CVE-2017-5754

CWE-200 — Information Exposure CWE-226 CWE-385 CWE-787 — Out-of-bounds Write51 documents19 sources

Severity

5.6MEDIUM

EPSS

87.6%

top 0.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Corporation Most Modern Operating Systems ARM Cortex-a Intel Atom C +22 more

Timeline

PublishedJan 4

Latest updateSep 1

Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages32 packages

▶CVEListV5intel_corporation/most_modern_operating_systemsAll

▶Debianxen< 4.11.1~pre+1.733450b39b-1+3

▶Debianlinux< 4.14.12-1+3

▶Ubuntulinux< 4.4.0-109.132

▶Ubuntufirefox< 57.0.4+build1-0ubuntu0.14.04.1+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

linux-hwe vulnerabilities↗2018-03-15

▶

Kernel

arm64: Turn on KPTI only on CPUs that need it↗2018-01-19

▶

Kernel

KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds↗2018-01-15

▶

OSV

linux regression↗2018-01-10

▶

OSV

linux-lts-xenial regression↗2018-01-10

▶

💥Exploits & PoCs

Exploit-DB

OX App Suite 7.8.4 - Multiple Vulnerabilities↗2018-06-12

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible MeltDown PoC Download In Progress↗2018-01-10

▶

📋Vendor Advisories

Android

CVE-2017-5754: Kernel Memory↗2018-09-01

▶

Red Hat

xen: x86 PV guest may crash Xen with XPTI↗2018-04-25

▶

Ubuntu

Linux kernel vulnerabilities↗2018-03-15

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-03-15

▶

BSD

FreeBSD-SA-18:03.speculative_execution: Speculative Execution Vulnerabilities↗2018-03-14

▶

🕵️Threat Intelligence

Fortinet

Meltdown/Spectre Update↗2018-01-30

▶

Qualys

Processor Vulnerabilities – Meltdown and Spectre↗2018-01-04

▶

Sentinelone

SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes↗2018-01-04

▶

Sentinelone

SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes↗2018-01-04

▶

Qualys

Processor Vulnerabilities - Meltdown and Spectre | Qualys↗2018-01-04

▶

💬Community

Bugzilla

firefox: mitigations against spectre via javascript↗2018-01-08

▶

Bugzilla

CVE-2017-5754 kernel: hw: cpu: speculative execution permission faults handling [fedora-all]↗2018-01-03

▶

Bugzilla

CVE-2017-5754 hw: cpu: speculative execution permission faults handling↗2017-12-01

▶