CVE-2017-5715
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
nvidia.custhelp.com/app/answers/detail/a_id/4609
nvidia.custhelp.com/app/answers/detail/a_id/4611
nvidia.custhelp.com/app/answers/detail/a_id/4613
nvidia.custhelp.com/app/answers/detail/a_id/4614
packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
www.kb.cert.org/vuls/id/584653
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
www.securityfocus.com/bid/102376
www.securitytracker.com/id/1040071
xenbits.xen.org/xsa/advisory-254.html
access.redhat.com/errata/RHSA-2018:0292
access.redhat.com/security/vulnerabilities/speculativeexecution
aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
cert.vde.com/en-us/advisories/vde-2018-002
cert.vde.com/en-us/advisories/vde-2018-003
developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
lists.debian.org/debian-lts-announce/2018/05/msg00000.html
lists.debian.org/debian-lts-announce/2018/07/msg00015.html
lists.debian.org/debian-lts-announce/2018/07/msg00016.html
lists.debian.org/debian-lts-announce/2018/09/msg00007.html
lists.debian.org/debian-lts-announce/2018/09/msg00017.html
lists.debian.org/debian-lts-announce/2020/03/msg00025.html
lists.debian.org/debian-lts-announce/2021/08/msg00019.html
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
seclists.org/bugtraq/2019/Jun/36
seclists.org/bugtraq/2019/Nov/16
security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
security.gentoo.org/glsa/201810-06
security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
security.netapp.com/advisory/ntap-20180104-0001/
security.paloaltonetworks.com/CVE-2017-5715
spectreattack.com/
support.citrix.com/article/CTX231399
support.f5.com/csp/article/K91229003
support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
support.lenovo.com/us/en/solutions/LEN-18282
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
usn.ubuntu.com/3531-1/
usn.ubuntu.com/3531-3/
usn.ubuntu.com/3540-2/
usn.ubuntu.com/3541-2/
usn.ubuntu.com/3542-2/
usn.ubuntu.com/3549-1/
usn.ubuntu.com/3560-1/
usn.ubuntu.com/3561-1/
usn.ubuntu.com/3580-1/
usn.ubuntu.com/3581-1/
usn.ubuntu.com/3581-2/
usn.ubuntu.com/3582-1/
usn.ubuntu.com/3582-2/
usn.ubuntu.com/3594-1/
usn.ubuntu.com/3597-1/
usn.ubuntu.com/3597-2/
usn.ubuntu.com/3620-2/
usn.ubuntu.com/3690-1/
usn.ubuntu.com/3777-3/
usn.ubuntu.com/usn/usn-3516-1/
www.debian.org/security/2018/dsa-4120
www.debian.org/security/2018/dsa-4187
www.debian.org/security/2018/dsa-4188
www.debian.org/security/2018/dsa-4213
www.exploit-db.com/exploits/43427/
www.kb.cert.org/vuls/id/180049
www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
www.synology.com/support/security/Synology_SA_18_01
www.vmware.com/security/advisories/VMSA-2018-0007.html
www.vmware.com/us/security/advisories/VMSA-2018-0002.html
www.vmware.com/us/security/advisories/VMSA-2018-0004.html
Social References
More
Related
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%