ID CVE-2017-5715
Summary Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Vulnerable Configurations
  • Intel Atom C C2308
    cpe:2.3:h:intel:atom_c:c2308
  • Intel Atom C C2316
    cpe:2.3:h:intel:atom_c:c2316
  • Intel Atom C C2338
    cpe:2.3:h:intel:atom_c:c2338
  • Intel Atom C C2350
    cpe:2.3:h:intel:atom_c:c2350
  • Intel Atom C C2358
    cpe:2.3:h:intel:atom_c:c2358
  • Intel Atom C C2508
    cpe:2.3:h:intel:atom_c:c2508
  • Intel Atom C C2516
    cpe:2.3:h:intel:atom_c:c2516
  • Intel Atom C C2518
    cpe:2.3:h:intel:atom_c:c2518
  • Intel Atom C C2530
    cpe:2.3:h:intel:atom_c:c2530
  • Intel Atom C C2538
    cpe:2.3:h:intel:atom_c:c2538
  • Intel Atom C C2550
    cpe:2.3:h:intel:atom_c:c2550
  • Intel Atom C C2558
    cpe:2.3:h:intel:atom_c:c2558
  • Intel Atom C C2718
    cpe:2.3:h:intel:atom_c:c2718
  • Intel Atom C C2730
    cpe:2.3:h:intel:atom_c:c2730
  • Intel Atom C C2738
    cpe:2.3:h:intel:atom_c:c2738
  • Intel Atom C C2750
    cpe:2.3:h:intel:atom_c:c2750
  • Intel Atom C C2758
    cpe:2.3:h:intel:atom_c:c2758
  • Intel Atom C C3308
    cpe:2.3:h:intel:atom_c:c3308
  • Intel Atom C C3338
    cpe:2.3:h:intel:atom_c:c3338
  • Intel Atom C C3508
    cpe:2.3:h:intel:atom_c:c3508
  • Intel Atom C C3538
    cpe:2.3:h:intel:atom_c:c3538
  • Intel Atom C C3558
    cpe:2.3:h:intel:atom_c:c3558
  • Intel Atom C C3708
    cpe:2.3:h:intel:atom_c:c3708
  • Intel Atom C C3750
    cpe:2.3:h:intel:atom_c:c3750
  • Intel Atom C C3758
    cpe:2.3:h:intel:atom_c:c3758
  • Intel Atom C C3808
    cpe:2.3:h:intel:atom_c:c3808
  • Intel Atom C C3830
    cpe:2.3:h:intel:atom_c:c3830
  • Intel Atom C C3850
    cpe:2.3:h:intel:atom_c:c3850
  • Intel Atom C C3858
    cpe:2.3:h:intel:atom_c:c3858
  • Intel Atom C C3950
    cpe:2.3:h:intel:atom_c:c3950
  • Intel Atom C C3955
    cpe:2.3:h:intel:atom_c:c3955
  • Intel Atom C C3958
    cpe:2.3:h:intel:atom_c:c3958
  • Intel Atom E E3805
    cpe:2.3:h:intel:atom_e:e3805
  • Intel Atom E E3815
    cpe:2.3:h:intel:atom_e:e3815
  • Intel Atom E E3825
    cpe:2.3:h:intel:atom_e:e3825
  • Intel Atom E E3826
    cpe:2.3:h:intel:atom_e:e3826
  • Intel Atom E E3827
    cpe:2.3:h:intel:atom_e:e3827
  • Intel Atom E E3845
    cpe:2.3:h:intel:atom_e:e3845
  • Intel Atom X3 C3130
    cpe:2.3:h:intel:atom_x3:c3130
  • Intel Atom X3 C3200RK
    cpe:2.3:h:intel:atom_x3:c3200rk
  • Intel Atom X3 C3205RK
    cpe:2.3:h:intel:atom_x3:c3205rk
  • Intel Atom X3 C3230RK
    cpe:2.3:h:intel:atom_x3:c3230rk
  • Intel Atom X3 C3235RK
    cpe:2.3:h:intel:atom_x3:c3235rk
  • Intel Atom X3 C3265RK
    cpe:2.3:h:intel:atom_x3:c3265rk
  • Intel Atom X3 C3295RK
    cpe:2.3:h:intel:atom_x3:c3295rk
  • Intel Atom X3 C3405
    cpe:2.3:h:intel:atom_x3:c3405
  • Intel Atom X3 C3445
    cpe:2.3:h:intel:atom_x3:c3445
  • Intel Atom Z Z2420
    cpe:2.3:h:intel:atom_z:z2420
  • Intel Atom Z Z2460
    cpe:2.3:h:intel:atom_z:z2460
  • Intel Atom Z Z2480
    cpe:2.3:h:intel:atom_z:z2480
  • Intel Atom Z Z2520
    cpe:2.3:h:intel:atom_z:z2520
  • Intel Atom Z Z2560
    cpe:2.3:h:intel:atom_z:z2560
  • Intel Atom Z Z2580
    cpe:2.3:h:intel:atom_z:z2580
  • Intel Atom Z Z2760
    cpe:2.3:h:intel:atom_z:z2760
  • Intel Atom Z Z3460
    cpe:2.3:h:intel:atom_z:z3460
  • Intel Atom Z Z3480
    cpe:2.3:h:intel:atom_z:z3480
  • Intel Atom Z Z3530
    cpe:2.3:h:intel:atom_z:z3530
  • Intel Atom Z Z3560
    cpe:2.3:h:intel:atom_z:z3560
  • Intel Atom Z Z3570
    cpe:2.3:h:intel:atom_z:z3570
  • Intel Atom Z Z3580
    cpe:2.3:h:intel:atom_z:z3580
  • Intel Atom Z Z3590
    cpe:2.3:h:intel:atom_z:z3590
  • Intel Atom Z Z3735D
    cpe:2.3:h:intel:atom_z:z3735d
  • Intel Atom Z Z3735E
    cpe:2.3:h:intel:atom_z:z3735e
  • Intel Atom Z Z3735F
    cpe:2.3:h:intel:atom_z:z3735f
  • Intel Atom Z Z3735G
    cpe:2.3:h:intel:atom_z:z3735g
  • Intel Atom Z Z3736F
    cpe:2.3:h:intel:atom_z:z3736f
  • Intel Atom Z Z3736G
    cpe:2.3:h:intel:atom_z:z3736g
  • Intel Atom Z Z3740
    cpe:2.3:h:intel:atom_z:z3740
  • Intel Atom Z Z3740D
    cpe:2.3:h:intel:atom_z:z3740d
  • Intel Atom Z Z3745
    cpe:2.3:h:intel:atom_z:z3745
  • Intel Atom Z Z3745D
    cpe:2.3:h:intel:atom_z:z3745d
  • Intel Atom Z Z3770
    cpe:2.3:h:intel:atom_z:z3770
  • Intel Atom Z Z3770D
    cpe:2.3:h:intel:atom_z:z3770d
  • Intel Atom Z Z3775
    cpe:2.3:h:intel:atom_z:z3775
  • Intel Atom Z Z3775D
    cpe:2.3:h:intel:atom_z:z3775d
  • Intel Atom Z Z3785
    cpe:2.3:h:intel:atom_z:z3785
  • Intel Atom Z Z3795
