AWS-2018-013

Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of : 2018/03/05 3:00 PM PST This is an update for this issue. An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux configuration on or after January 13th, 2018 will automatically include the updated package, which incorporates the latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously incorporated Kernel Page Table Isolation (KPTI) that addressed CVE-2017-5754. Customers must upgrade to the latest Amazon Linux kernel or AMI to effectively mitigate process-to-process concerns of CVE-2017-5715 and process-to-kernel concerns of CVE-2017-5754 within their instances. See “ Processor Speculative Execution – Operating System Updates ” for more information. Please see “PV Instance Guidance” information further below concerning para-virtualized (PV) instances. Amazon EC2 All instances across the Amazon EC2 fleet are protected from all known instance-to-instance concerns of CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. Instance-to-instance concerns assume an unt…