CVE-2017-5754
⚪ Do wiadomości
Wykorzystanie spekulacyjnego wykonania w mikroprocesorach może prowadzić do ujawnienia danych atakującemu.
CVSS
5.6
EPSS
89.3%
Exploit
none
Vendor
intel
Opis źródłowy (NVD)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.6 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 89.3% |
| Opublikowano (NVD) | 2018-01-04 13:29:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-28 19:16:26 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html (secure@intel.com)
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html (secure@intel.com)
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html (secure@intel.com)
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html (secure@intel.com)
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html (secure@intel.com)
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609 (secure@intel.com) [Third Party Advisory]
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611 (secure@intel.com)
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613 (secure@intel.com)
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614 (secure@intel.com)
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt (secure@intel.com)
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt (secure@intel.com)
- http://www.kb.cert.org/vuls/id/584653 (secure@intel.com) [Third Party Advisory, US Government Resource]
- http://www.securityfocus.com/bid/102378 (secure@intel.com)
- http://www.securityfocus.com/bid/106128 (secure@intel.com)
- http://www.securitytracker.com/id/1040071 (secure@intel.com) [Third Party Advisory, VDB Entry]
- http://xenbits.xen.org/xsa/advisory-254.html (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:0292 (secure@intel.com)
- https://access.redhat.com/security/vulnerabilities/speculativeexecution (secure@intel.com) [Third Party Advisory]
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/ (secure@intel.com) [Third Party Advisory]
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ (secure@intel.com) [Third Party Advisory]
- https://cdrdv2.intel.com/v1/dl/getContent/685358 (secure@intel.com)
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf (secure@intel.com)
- https://cert.vde.com/en-us/advisories/vde-2018-002 (secure@intel.com)
- https://cert.vde.com/en-us/advisories/vde-2018-003 (secure@intel.com)
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability (secure@intel.com)
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html (secure@intel.com) [Third Party Advisory]
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 (secure@intel.com)
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes (secure@intel.com)
- https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html (secure@intel.com)
- https://meltdownattack.com/ (secure@intel.com) [Technical Description, Third Party Advisory]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 (secure@intel.com) [Patch, Third Party Advisory, Vendor Advisory]
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc (secure@intel.com)
- https://security.gentoo.org/glsa/201810-06 (secure@intel.com)
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html (secure@intel.com) [Third Party Advisory]
- https://security.netapp.com/advisory/ntap-20180104-0001/ (secure@intel.com)
- https://source.android.com/security/bulletin/2018-04-01 (secure@intel.com)
- https://support.citrix.com/article/CTX231399 (secure@intel.com)
- https://support.citrix.com/article/CTX234679 (secure@intel.com)
- https://support.f5.com/csp/article/K91229003 (secure@intel.com) [Third Party Advisory]
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us (secure@intel.com)
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us (secure@intel.com)
- https://support.lenovo.com/us/en/solutions/LEN-18282 (secure@intel.com) [Third Party Advisory]
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel (secure@intel.com)
- https://usn.ubuntu.com/3522-3/ (secure@intel.com)
- https://usn.ubuntu.com/3522-4/ (secure@intel.com)
- https://usn.ubuntu.com/3523-1/ (secure@intel.com)
- https://usn.ubuntu.com/3540-2/ (secure@intel.com)
- https://usn.ubuntu.com/3541-2/ (secure@intel.com)
- https://usn.ubuntu.com/3583-1/ (secure@intel.com)
- https://usn.ubuntu.com/3597-1/ (secure@intel.com)
- https://usn.ubuntu.com/3597-2/ (secure@intel.com)
- https://usn.ubuntu.com/usn/usn-3516-1/ (secure@intel.com)
- https://usn.ubuntu.com/usn/usn-3522-2/ (secure@intel.com)
- https://usn.ubuntu.com/usn/usn-3523-2/ (secure@intel.com)
- https://usn.ubuntu.com/usn/usn-3524-2/ (secure@intel.com)
- https://usn.ubuntu.com/usn/usn-3525-1/ (secure@intel.com)
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin (secure@intel.com)
- https://www.debian.org/security/2018/dsa-4078 (secure@intel.com)
- https://www.debian.org/security/2018/dsa-4082 (secure@intel.com)
- https://www.debian.org/security/2018/dsa-4120 (secure@intel.com)
- https://www.kb.cert.org/vuls/id/180049 (secure@intel.com)
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001 (secure@intel.com)
- https://www.oracle.com/security-alerts/cpuapr2020.html (secure@intel.com)
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (secure@intel.com)
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/ (secure@intel.com) [Third Party Advisory]
- https://www.synology.com/support/security/Synology_SA_18_01 (secure@intel.com) [Third Party Advisory]