    cpe:2.3:h:intel:atom_z:z3795
  • Intel Celeron J J1750
    cpe:2.3:h:intel:celeron_j:j1750
  • Intel Celeron J J1800
    cpe:2.3:h:intel:celeron_j:j1800
  • Intel Celeron J J1850
    cpe:2.3:h:intel:celeron_j:j1850
  • Intel Celeron J J1900
    cpe:2.3:h:intel:celeron_j:j1900
  • Intel Celeron J J3060
    cpe:2.3:h:intel:celeron_j:j3060
  • Intel Celeron J J3160
    cpe:2.3:h:intel:celeron_j:j3160
  • Intel Celeron J J3355
    cpe:2.3:h:intel:celeron_j:j3355
  • Intel Celeron J J3455
    cpe:2.3:h:intel:celeron_j:j3455
  • Intel Celeron J J4005
    cpe:2.3:h:intel:celeron_j:j4005
  • Intel Celeron J J4105
    cpe:2.3:h:intel:celeron_j:j4105
  • Intel Celeron N N2805
    cpe:2.3:h:intel:celeron_n:n2805
  • Intel Celeron N N2806
    cpe:2.3:h:intel:celeron_n:n2806
  • Intel Celeron N N2807
    cpe:2.3:h:intel:celeron_n:n2807
  • Intel Celeron N N2808
    cpe:2.3:h:intel:celeron_n:n2808
  • Intel Celeron N N2810
    cpe:2.3:h:intel:celeron_n:n2810
  • Intel Celeron N N2815
    cpe:2.3:h:intel:celeron_n:n2815
  • Intel Celeron N N2820
    cpe:2.3:h:intel:celeron_n:n2820
  • Intel Celeron N N2830
    cpe:2.3:h:intel:celeron_n:n2830
  • Intel Celeron N N2840
    cpe:2.3:h:intel:celeron_n:n2840
  • Intel Celeron N N2910
    cpe:2.3:h:intel:celeron_n:n2910
  • Intel Celeron N N2920
    cpe:2.3:h:intel:celeron_n:n2920
  • Intel Celeron N N2930
    cpe:2.3:h:intel:celeron_n:n2930
  • Intel Celeron N N2940
    cpe:2.3:h:intel:celeron_n:n2940
  • Intel Celeron N N3000
    cpe:2.3:h:intel:celeron_n:n3000
  • Intel Celeron N N3010
    cpe:2.3:h:intel:celeron_n:n3010
  • Intel Celeron N N3050
    cpe:2.3:h:intel:celeron_n:n3050
  • Intel Celeron N N3060
    cpe:2.3:h:intel:celeron_n:n3060
  • Intel Celeron N N3150
    cpe:2.3:h:intel:celeron_n:n3150
  • Intel Celeron N N3160
    cpe:2.3:h:intel:celeron_n:n3160
  • Intel Celeron N N3350
    cpe:2.3:h:intel:celeron_n:n3350
  • Intel Celeron N N3450
    cpe:2.3:h:intel:celeron_n:n3450
  • Intel Celeron N N4000
    cpe:2.3:h:intel:celeron_n:n4000
  • Intel Celeron N N4100
    cpe:2.3:h:intel:celeron_n:n4100
  • Intel Core I3 330E
    cpe:2.3:h:intel:core_i3:330e
  • Intel Core I3 330M
    cpe:2.3:h:intel:core_i3:330m
  • Intel Core I3 330UM
    cpe:2.3:h:intel:core_i3:330um
  • Intel Core I3 350M
    cpe:2.3:h:intel:core_i3:350m
  • Intel Core I3 370M
    cpe:2.3:h:intel:core_i3:370m
  • Intel Core I3 380M
    cpe:2.3:h:intel:core_i3:380m
  • Intel Core I3 380UM
    cpe:2.3:h:intel:core_i3:380um
  • Intel Core I3 390M
    cpe:2.3:h:intel:core_i3:390m
  • Intel Core I3 530
    cpe:2.3:h:intel:core_i3:530
  • Intel Core I3 540
    cpe:2.3:h:intel:core_i3:540
  • Intel Core I3 550
    cpe:2.3:h:intel:core_i3:550
  • Intel Core I3 560
    cpe:2.3:h:intel:core_i3:560
  • Intel Core I3 2100
    cpe:2.3:h:intel:core_i3:2100
  • Intel Core I3 2100T
    cpe:2.3:h:intel:core_i3:2100t
  • Intel Core I3 2102
    cpe:2.3:h:intel:core_i3:2102
  • Intel Core I3 2105
    cpe:2.3:h:intel:core_i3:2105
  • Intel Core I3 2115C
    cpe:2.3:h:intel:core_i3:2115c
  • Intel Core I3 2120
    cpe:2.3:h:intel:core_i3:2120
  • Intel Core I3 2120T
    cpe:2.3:h:intel:core_i3:2120t
  • Intel Core I3 2125
    cpe:2.3:h:intel:core_i3:2125
  • Intel Core I3 2130
    cpe:2.3:h:intel:core_i3:2130
  • Intel Core I3 2310E
    cpe:2.3:h:intel:core_i3:2310e
  • Intel Core I3 2310M
    cpe:2.3:h:intel:core_i3:2310m
  • Intel Core I3 2312M
    cpe:2.3:h:intel:core_i3:2312m
  • Intel Core I3 2328M
    cpe:2.3:h:intel:core_i3:2328m
  • Intel Core I3 2330E
    cpe:2.3:h:intel:core_i3:2330e
  • Intel Core I3 2330M
    cpe:2.3:h:intel:core_i3:2330m
  • Intel Core I3 2340UE
    cpe:2.3:h:intel:core_i3:2340ue
  • Intel Core I3 2348M
    cpe:2.3:h:intel:core_i3:2348m
  • Intel Core I3 2350M
    cpe:2.3:h:intel:core_i3:2350m
  • Intel Core I3 2357M
    cpe:2.3:h:intel:core_i3:2357m
  • Intel Core I3 2365M
    cpe:2.3:h:intel:core_i3:2365m
  • Intel Core I3 2367M
    cpe:2.3:h:intel:core_i3:2367m
  • Intel Core I3 2370M
    cpe:2.3:h:intel:core_i3:2370m
  • Intel Core I3 2375M
    cpe:2.3:h:intel:core_i3:2375m
  • Intel Core I3 2377M
    cpe:2.3:h:intel:core_i3:2377m
  • Intel Core I3 3110M
    cpe:2.3:h:intel:core_i3:3110m
  • Intel Core I3 3115C
    cpe:2.3:h:intel:core_i3:3115c
  • Intel Core I3 3120M
    cpe:2.3:h:intel:core_i3:3120m
  • Intel Core I3 3120ME
    cpe:2.3:h:intel:core_i3:3120me
  • Intel Core I3 3130M
    cpe:2.3:h:intel:core_i3:3130m
  • Intel Core I3 3210
    cpe:2.3:h:intel:core_i3:3210
