On July 24th, 2023, AMD disclosed a security vulnerability (CVE-2023-20593) that affected a subset of Akamai cloud computing hosts running EPYC “Rome” CPUs. Exploiting this vulnerability could allow information leakage for workloads running on vulnerable hardware.
We have successfully implemented the recommended mitigations from AMD and have confirmed that our systems are no longer vulnerable to exploitation.
While we have not seen evidence of our systems being exploited, due to the nature of this vulnerability, customers on affected AMD systems might want to rotate any secrets stored on cloud computing instances running on AMD Zen 2 CPUs, such as TLS private keys, API keys or other application secrets, application user passwords, or SSH keys.
Customers can verify whether their Linodes are running on affected AMD systems by following the instructions in this Linode Community Q&A post.
Please open a ticket with our Support team in the Cloud Manager if you have any questions about how this might impact you or your Akamai cloud computing services.
Comments