Initial Publication Date: 2020/10/23 5:00PM PST

-----

AWS is aware of Xen Security Advisories XSA-286 (https://xenbits.xen.org/xsa/advisory-286.html), XSA-331 (https://xenbits.xen.org/xsa/advisory-331.html), XSA-332 (https://xenbits.xen.org/xsa/advisory-332.html), XSA-345 (https://xenbits.xen.org/xsa/advisory-345.html), XSA-346 (https://xenbits.xen.org/xsa/advisory-346.html), and XSA-347 (https://xenbits.xen.org/xsa/advisory-347.html) released by the Xen Security team on October 20th 2020.


Xen Security Advisory (XSA-286)

AWS customers' data and instances running on current generation instance types are not affected by this issue, and there is no customer action required. This is because current generation instance types use hardware virtual machine (HVM) virtualization.

However, instances using paravirtual (PV) virtualization are affected by XSA-286 (https://xenbits.xen.org/xsa/advisory-286.html), which may enable guest users to escalate their privileges to those of the guest kernel. PV AMIs are only supported on older instance types C1, C3, HS1, M1, M3, M2, and T1. The current generation of instance types do not support PV AMIs and are therefore not affected.

AWS has been recommending that customers stop using PV instances since our security bulletin (https://aws.amazon.com/security/security-bulletins/AWS-2018-013/) in March 2018. We continue to strongly recommend that customers stop using PV AMIs immediately and use HVM instead.

Xen Security Advisories XSA-331, XSA-332, XSA-345, XSA-346 and XSA-347

AWS customers' data and instances are not affected by these issues and there is no customer action required.