2018/05/21 2:00 PM PDT
CVE Identifiers: CVE-2018-3639
Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors.
These issues do not impact AWS infrastructure. No customer’s instance can read the memory of another customer’s instance, nor can any instance read AWS hypervisor memory.
As a general security best practice, we recommend that customers patch their operating systems or software as relevant patches become available to address speculative execution side-channel issues. Some operating system and software patches meant to address such concerns within an instance may require AWS to activate new Intel CPU microcode. We are working with Intel and operating system vendors to carefully test and evaluate the security benefits and performance impacts of any CPU microcode-enabled features.
Meanwhile, we suggest using the stronger security and isolation properties of instances to separate any untrusted workloads.