  • Intel Core I3 3217U
    cpe:2.3:h:intel:core_i3:3217u
  • Intel Core I3 3217UE
    cpe:2.3:h:intel:core_i3:3217ue
  • Intel Core I3 3220
    cpe:2.3:h:intel:core_i3:3220
  • Intel Core I3 3220T
    cpe:2.3:h:intel:core_i3:3220t
  • Intel Core I3 3225
    cpe:2.3:h:intel:core_i3:3225
  • Intel Core I3 3227U
    cpe:2.3:h:intel:core_i3:3227u
  • Intel Core I3 3229Y
    cpe:2.3:h:intel:core_i3:3229y
  • Intel Core I3 3240
    cpe:2.3:h:intel:core_i3:3240
  • Intel Core I3 3240T
    cpe:2.3:h:intel:core_i3:3240t
  • Intel Core I3 3245
    cpe:2.3:h:intel:core_i3:3245
  • Intel Core I3 3250
    cpe:2.3:h:intel:core_i3:3250
  • Intel Core I3 3250T
    cpe:2.3:h:intel:core_i3:3250t
  • Intel Core I3 4000M
    cpe:2.3:h:intel:core_i3:4000m
  • Intel Core I3 4005U
    cpe:2.3:h:intel:core_i3:4005u
  • Intel Core I3 4010U
    cpe:2.3:h:intel:core_i3:4010u
  • Intel Core I3 4010Y
    cpe:2.3:h:intel:core_i3:4010y
  • Intel Core I3 4012Y
    cpe:2.3:h:intel:core_i3:4012y
  • Intel Core I3 4020Y
    cpe:2.3:h:intel:core_i3:4020y
  • Intel Core I3 4025U
    cpe:2.3:h:intel:core_i3:4025u
  • Intel Core I3 4030U
    cpe:2.3:h:intel:core_i3:4030u
  • Intel Core I3 4030Y
    cpe:2.3:h:intel:core_i3:4030y
  • Intel Core I3 4100E
    cpe:2.3:h:intel:core_i3:4100e
  • Intel Core I3 4100M
    cpe:2.3:h:intel:core_i3:4100m
  • Intel Core I3 4100U
    cpe:2.3:h:intel:core_i3:4100u
  • Intel Core I3 4102E
    cpe:2.3:h:intel:core_i3:4102e
  • Intel Core I3 4110E
    cpe:2.3:h:intel:core_i3:4110e
  • Intel Core I3 4110M
    cpe:2.3:h:intel:core_i3:4110m
  • Intel Core I3 4112E
    cpe:2.3:h:intel:core_i3:4112e
  • Intel Core I3 4120U
    cpe:2.3:h:intel:core_i3:4120u
  • Intel Core I3 4130
    cpe:2.3:h:intel:core_i3:4130
  • Intel Core I3 4130T
    cpe:2.3:h:intel:core_i3:4130t
  • Intel Core I3 4150
    cpe:2.3:h:intel:core_i3:4150
  • Intel Core I3 4150T
    cpe:2.3:h:intel:core_i3:4150t
  • Intel Core I3 4158U
    cpe:2.3:h:intel:core_i3:4158u
  • Intel Core I3 4160
    cpe:2.3:h:intel:core_i3:4160
  • Intel Core I3 4160T
    cpe:2.3:h:intel:core_i3:4160t
  • Intel Core I3 4170
    cpe:2.3:h:intel:core_i3:4170
  • Intel Core I3 4170T
    cpe:2.3:h:intel:core_i3:4170t
  • Intel Core I3 4330
    cpe:2.3:h:intel:core_i3:4330
  • Intel Core I3 4330T
    cpe:2.3:h:intel:core_i3:4330t
  • Intel Core I3 4330TE
    cpe:2.3:h:intel:core_i3:4330te
  • Intel Core I3 4340
    cpe:2.3:h:intel:core_i3:4340
  • Intel Core I3 4340TE
    cpe:2.3:h:intel:core_i3:4340te
  • Intel Core I3 4350
    cpe:2.3:h:intel:core_i3:4350
  • Intel Core I3 4350T
    cpe:2.3:h:intel:core_i3:4350t
  • Intel Core I3 4360
    cpe:2.3:h:intel:core_i3:4360
  • Intel Core I3 4360T
    cpe:2.3:h:intel:core_i3:4360t
  • Intel Core I3 4370
    cpe:2.3:h:intel:core_i3:4370
  • Intel Core I3 4370T
    cpe:2.3:h:intel:core_i3:4370t
  • Intel Core I3 5005U
    cpe:2.3:h:intel:core_i3:5005u
  • Intel Core I3 5010U
    cpe:2.3:h:intel:core_i3:5010u
  • Intel Core I3 5015U
    cpe:2.3:h:intel:core_i3:5015u
  • Intel Core I3 5020U
    cpe:2.3:h:intel:core_i3:5020u
  • Intel Core I3 5157U
    cpe:2.3:h:intel:core_i3:5157u
  • Intel Core I3 6006U
    cpe:2.3:h:intel:core_i3:6006u
  • Intel Core I3 6098P
    cpe:2.3:h:intel:core_i3:6098p
  • Intel Core I3 6100
    cpe:2.3:h:intel:core_i3:6100
  • Intel Core I3 6100E
    cpe:2.3:h:intel:core_i3:6100e
  • Intel Core I3 6100H
    cpe:2.3:h:intel:core_i3:6100h
  • Intel Core I3 6100T
    cpe:2.3:h:intel:core_i3:6100t
  • Intel Core I3 6100TE
    cpe:2.3:h:intel:core_i3:6100te
  • Intel Core I3 6100U
    cpe:2.3:h:intel:core_i3:6100u
  • Intel Core I3 6102E
    cpe:2.3:h:intel:core_i3:6102e
  • Intel Core I3 6157U
    cpe:2.3:h:intel:core_i3:6157u
  • Intel Core I3 6167U
    cpe:2.3:h:intel:core_i3:6167u
  • Intel Core I3 6300
    cpe:2.3:h:intel:core_i3:6300
  • Intel Core I3 6300T
    cpe:2.3:h:intel:core_i3:6300t
  • Intel Core I3 6320
    cpe:2.3:h:intel:core_i3:6320
  • Intel Core I3 8100
    cpe:2.3:h:intel:core_i3:8100
  • Intel Core I3 8350K
    cpe:2.3:h:intel:core_i3:8350k
  • Intel Core I5 430M
    cpe:2.3:h:intel:core_i5:430m
  • Intel Core I5 430UM
    cpe:2.3:h:intel:core_i5:430um
  • Intel Core I5 450M
    cpe:2.3:h:intel:core_i5:450m
  • Intel Core I5 460M
    cpe:2.3:h:intel:core_i5:460m
  • Intel Core I5 470UM
    cpe:2.3:h:intel:core_i5:470um
  • Intel Core I5 480M
    cpe:2.3:h:intel:core_i5:480m
  • Intel Core I5 520E
    cpe:2.3:h:intel:core_i5:520e
  • Intel Core I5 520M
