Databases

RDS-managed database instances are each dedicated to only running a database engine for a single customer, with no other customer-accessible processes and no ability for customers to run code on the underlying instance. As AWS has finished protecting all infrastructure underlying RDS, process-to-kernel or process-to-process concerns of this issue do not present a risk to customers. Most database engines RDS supports have reported no known intra-process concerns at this time.