Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-5715 — Observable Discrepancy in Corporation Microprocessors With Speculative Execution

CWE-203 — Observable Discrepancy CWE-200 — Sensitive Information Exposure CWE-226 — Sensitive Information in Resource Not Removed Before Reuse CWE-385 — Covert Timing Channel73 documents21 sources

Severity

5.6MEDIUMNVD

EPSS

89.1%

top 0.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Kernel Qemu XEN +34 more

Timeline

PublishedJan 4

Latest updateJun 9

Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages36 packages

▶CVEListV5intel_corporation/microprocessors_with_speculative_executionAll

▶NVDoracle/vm_virtualbox5.2.0 — 5.2.6+1

▶Debianxen/xen< 4.11.1~pre+1.733450b39b-1+3

▶Debianqemu/qemu< 1:2.12~rc3+dfsg-1+3

▶Ubuntumozilla/firefox< 57.0.4+build1-0ubuntu0.14.04.1+1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.04, 17.10, 18.04

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2021-06-09

▶

OSV

amd64-microcode regression↗2018-07-05

▶

Kernel

arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening↗2018-04-10

▶

OSV

intel-microcode update↗2018-03-29

▶

OSV

linux-hwe vulnerabilities↗2018-03-15

▶

💥Exploits & PoCs

Exploit-DB

Multiple CPUs - 'Spectre' Information Disclosure↗2018-01-03

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Spectre PoC Download In Progress↗2018-01-10

▶

Suricata

ET WEB_CLIENT Spectre Exploit Javascript↗2018-01-09

▶

📋Vendor Advisories

BSD

FreeBSD-SA-19:26.mcu: Intel CPU Microcode Update↗2019-11-12

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2018-10-23

▶

Ubuntu

AMD Microcode regression↗2018-07-05

▶

Ubuntu

AMD Microcode update↗2018-06-20

▶

Palo Alto

Meltdown and Spectre update for WildFire-500 Appliance↗2018-05-15

▶

🕵️Threat Intelligence

Fortinet

Meltdown/Spectre Update↗2018-01-30

▶

Qualys

Processor Vulnerabilities – Meltdown and Spectre↗2018-01-04

▶

Sentinelone

SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes↗2018-01-04

▶

Sentinelone

SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes↗2018-01-04

▶

Qualys

Processor Vulnerabilities - Meltdown and Spectre | Qualys↗2018-01-04

▶

💬Community

Bugzilla

CVE-2017-5715 arm-trusted-firmware: hw: cpu: speculative execution branch target injection [fedora-all]↗2018-01-08

▶

Bugzilla

CVE-2017-5715 kernel: hw: cpu: speculative execution branch target injection [fedora-all]↗2018-01-03

▶

Bugzilla

CVE-2017-5715 hw: cpu: speculative execution branch target injection↗2017-12-01

▶