    cpe:2.3:h:intel:core_i5:520m
  • Intel Core I5 520UM
    cpe:2.3:h:intel:core_i5:520um
  • Intel Core I5 540M
    cpe:2.3:h:intel:core_i5:540m
  • Intel Core I5 540UM
    cpe:2.3:h:intel:core_i5:540um
  • Intel Core I5 560M
    cpe:2.3:h:intel:core_i5:560m
  • Intel Core I5 560UM
    cpe:2.3:h:intel:core_i5:560um
  • Intel Core I5 580M
    cpe:2.3:h:intel:core_i5:580m
  • Intel Core I5 650
    cpe:2.3:h:intel:core_i5:650
  • Intel Core I5 655K
    cpe:2.3:h:intel:core_i5:655k
  • Intel Core I5 660
    cpe:2.3:h:intel:core_i5:660
  • Intel Core I5 661
    cpe:2.3:h:intel:core_i5:661
  • Intel Core I5 670
    cpe:2.3:h:intel:core_i5:670
  • Intel Core I5 680
    cpe:2.3:h:intel:core_i5:680
  • Intel Core I5 750
    cpe:2.3:h:intel:core_i5:750
  • Intel Core I5 750S
    cpe:2.3:h:intel:core_i5:750s
  • Intel Core I5 760
    cpe:2.3:h:intel:core_i5:760
  • Intel Core I5 2300
    cpe:2.3:h:intel:core_i5:2300
  • Intel Core I5 2310
    cpe:2.3:h:intel:core_i5:2310
  • Intel Core I5 2320
    cpe:2.3:h:intel:core_i5:2320
  • Intel Core I5 2380P
    cpe:2.3:h:intel:core_i5:2380p
  • Intel Core I5 2390T
    cpe:2.3:h:intel:core_i5:2390t
  • Intel Core I5 2400
    cpe:2.3:h:intel:core_i5:2400
  • Intel Core I5 2400S
    cpe:2.3:h:intel:core_i5:2400s
  • Intel Core I5 2405S
    cpe:2.3:h:intel:core_i5:2405s
  • Intel Core I5 2410M
    cpe:2.3:h:intel:core_i5:2410m
  • Intel Core I5 2430M
    cpe:2.3:h:intel:core_i5:2430m
  • Intel Core I5 2435M
    cpe:2.3:h:intel:core_i5:2435m
  • Intel Core I5 2450M
    cpe:2.3:h:intel:core_i5:2450m
  • Intel Core I5 2450P
    cpe:2.3:h:intel:core_i5:2450p
  • Intel Core I5 2467M
    cpe:2.3:h:intel:core_i5:2467m
  • Intel Core I5 2500
    cpe:2.3:h:intel:core_i5:2500
  • Intel Core I5 2500K
    cpe:2.3:h:intel:core_i5:2500k
  • Intel Core I5 2500S
    cpe:2.3:h:intel:core_i5:2500s
  • Intel Core I5 2500T
    cpe:2.3:h:intel:core_i5:2500t
  • Intel Core I5 2510E
    cpe:2.3:h:intel:core_i5:2510e
  • Intel Core I5 2515E
    cpe:2.3:h:intel:core_i5:2515e
  • Intel Core I5 2520M
    cpe:2.3:h:intel:core_i5:2520m
  • Intel Core I5 2537M
    cpe:2.3:h:intel:core_i5:2537m
  • Intel Core I5 2540M
    cpe:2.3:h:intel:core_i5:2540m
  • Intel Core I5 2550K
    cpe:2.3:h:intel:core_i5:2550k
  • Intel Core I5 2557M
    cpe:2.3:h:intel:core_i5:2557m
  • Intel Core I5 3210M
    cpe:2.3:h:intel:core_i5:3210m
  • Intel Core I5 3230M
    cpe:2.3:h:intel:core_i5:3230m
  • Intel Core I5 3317U
    cpe:2.3:h:intel:core_i5:3317u
  • Intel Core I5 3320M
    cpe:2.3:h:intel:core_i5:3320m
  • Intel Core I5 3330
    cpe:2.3:h:intel:core_i5:3330
  • Intel Core I5 3330S
    cpe:2.3:h:intel:core_i5:3330s
  • Intel Core I5 3337U
    cpe:2.3:h:intel:core_i5:3337u
  • Intel Core I5 3339Y
    cpe:2.3:h:intel:core_i5:3339y
  • Intel Core I5 3340
    cpe:2.3:h:intel:core_i5:3340
  • Intel Core I5 3340M
    cpe:2.3:h:intel:core_i5:3340m
  • Intel Core I5 3340S
    cpe:2.3:h:intel:core_i5:3340s
  • Intel Core I5 3350P
    cpe:2.3:h:intel:core_i5:3350p
  • Intel Core I5 3360M
    cpe:2.3:h:intel:core_i5:3360m
  • Intel Core I5 3380M
    cpe:2.3:h:intel:core_i5:3380m
  • Intel Core I5 3427U
    cpe:2.3:h:intel:core_i5:3427u
  • Intel Core I5 3437U
    cpe:2.3:h:intel:core_i5:3437u
  • Intel Core I5 3439Y
    cpe:2.3:h:intel:core_i5:3439y
  • Intel Core I5 3450
    cpe:2.3:h:intel:core_i5:3450
  • Intel Core I5 3450S
    cpe:2.3:h:intel:core_i5:3450s
  • Intel Core I5 3470
    cpe:2.3:h:intel:core_i5:3470
  • Intel Core I5 3470S
    cpe:2.3:h:intel:core_i5:3470s
  • Intel Core I5 3470T
    cpe:2.3:h:intel:core_i5:3470t
  • Intel Core I5 3475S
    cpe:2.3:h:intel:core_i5:3475s
  • Intel Core I5 3550
    cpe:2.3:h:intel:core_i5:3550
  • Intel Core I5 3550S
    cpe:2.3:h:intel:core_i5:3550s
  • Intel Core I5 3570
    cpe:2.3:h:intel:core_i5:3570
  • Intel Core I5 3570K
    cpe:2.3:h:intel:core_i5:3570k
  • Intel Core I5 3570S
    cpe:2.3:h:intel:core_i5:3570s
  • Intel Core I5 3570T
    cpe:2.3:h:intel:core_i5:3570t
  • Intel Core I5 3610ME
    cpe:2.3:h:intel:core_i5:3610me
  • Intel Core I5 4200H
    cpe:2.3:h:intel:core_i5:4200h
  • Intel Core I5 4200M
    cpe:2.3:h:intel:core_i5:4200m
  • Intel Core I5 4200U
    cpe:2.3:h:intel:core_i5:4200u
  • Intel Core I5 4200Y
    cpe:2.3:h:intel:core_i5:4200y
  • Intel Core I5 4202Y
    cpe:2.3:h:intel:core_i5:4202y
  • Intel Core I5 4210H
    cpe:2.3:h:intel:core_i5:4210h
  • Intel Core I5 4210M
    cpe:2.3:h:intel:core_i5:4210m
