Intel has published a security advisory INTEL-SA-00161 with details on new speculative execution vulnerabilities, titled L1 Terminal Fault (L1TF), that affect workloads running on common Intel processors. These vulnerabilities are tracked as CVE-2018-3615 (for SGX), CVE-2018-3620 (for operating systems and SMM) and CVE-2018-3646 (for virtualization).
While we consider the vulnerabilities severe, based on the difficulty and practicality of the attacks, we believe the risk to Aiven services low.
Following security best practices, however, we will perform the necessary actions and security updates to protect your data and services from these vulnerabilities. These actions are implemented as automatic or scheduled maintenance tasks, require no user intervention and result in no impact on availability of the services.
Given that Aiven services are implemented on virtualized resources on the selected cloud providers, CVE-2018-3646 theoretically allows for unauthorized access to data stored in Aiven services from a co-located virtual machine running on a CPU that shares L1 cache line with the Aiven virtual machine. In practice, however, an attacker cannot target a specific virtual machine and thus a specific Aiven service.
The vulnerability can only be addressed on the infrastructure level, and we're closely following the status summaries from our cloud providers.
Here's the current status per provider:
Amazon Web Services
"AWS has designed and implemented its infrastructure with protections against these types of attacks, and has also deployed additional protections for L1TF. All EC2 host infrastructure has been updated with these new protections."
Google Cloud Platform
"Google Compute Engine employs host isolation features which ensure that an individual core is never concurrently shared between distinct virtual machines. This isolation also ensures that, in the case that different virtual machines are scheduled sequentially, the L1 data cache is completely flushed to ensure that no vulnerable state remains."
"Microsoft has deployed mitigations across our cloud services which reinforce the isolation between customers."
Infrastructure upgrades ongoing
infrastructure upgrades ongoing
"In progress of implementing necessary mitigation"
"Rather than virtualized resources, Packet provides fully isolated dedicated servers."
Aiven services are implemented in individual and dedicated virtual machines. Thus, this vector cannot be utilized to gain access to service data by other users.
Aiven PostgreSQL and Aiven Redis may be subject to L1TF attacks resulting in data leakage via custom code through PostgreSQL supported extensions and Redis LUA scripts. Access to both require user authentication. Consequently, we consider the risk low.
Aiven services do not utilize or rely on Intel Software Guard Extensions (SGX).
Updates and Contact Information
Latest updates will be added to this help article at https://help.aiven.io/incident-reports/aiven-statement-on-l1tf-vulnerabilities.
For any further questions, please contact Aiven support.