wave
rectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundTrust & Security

DigitalOcean mitigated the AMD vulnerability CVE-2021-26339

Posted: May 10, 20222 min read

Today, AMD publicly disclosed a vulnerability that affected DigitalOcean’s Premium AMD Droplets. 

What happened

The vulnerability resulted from a bug in AMD CPU’s core logic that could allow a potential malicious user to cause the CPU core to hang by executing specific code from an unprivileged VM. For DigitalOcean customers specifically, it means that the hypervisors that host Premium AMD Droplets could have enabled a malicious actor to impact the performance or availability of their own Droplets as well as other Droplets on the same hypervisor.

The AMD vulnerability was successfully patched and there were no products or customer data affected. Currently, the risks have been mitigated and no action is required by customers. 

How we responded

When AMD first notified DigitalOcean about the potential vulnerability a few weeks ago, our security, engineering, and operations teams developed a plan to 1) rapidly mitigate the risk, and 2) minimize interruption to our services and customers. AMD sent our infrastructure team patched microcode that required a hypervisor restart. So, we “live migrated” Droplets, which means shifted Droplets in real time from the vulnerable hypervisors to patched ones, and then patched the empty vulnerable hypervisor. We repeated this process until we fixed all the vulnerable hypervisors. Throughout this process, customers did not experience any issues and the availability of our services wasn’t impacted.

Again, the AMD vulnerability was successfully patched and there were no products or customer data affected. As a result, risks have been mitigated and no action is required by customers. 

DigitalOcean will continue to proactively detect, protect, and respond to such issues so that you can focus on your applications while we focus on platform security. We’re dedicated to being your trusted partner in your journey to build and successfully grow your business worry-free. 

Tyler Healy

VP, Security

Share

TwitterFacebookLinkedInHackerNews

Optimize your streaming business

Download our guide to learn how streaming businesses can optimize their architecture to save costs.

Download now

Related Articles

Impact to DigitalOcean customers resulting from Mailchimp security incident
trust-security

Impact to DigitalOcean customers resulting from Mailchimp security incident

August 15, 20223 min read

SMTP restricted by default
trust-security

SMTP restricted by default

June 22, 20223 min read

DigitalOcean mitigated the AMD vulnerability CVE-2021-26339
trust-security

DigitalOcean mitigated the AMD vulnerability CVE-2021-26339

May 10, 20223 min read

Sea floor left
Sea floor middle
Sea floor right