  • Intel Core I5 4210U
    cpe:2.3:h:intel:core_i5:4210u
  • Intel Core I5 4210Y
    cpe:2.3:h:intel:core_i5:4210y
  • Intel Core I5 4220Y
    cpe:2.3:h:intel:core_i5:4220y
  • Intel Core I5 4250U
    cpe:2.3:h:intel:core_i5:4250u
  • Intel Core I5 4258U
    cpe:2.3:h:intel:core_i5:4258u
  • Intel Core I5 4260U
    cpe:2.3:h:intel:core_i5:4260u
  • Intel Core I5 4278U
    cpe:2.3:h:intel:core_i5:4278u
  • Intel Core I5 4288U
    cpe:2.3:h:intel:core_i5:4288u
  • Intel Core I5 4300M
    cpe:2.3:h:intel:core_i5:4300m
  • Intel Core I5 4300U
    cpe:2.3:h:intel:core_i5:4300u
  • Intel Core I5 4300Y
    cpe:2.3:h:intel:core_i5:4300y
  • Intel Core I5 4302Y
    cpe:2.3:h:intel:core_i5:4302y
  • Intel Core I5 4308U
    cpe:2.3:h:intel:core_i5:4308u
  • Intel Core I5 4310M
    cpe:2.3:h:intel:core_i5:4310m
  • Intel Core I5 4310U
    cpe:2.3:h:intel:core_i5:4310u
  • Intel Core I5 4330M
    cpe:2.3:h:intel:core_i5:4330m
  • Intel Core I5 4340M
    cpe:2.3:h:intel:core_i5:4340m
  • Intel Core I5 4350U
    cpe:2.3:h:intel:core_i5:4350u
  • Intel Core I5 4360U
    cpe:2.3:h:intel:core_i5:4360u
  • Intel Core I5 4400E
    cpe:2.3:h:intel:core_i5:4400e
  • Intel Core I5 4402E
    cpe:2.3:h:intel:core_i5:4402e
  • Intel Core I5 4402EC
    cpe:2.3:h:intel:core_i5:4402ec
  • Intel Core I5 4410E
    cpe:2.3:h:intel:core_i5:4410e
  • Intel Core I5 4422E
    cpe:2.3:h:intel:core_i5:4422e
  • Intel Core I5 4430
    cpe:2.3:h:intel:core_i5:4430
  • Intel Core I5 4430S
    cpe:2.3:h:intel:core_i5:4430s
  • Intel Core I5 4440
    cpe:2.3:h:intel:core_i5:4440
  • Intel Core I5 4440S
    cpe:2.3:h:intel:core_i5:4440s
  • Intel Core I5 4460
    cpe:2.3:h:intel:core_i5:4460
  • Intel Core I5 4460S
    cpe:2.3:h:intel:core_i5:4460s
  • Intel Core I5 4460T
    cpe:2.3:h:intel:core_i5:4460t
  • Intel Core I5 4570
    cpe:2.3:h:intel:core_i5:4570
  • Intel Core I5 4570R
    cpe:2.3:h:intel:core_i5:4570r
  • Intel Core I5 4570S
    cpe:2.3:h:intel:core_i5:4570s
  • Intel Core I5 4570T
    cpe:2.3:h:intel:core_i5:4570t
  • Intel Core I5 4570TE
    cpe:2.3:h:intel:core_i5:4570te
  • Intel Core I5 4590
    cpe:2.3:h:intel:core_i5:4590
  • Intel Core I5 4590S
    cpe:2.3:h:intel:core_i5:4590s
  • Intel Core I5 4590T
    cpe:2.3:h:intel:core_i5:4590t
  • Intel Core I5 4670
    cpe:2.3:h:intel:core_i5:4670
  • Intel Core I5 4670K
    cpe:2.3:h:intel:core_i5:4670k
  • Intel Core I5 4670R
    cpe:2.3:h:intel:core_i5:4670r
  • Intel Core I5 4670S
    cpe:2.3:h:intel:core_i5:4670s
  • Intel Core I5 4670T
    cpe:2.3:h:intel:core_i5:4670t
  • Intel Core I5 4690
    cpe:2.3:h:intel:core_i5:4690
  • Intel Core I5 4690K
    cpe:2.3:h:intel:core_i5:4690k
  • Intel Core I5 4690S
    cpe:2.3:h:intel:core_i5:4690s
  • Intel Core I5 4690T
    cpe:2.3:h:intel:core_i5:4690t
  • Intel Core I5 5200U
    cpe:2.3:h:intel:core_i5:5200u
  • Intel Core I5 5250U
    cpe:2.3:h:intel:core_i5:5250u
  • Intel Core I5 5257U
    cpe:2.3:h:intel:core_i5:5257u
  • Intel Core I5 5287U
    cpe:2.3:h:intel:core_i5:5287u
  • Intel Core I5 5300U
    cpe:2.3:h:intel:core_i5:5300u
  • Intel Core I5 5350H
    cpe:2.3:h:intel:core_i5:5350h
  • Intel Core I5 5350U
    cpe:2.3:h:intel:core_i5:5350u
  • Intel Core I5 5575R
    cpe:2.3:h:intel:core_i5:5575r
  • Intel Core I5 5675C
    cpe:2.3:h:intel:core_i5:5675c
  • Intel Core I5 5675R
    cpe:2.3:h:intel:core_i5:5675r
  • Intel Core I5 6200U
    cpe:2.3:h:intel:core_i5:6200u
  • Intel Core I5 6260U
    cpe:2.3:h:intel:core_i5:6260u
  • Intel Core I5 6267U
    cpe:2.3:h:intel:core_i5:6267u
  • Intel Core I5 6287U
    cpe:2.3:h:intel:core_i5:6287u
  • Intel Core I5 6300HQ
    cpe:2.3:h:intel:core_i5:6300hq
  • Intel Core I5 6300U
    cpe:2.3:h:intel:core_i5:6300u
  • Intel Core I5 6350HQ
    cpe:2.3:h:intel:core_i5:6350hq
  • Intel Core I5 6360U
    cpe:2.3:h:intel:core_i5:6360u
  • Intel Core I5 6400
    cpe:2.3:h:intel:core_i5:6400
  • Intel Core I5 6400T
    cpe:2.3:h:intel:core_i5:6400t
  • Intel Core I5 6402P
    cpe:2.3:h:intel:core_i5:6402p
  • Intel Core I5 6440EQ
    cpe:2.3:h:intel:core_i5:6440eq
  • Intel Core I5 6440HQ
    cpe:2.3:h:intel:core_i5:6440hq
  • Intel Core I5 6442EQ
    cpe:2.3:h:intel:core_i5:6442eq
  • Intel Core I5 6500
    cpe:2.3:h:intel:core_i5:6500
  • Intel Core I5 6500T
    cpe:2.3:h:intel:core_i5:6500t
  • Intel Core I5 6500TE
    cpe:2.3:h:intel:core_i5:6500te
  • Intel Core I5 6585R
    cpe:2.3:h:intel:core_i5:6585r
  • Intel Core I5 6600
    cpe:2.3:h:intel:core_i5:6600
