Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Update As Of: 2018-01-18 12:00 PM PST
All critical severity issues related to the above mentioned CVEs have been addressed.
Riva Cloud leverages Amazon AWS. The Amazon response to the above concerned CVEs can be found here: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Amazon attests that all "instance-to-instance" and "instance-to-host" related concerns have been mitigated, regardless of operating systems.
All instances across the Amazon EC2 fleet are protected from all known instance-to-instance concerns of CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. Instance-to-instance concerns assume an untrusted neighbor instance could read the memory of another instance or the AWS hypervisor. This issue has been addressed for AWS hypervisors, and no instance can read the memory of another instance, nor can any instance read AWS hypervisor memory. As previously stated, we have not observed meaningful performance impact for the overwhelming majority of EC2 workloads.
All EC2 instances used on Riva Cloud are based on HVM Instance Types – the Riva Cloud environment is not affected by the “PV Instance Guidance” comments in the AWS security bulletins.
The remaining remediation activities relate to updating each instance operating system to prevent any "process-to-process".
All operating systems are being upgraded based on each vendor's recommendations.
The following operating systems are currently being upgraded:
Riva Cloud uses Qualys as part of a comprehensive security program. Qualys provides near real-time assessments of the Riva Cloud infrastructure and any outstanding CVE.
Article ID: 1737
Last updated: 22 Jan, 2018