Publication Date: 2023/11/26 6:00 AM PST
AWS is aware of a research paper describing an issue ("FetchBench") affecting the prefetchers in Arm processors. AWS customers’ data and instances are not impacted by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against these types of issues. The research paper proof-of-concept demonstrates the concern of using out-of-date cryptographic software known to be affected by timing-related side-channels. As a general security best practice, we recommend customers use modern up-to-date cryptographic libraries, such as AWS Libcrypto (AWS-LC) or OpenSSL, which account for and mitigate timing-related side-channel concerns through time-balancing countermeasures.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.