  • Intel Core I5 6600K
    cpe:2.3:h:intel:core_i5:6600k
  • Intel Core I5 6600T
    cpe:2.3:h:intel:core_i5:6600t
  • Intel Core I5 6685R
    cpe:2.3:h:intel:core_i5:6685r
  • Intel Core I5 8250U
    cpe:2.3:h:intel:core_i5:8250u
  • Intel Core I5 8350U
    cpe:2.3:h:intel:core_i5:8350u
  • Intel Core I5 8400
    cpe:2.3:h:intel:core_i5:8400
  • Intel Core I5 8600K
    cpe:2.3:h:intel:core_i5:8600k
  • Intel Core I7 7Y75
    cpe:2.3:h:intel:core_i7:7y75
  • Intel Core I7 610E
    cpe:2.3:h:intel:core_i7:610e
  • Intel Core I7 620LE
    cpe:2.3:h:intel:core_i7:620le
  • Intel Core I7 620LM
    cpe:2.3:h:intel:core_i7:620lm
  • Intel Core I7 620M
    cpe:2.3:h:intel:core_i7:620m
  • Intel Core I7 620UE
    cpe:2.3:h:intel:core_i7:620ue
  • Intel Core I7 620UM
    cpe:2.3:h:intel:core_i7:620um
  • Intel Core I7 640LM
    cpe:2.3:h:intel:core_i7:640lm
  • Intel Core I7 640M
    cpe:2.3:h:intel:core_i7:640m
  • Intel Core I7 640UM
    cpe:2.3:h:intel:core_i7:640um
  • Intel Core I7 660LM
    cpe:2.3:h:intel:core_i7:660lm
  • Intel Core I7 660UE
    cpe:2.3:h:intel:core_i7:660ue
  • Intel Core I7 660UM
    cpe:2.3:h:intel:core_i7:660um
  • Intel Core I7 680UM
    cpe:2.3:h:intel:core_i7:680um
  • Intel Core I7 720QM
    cpe:2.3:h:intel:core_i7:720qm
  • Intel Core I7 740QM
    cpe:2.3:h:intel:core_i7:740qm
  • Intel Core I7 820QM
    cpe:2.3:h:intel:core_i7:820qm
  • Intel Core I7 840QM
    cpe:2.3:h:intel:core_i7:840qm
  • Intel Core I7 860
    cpe:2.3:h:intel:core_i7:860
  • Intel Core I7 860S
    cpe:2.3:h:intel:core_i7:860s
  • Intel Core I7 870
    cpe:2.3:h:intel:core_i7:870
  • Intel Core I7 870S
    cpe:2.3:h:intel:core_i7:870s
  • Intel Core I7 875K
    cpe:2.3:h:intel:core_i7:875k
  • Intel Core I7 880
    cpe:2.3:h:intel:core_i7:880
  • Intel Core I7 920
    cpe:2.3:h:intel:core_i7:920
  • Intel Core I7 920XM
    cpe:2.3:h:intel:core_i7:920xm
  • Intel Core I7 930
    cpe:2.3:h:intel:core_i7:930
  • Intel Core I7 940
    cpe:2.3:h:intel:core_i7:940
  • Intel Core I7 940XM
    cpe:2.3:h:intel:core_i7:940xm
  • Intel Core I7 950
    cpe:2.3:h:intel:core_i7:950
  • Intel Core I7 960
    cpe:2.3:h:intel:core_i7:960
  • Intel Core I7 965
    cpe:2.3:h:intel:core_i7:965
  • Intel Core I7 970
    cpe:2.3:h:intel:core_i7:970
  • Intel Core I7 975
    cpe:2.3:h:intel:core_i7:975
  • Intel Core I7 980
    cpe:2.3:h:intel:core_i7:980
  • Intel Core I7 980X
    cpe:2.3:h:intel:core_i7:980x
  • Intel Core I7 990X
    cpe:2.3:h:intel:core_i7:990x
  • Intel Core I7 2600
    cpe:2.3:h:intel:core_i7:2600
  • Intel Core I7 2600K
    cpe:2.3:h:intel:core_i7:2600k
  • Intel Core I7 2600S
    cpe:2.3:h:intel:core_i7:2600s
  • Intel Core I7 2610UE
    cpe:2.3:h:intel:core_i7:2610ue
  • Intel Core I7 2617M
    cpe:2.3:h:intel:core_i7:2617m
  • Intel Core I7 2620M
    cpe:2.3:h:intel:core_i7:2620m
  • Intel Core I7 2629M
    cpe:2.3:h:intel:core_i7:2629m
  • Intel Core I7 2630QM
    cpe:2.3:h:intel:core_i7:2630qm
  • Intel Core I7 2635QM
    cpe:2.3:h:intel:core_i7:2635qm
  • Intel Core I7 2637M
    cpe:2.3:h:intel:core_i7:2637m
  • Intel Core I7 2640M
    cpe:2.3:h:intel:core_i7:2640m
  • Intel Core I7 2649M
    cpe:2.3:h:intel:core_i7:2649m
  • Intel Core I7 2655LE
    cpe:2.3:h:intel:core_i7:2655le
  • Intel Core I7 2657M
    cpe:2.3:h:intel:core_i7:2657m
  • Intel Core I7 2670QM
    cpe:2.3:h:intel:core_i7:2670qm
  • Intel Core I7 2675QM
    cpe:2.3:h:intel:core_i7:2675qm
  • Intel Core I7 2677M
    cpe:2.3:h:intel:core_i7:2677m
  • Intel Core I7 2700K
    cpe:2.3:h:intel:core_i7:2700k
  • Intel Core I7 2710QE
    cpe:2.3:h:intel:core_i7:2710qe
  • Intel Core I7 2715QE
    cpe:2.3:h:intel:core_i7:2715qe
  • Intel Core I7 2720QM
    cpe:2.3:h:intel:core_i7:2720qm
  • Intel Core I7 2760QM
    cpe:2.3:h:intel:core_i7:2760qm
  • Intel Core I7 2820QM
    cpe:2.3:h:intel:core_i7:2820qm
  • Intel Core I7 2860QM
    cpe:2.3:h:intel:core_i7:2860qm
  • Intel Core I7 2920XM
    cpe:2.3:h:intel:core_i7:2920xm
  • Intel Core I7 2960XM
    cpe:2.3:h:intel:core_i7:2960xm
  • Intel Core I7 3517U
    cpe:2.3:h:intel:core_i7:3517u
  • Intel Core I7 3517UE
    cpe:2.3:h:intel:core_i7:3517ue
  • Intel Core I7 3520M
    cpe:2.3:h:intel:core_i7:3520m
  • Intel Core I7 3537U
    cpe:2.3:h:intel:core_i7:3537u
  • Intel Core I7 3540M
    cpe:2.3:h:intel:core_i7:3540m
  • Intel Core I7 3555LE
    cpe:2.3:h:intel:core_i7:3555le
  • Intel Core I7 3610QE
    cpe:2.3:h:intel:core_i7:3610qe
  • Intel Core I7 3610QM
