CVE-2017-5754
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
4.7 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.974 High
EPSS
Percentile
99.9%
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Affected configurations
CNA Affected
[
{
"product": "Most Modern Operating Systems",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]References
lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
nvidia.custhelp.com/app/answers/detail/a_id/4609
nvidia.custhelp.com/app/answers/detail/a_id/4611
nvidia.custhelp.com/app/answers/detail/a_id/4613
nvidia.custhelp.com/app/answers/detail/a_id/4614
www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
www.kb.cert.org/vuls/id/584653
www.securityfocus.com/bid/102378
www.securityfocus.com/bid/106128
www.securitytracker.com/id/1040071
xenbits.xen.org/xsa/advisory-254.html
access.redhat.com/errata/RHSA-2018:0292
access.redhat.com/security/vulnerabilities/speculativeexecution
aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
cdrdv2.intel.com/v1/dl/getContent/685358
cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
cert.vde.com/en-us/advisories/vde-2018-002
cert.vde.com/en-us/advisories/vde-2018-003
developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
lists.debian.org/debian-lts-announce/2018/01/msg00004.html
meltdownattack.com/
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
security.gentoo.org/glsa/201810-06
security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
security.netapp.com/advisory/ntap-20180104-0001/
source.android.com/security/bulletin/2018-04-01
support.citrix.com/article/CTX231399
support.citrix.com/article/CTX234679
support.f5.com/csp/article/K91229003
support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
support.lenovo.com/us/en/solutions/LEN-18282
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
usn.ubuntu.com/3522-3/
usn.ubuntu.com/3522-4/
usn.ubuntu.com/3523-1/
usn.ubuntu.com/3540-2/
usn.ubuntu.com/3541-2/
usn.ubuntu.com/3583-1/
usn.ubuntu.com/3597-1/
usn.ubuntu.com/3597-2/
usn.ubuntu.com/usn/usn-3516-1/
usn.ubuntu.com/usn/usn-3522-2/
usn.ubuntu.com/usn/usn-3523-2/
usn.ubuntu.com/usn/usn-3524-2/
usn.ubuntu.com/usn/usn-3525-1/
www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
www.debian.org/security/2018/dsa-4078
www.debian.org/security/2018/dsa-4082
www.debian.org/security/2018/dsa-4120
www.kb.cert.org/vuls/id/180049
www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
www.synology.com/support/security/Synology_SA_18_01
Social References
More
Related
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
4.7 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.974 High
EPSS
Percentile
99.9%