Intel has published a security advisory INTEL-SA-00233 with details on newly discovered CPU vulnerabilities, titled MDSUM, MFBDS, MLPDS and MSBDS by Intel, that affect workloads running on common Intel processors.
While we consider the vulnerabilities severe, based on the difficulty and practicality of the attacks, we believe the risk to Aiven services low.
Following security best practices, however, we will perform the necessary actions and security updates to protect your data and services from these vulnerabilities. These actions are implemented as automatic or scheduled maintenance tasks, require no user intervention and result in no impact on availability of the services.
CVE Status per Cloud Provider
Given that Aiven services are implemented on virtualized resources on the selected cloud providers, the vulnerabilities may theoretically allow for unauthorized access to data stored in Aiven services from a co-located virtual machine running on a CPU shared with the Aiven virtual machine. In practice, however, an attacker cannot target a specific virtual machine and thus a specific Aiven service.
The vulnerability can only be addressed on the infrastructure level, and we're closely following the status summaries from our cloud providers.
Here's the current status per provider:
Amazon Web Services
"AWS has designed and implemented its infrastructure with protections against these types of bugs, and has also deployed additional protections for MDS. All EC2 host infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level."
Google Cloud Platform
"The host infrastructure that runs Compute Engine isolates customer workloads from each other. Unless you are running untrusted code inside your VMs, no further action is required."
"Microsoft Azure has released operating system updates and is deploying new microcode, as it is made available by Intel, throughout our fleet to protect our customers against these new vulnerabilities."
"We have received updated microcode from Intel and developed a set of kernel updates to mitigate the vulnerability, and we are rapidly rolling out these mitigations with no downtime to our users."
No public announcement yet.
"Rather than virtualized resources, Packet provides fully isolated dedicated servers."
Updates and Contact Information
Latest updates will be added to this help article at
For any further questions, please contact Aiven support.