    cpe:2.3:h:intel:core_i7:3610qm
  • Intel Core I7 3612QE
    cpe:2.3:h:intel:core_i7:3612qe
  • Intel Core I7 3612QM
    cpe:2.3:h:intel:core_i7:3612qm
  • Intel Core I7 3615QE
    cpe:2.3:h:intel:core_i7:3615qe
  • Intel Core I7 3615QM
    cpe:2.3:h:intel:core_i7:3615qm
  • Intel Core I7 3630QM
    cpe:2.3:h:intel:core_i7:3630qm
  • Intel Core I7 3632QM
    cpe:2.3:h:intel:core_i7:3632qm
  • Intel Core I7 3635QM
    cpe:2.3:h:intel:core_i7:3635qm
  • Intel Core I7 3667U
    cpe:2.3:h:intel:core_i7:3667u
  • Intel Core I7 3687U
    cpe:2.3:h:intel:core_i7:3687u
  • Intel Core I7 3689Y
    cpe:2.3:h:intel:core_i7:3689y
  • Intel Core I7 3720QM
    cpe:2.3:h:intel:core_i7:3720qm
  • Intel Core I7 3740QM
    cpe:2.3:h:intel:core_i7:3740qm
  • Intel Core I7 3770
    cpe:2.3:h:intel:core_i7:3770
  • Intel Core I7 3770K
    cpe:2.3:h:intel:core_i7:3770k
  • Intel Core I7 3770S
    cpe:2.3:h:intel:core_i7:3770s
  • Intel Core I7 3770T
    cpe:2.3:h:intel:core_i7:3770t
  • Intel Core I7 3820QM
    cpe:2.3:h:intel:core_i7:3820qm
  • Intel Core I7 3840QM
    cpe:2.3:h:intel:core_i7:3840qm
  • Intel Core I7 4500U
    cpe:2.3:h:intel:core_i7:4500u
  • Intel Core I7 4510U
    cpe:2.3:h:intel:core_i7:4510u
  • Intel Core I7 4550U
    cpe:2.3:h:intel:core_i7:4550u
  • Intel Core I7 4558U
    cpe:2.3:h:intel:core_i7:4558u
  • Intel Core I7 4578U
    cpe:2.3:h:intel:core_i7:4578u
  • Intel Core I7 4600M
    cpe:2.3:h:intel:core_i7:4600m
  • Intel Core I7 4600U
    cpe:2.3:h:intel:core_i7:4600u
  • Intel Core I7 4610M
    cpe:2.3:h:intel:core_i7:4610m
  • Intel Core I7 4610Y
    cpe:2.3:h:intel:core_i7:4610y
  • Intel Core I7 4650U
    cpe:2.3:h:intel:core_i7:4650u
  • Intel Core I7 4700EC
    cpe:2.3:h:intel:core_i7:4700ec
  • Intel Core I7 4700EQ
    cpe:2.3:h:intel:core_i7:4700eq
  • Intel Core I7 4700HQ
    cpe:2.3:h:intel:core_i7:4700hq
  • Intel Core I7 4700MQ
    cpe:2.3:h:intel:core_i7:4700mq
  • Intel Core I7 4702EC
    cpe:2.3:h:intel:core_i7:4702ec
  • Intel Core I7 4702HQ
    cpe:2.3:h:intel:core_i7:4702hq
  • Intel Core I7 4702MQ
    cpe:2.3:h:intel:core_i7:4702mq
  • Intel Core I7 4710HQ
    cpe:2.3:h:intel:core_i7:4710hq
  • Intel Core I7 4710MQ
    cpe:2.3:h:intel:core_i7:4710mq
  • Intel Core I7 4712HQ
    cpe:2.3:h:intel:core_i7:4712hq
  • Intel Core I7 4712MQ
    cpe:2.3:h:intel:core_i7:4712mq
  • Intel Core I7 4720HQ
    cpe:2.3:h:intel:core_i7:4720hq
  • Intel Core I7 4722HQ
    cpe:2.3:h:intel:core_i7:4722hq
  • Intel Core I7 4750HQ
    cpe:2.3:h:intel:core_i7:4750hq
  • Intel Core I7 4760HQ
    cpe:2.3:h:intel:core_i7:4760hq
  • Intel Core I7 4765T
    cpe:2.3:h:intel:core_i7:4765t
  • Intel Core I7 4770
    cpe:2.3:h:intel:core_i7:4770
  • Intel Core I7 4770HQ
    cpe:2.3:h:intel:core_i7:4770hq
  • Intel Core I7 4770K
    cpe:2.3:h:intel:core_i7:4770k
  • Intel Core I7 4770R
    cpe:2.3:h:intel:core_i7:4770r
  • Intel Core I7 4770S
    cpe:2.3:h:intel:core_i7:4770s
  • Intel Core I7 4770T
    cpe:2.3:h:intel:core_i7:4770t
  • Intel Core I7 4770TE
    cpe:2.3:h:intel:core_i7:4770te
  • Intel Core I7 4771
    cpe:2.3:h:intel:core_i7:4771
  • Intel Core I7 4785T
    cpe:2.3:h:intel:core_i7:4785t
  • Intel Core I7 4790
    cpe:2.3:h:intel:core_i7:4790
  • Intel Core I7 4790K
    cpe:2.3:h:intel:core_i7:4790k
  • Intel Core I7 4790S
    cpe:2.3:h:intel:core_i7:4790s
  • Intel Core I7 4790T
    cpe:2.3:h:intel:core_i7:4790t
  • Intel Core I7 4800MQ
    cpe:2.3:h:intel:core_i7:4800mq
  • Intel Core I7 4810MQ
    cpe:2.3:h:intel:core_i7:4810mq
  • Intel Core I7 4850HQ
    cpe:2.3:h:intel:core_i7:4850hq
  • Intel Core I7 4860HQ
    cpe:2.3:h:intel:core_i7:4860hq
  • Intel Core I7 4870HQ
    cpe:2.3:h:intel:core_i7:4870hq
  • Intel Core I7 4900MQ
    cpe:2.3:h:intel:core_i7:4900mq
  • Intel Core I7 4910MQ
    cpe:2.3:h:intel:core_i7:4910mq
  • Intel Core I7 4950HQ
    cpe:2.3:h:intel:core_i7:4950hq
  • Intel Core I7 4960HQ
    cpe:2.3:h:intel:core_i7:4960hq
  • Intel Core I7 4980HQ
    cpe:2.3:h:intel:core_i7:4980hq
  • Intel Core I7 5500U
    cpe:2.3:h:intel:core_i7:5500u
  • Intel Core I7 5550U
    cpe:2.3:h:intel:core_i7:5550u
  • Intel Core I7 5557U
    cpe:2.3:h:intel:core_i7:5557u
  • Intel Core I7 5600U
    cpe:2.3:h:intel:core_i7:5600u
  • Intel Core I7 5650U
    cpe:2.3:h:intel:core_i7:5650u
  • Intel Core I7 5700EQ
    cpe:2.3:h:intel:core_i7:5700eq
  • Intel Core I7 5700HQ
    cpe:2.3:h:intel:core_i7:5700hq
  • Intel Core I7 5750HQ
    cpe:2.3:h:intel:core_i7:5750hq
