2018/01/03 14:45 PST
AWS is aware of recently disclosed research regarding side-channel analysis of speculative execution on modern computer processors (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754).
This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices. All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours, with associated instance maintenance notifications.
While the updates AWS performs protect underlying infrastructure, in order to be fully protected against these issues, customers must also patch their instance operating systems. Updates for Amazon Linux have been made available, and instructions for updating existing instances are provided further below along with any other AWS-related guidance relevant to this bulletin.
Updated EC2 Windows AMIs will be provided as Microsoft patches become available.
Please consult with the vendor of any alternative / third-party operating system, software, or AMI for updates and instructions as needed.
This bulletin will be updated as we have new information to share on the availability of improved AMIs, patches, and any other recommended actions for AWS customers.
Amazon Linux AMI (Bulletin ID:ALAS-2018-939)
An updated kernel for Amazon Linux is available within the Amazon Linux repositories. Instances launched with the default Amazon Linux configuration on or after 10:45 PM (GMT) January 3rd, 2018 will automatically include the updated package. Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated package:
yum update kernel
More information on this bulletin is available at the Amazon Linux AMI Security Center