ALPINE-CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

SUSE CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

New Attacks Slaughter All Spectre Defenses

All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago. A paper published on Friday by a team of computer scientists from the...

NSA Releases Updated Guidance on Side-Channel Vulnerabilities

The National Security Agency NSA has released updated information on a set of side-channel vulnerabilities affecting modern computer processors. An attacker can exploit these vulnerabilities to obtain sensitive information. The National Cybersecurity and Communications Integration Center NCCIC,...

BranchScope: New CPU Side-Channel Attack

A new side-channel attack that takes advantage of the speculative execution feature of modern processors to recover data from targeted users' CPUs has been disclosed It targets the "branch prediction" operations —which is the same part of a CPU speculative execution process as the one targeted ...

Meltdown and Spectre Attacks | Cloud Foundry

Severity Advisory/Critical Description Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a maliciou...

Meltdown and Spectre fallout: patching problems persist

Last week, the disclosure by multiple teams from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology, and Google Project Zero of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and...

In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 Meltdown and CVE-2017-5715 Spectre allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways ...

Mozilla Firefox Security Advisories (MFSA2018-01, MFSA2018-01) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Spectre and Meltdown Attacks

After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute cod...

Guidance to mitigate speculative execution side-channel vulnerabilities

NOTE This advisory was revised on July 10, 2018. Some content has been removed for simplicity and because it is no longer relevant. You can view the archived content for ADV180002 in the FAQ section following the Affected Products table. Executive Summary Microsoft is aware of a new publicly...

Description of the security update for SQL Server 2016 SP1 CU7: January 3, 2018

Description of the security update for SQL Server 2016 SP1 CU7: January 3, 2018 Summary Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including...