5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.974 High
EPSS
Percentile
99.9%
Debian Security Advisory DSA-4078-1 [email protected]
https://www.debian.org/security/ Yves-Alexis Perez
January 04, 2018 https://www.debian.org/security/faq
Package : linux
CVE ID : CVE-2017-5754
Multiple researchers have discovered a vulnerability in Intel processors,
enabling an attacker controlling an unprivileged process to read memory from
arbitrary addresses, including from the kernel and all other processes running
on the system.
This specific attack has been named Meltdown and is addressed in the Linux
kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table
Isolation, enforcing a near complete separation of the kernel and userspace
address maps and preventing the attack. This solution might have a performance
impact, and can be disabled at boot time by passing `pti=off' to the kernel
command line.
We also identified a regression for ancient userspaces using the vsyscall
interface, for example chroot and containers using (e)glibc 2.13 and older,
including those based on Debian 7 or RHEL/CentOS 6. This regression will be
fixed in a later update.
The other vulnerabilities (named Spectre) published at the same time are not
addressed in this update and will be fixed in a later update.
For the oldstable distribution (jessie), this problem will be fixed in a
separate update.
For the stable distribution (stretch), this problem has been fixed in
version 4.9.65-3+deb9u2.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.974 High
EPSS
Percentile
99.9%