Lucene search

K
freebsdFreeBSD74DAA370-2797-11E8-95EC-A4BADB2F4699
HistoryMar 14, 2018 - 12:00 a.m.

FreeBSD -- Speculative Execution Vulnerabilities

2018-03-1400:00:00
vuxml.freebsd.org
57

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.975

Percentile

100.0%

Problem Description:
A number of issues relating to speculative execution
were found last year and publicly announced January 3rd.
Two of these, known as Meltdown and Spectre V2, are addressed
here.
CVE-2017-5754 (Meltdown) - ------------------------
This issue relies on an affected CPU speculatively
executing instructions beyond a faulting instruction. When
this happens, changes to architectural state are not
committed, but observable changes may be left in micro-
architectural state (for example, cache). This may be used
to infer privileged data.
CVE-2017-5715 (Spectre V2) - --------------------------
Spectre V2 uses branch target injection to speculatively
execute kernel code at an address under the control of an
attacker.
Impact:
An attacker may be able to read secret data from the
kernel or from a process when executing untrusted code (for
example, in a web browser).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd-kernel=ย 11.1UNKNOWN
FreeBSDanynoarchfreebsd-kernel<ย 11.1_8UNKNOWN

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.975

Percentile

100.0%