Hi everyone, I am trying to publish a new AMI at the AWS Marketplace [1]. My AMI is based on the Debian Stretch ami-628ad918 [2], which includes kernel updates for DSA 4078, addressing the Meltdown attack.
However, the AWS scan tool rejects the AMI due to the following issue: (quote) "Vulnerabilities detected - The following vulnerabilities were detected and must be addressed: CVE-2017-5754 [3]." The AMI I submitted has all available Debian updates installed and reading the description of CVE-2017-5754, this is clearly the Meltdown attack. Have I missed anything? Why does the AWS scan tool stumble across this vulnerability and what can I do to address this issue? Thanks Michael [1] https://aws.amazon.com/marketplace/ [2] https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5754