  • Intel Core I7 5775C
    cpe:2.3:h:intel:core_i7:5775c
  • Intel Core I7 5775R
    cpe:2.3:h:intel:core_i7:5775r
  • Intel Core I7 5850EQ
    cpe:2.3:h:intel:core_i7:5850eq
  • Intel Core I7 5850HQ
    cpe:2.3:h:intel:core_i7:5850hq
  • Intel Core I7 5950HQ
    cpe:2.3:h:intel:core_i7:5950hq
  • Intel Core I7 7500U
    cpe:2.3:h:intel:core_i7:7500u
  • Intel Core I7 7560U
    cpe:2.3:h:intel:core_i7:7560u
  • Intel Core I7 7567U
    cpe:2.3:h:intel:core_i7:7567u
  • Intel Core I7 7600U
    cpe:2.3:h:intel:core_i7:7600u
  • Intel Core I7 7660U
    cpe:2.3:h:intel:core_i7:7660u
  • Intel Core I7 7700
    cpe:2.3:h:intel:core_i7:7700
  • Intel Core I7 7700HQ
    cpe:2.3:h:intel:core_i7:7700hq
  • Intel Core I7 7700K
    cpe:2.3:h:intel:core_i7:7700k
  • Intel Core I7 7700T
    cpe:2.3:h:intel:core_i7:7700t
  • Intel Core I7 7820EQ
    cpe:2.3:h:intel:core_i7:7820eq
  • Intel Core I7 7820HK
    cpe:2.3:h:intel:core_i7:7820hk
  • Intel Core I7 7820HQ
    cpe:2.3:h:intel:core_i7:7820hq
  • Intel Core I7 7920HQ
    cpe:2.3:h:intel:core_i7:7920hq
  • Intel Core I7 8550U
    cpe:2.3:h:intel:core_i7:8550u
  • Intel Core I7 8650U
    cpe:2.3:h:intel:core_i7:8650u
  • Intel Core I7 8700
    cpe:2.3:h:intel:core_i7:8700
  • Intel Core I7 8700K
    cpe:2.3:h:intel:core_i7:8700k
  • Intel Core M 5Y10
    cpe:2.3:h:intel:core_m:5y10
  • Intel Core M 5Y10A
    cpe:2.3:h:intel:core_m:5y10a
  • Intel Core M 5Y10C
    cpe:2.3:h:intel:core_m:5y10c
  • Intel Core M 5Y31
    cpe:2.3:h:intel:core_m:5y31
  • Intel Core M 5Y51
    cpe:2.3:h:intel:core_m:5y51
  • Intel Core M 5Y70
    cpe:2.3:h:intel:core_m:5y70
  • Intel Core M 5Y71
    cpe:2.3:h:intel:core_m:5y71
  • Intel Core M3 6Y30
    cpe:2.3:h:intel:core_m3:6y30
  • Intel Core M3 7Y30
    cpe:2.3:h:intel:core_m3:7y30
  • Intel Core M3 7Y32
    cpe:2.3:h:intel:core_m3:7y32
  • Intel Core M5 6Y54
    cpe:2.3:h:intel:core_m5:6y54
  • Intel Core M5 6Y57
    cpe:2.3:h:intel:core_m5:6y57
  • Intel Core M7 6Y75
    cpe:2.3:h:intel:core_m7:6y75
  • Intel Pentium J J2850
    cpe:2.3:h:intel:pentium_j:j2850
  • Intel Pentium J J2900
    cpe:2.3:h:intel:pentium_j:j2900
  • Intel Pentium J J3710
    cpe:2.3:h:intel:pentium_j:j3710
  • Intel Pentium J J4205
    cpe:2.3:h:intel:pentium_j:j4205
  • Intel Pentium N N3510
    cpe:2.3:h:intel:pentium_n:n3510
  • Intel Pentium N N3520
    cpe:2.3:h:intel:pentium_n:n3520
  • Intel Pentium N N3530
    cpe:2.3:h:intel:pentium_n:n3530
  • Intel Pentium N N3540
    cpe:2.3:h:intel:pentium_n:n3540
  • Intel Pentium N N3700
    cpe:2.3:h:intel:pentium_n:n3700
  • Intel Pentium N N3710
    cpe:2.3:h:intel:pentium_n:n3710
  • Intel Pentium N N4200
    cpe:2.3:h:intel:pentium_n:n4200
  • Intel Xeon E5502
    cpe:2.3:h:intel:xeon:e5502
  • Intel Xeon E5503
    cpe:2.3:h:intel:xeon:e5503
  • Intel Xeon E5504
    cpe:2.3:h:intel:xeon:e5504
  • Intel Xeon E5506
    cpe:2.3:h:intel:xeon:e5506
  • Intel Xeon E5507
    cpe:2.3:h:intel:xeon:e5507
  • Intel Xeon E5520
    cpe:2.3:h:intel:xeon:e5520
  • Intel Xeon E5530
    cpe:2.3:h:intel:xeon:e5530
  • Intel Xeon E5540
    cpe:2.3:h:intel:xeon:e5540
  • Intel Xeon E5603
    cpe:2.3:h:intel:xeon:e5603
  • Intel Xeon E5606
    cpe:2.3:h:intel:xeon:e5606
  • Intel Xeon E5607
    cpe:2.3:h:intel:xeon:e5607
  • Intel Xeon E5620
    cpe:2.3:h:intel:xeon:e5620
  • Intel Xeon E5630
    cpe:2.3:h:intel:xeon:e5630
  • Intel Xeon E5640
    cpe:2.3:h:intel:xeon:e5640
  • Intel Xeon E5645
    cpe:2.3:h:intel:xeon:e5645
  • Intel Xeon E5649
    cpe:2.3:h:intel:xeon:e5649
  • Intel Xeon E6510
    cpe:2.3:h:intel:xeon:e6510
  • Intel Xeon E6540
    cpe:2.3:h:intel:xeon:e6540
  • Intel Xeon E7520
    cpe:2.3:h:intel:xeon:e7520
  • Intel Xeon E7530
    cpe:2.3:h:intel:xeon:e7530
  • Intel Xeon E7540
    cpe:2.3:h:intel:xeon:e7540
  • Intel Xeon EC5509
    cpe:2.3:h:intel:xeon:ec5509
  • Intel Xeon EC5539
    cpe:2.3:h:intel:xeon:ec5539
  • Intel Xeon EC5549
    cpe:2.3:h:intel:xeon:ec5549
  • Intel Xeon L3406
    cpe:2.3:h:intel:xeon:l3406
  • Intel Xeon L3426
    cpe:2.3:h:intel:xeon:l3426
  • Intel Xeon L5506
    cpe:2.3:h:intel:xeon:l5506
  • Intel Xeon L5508
    cpe:2.3:h:intel:xeon:l5508
  • Intel Xeon L5518
    cpe:2.3:h:intel:xeon:l5518
  • Intel Xeon L5520
    cpe:2.3:h:intel:xeon:l5520
  • Intel Xeon L5530
    cpe:2.3:h:intel:xeon:l5530
  • Intel Xeon L5609
    cpe:2.3:h:intel:xeon:l5609
  • Intel Xeon L5618
    cpe:2.3:h:intel:xeon:l5618
  • Intel Xeon L5630
    cpe:2.3:h:intel:xeon:l5630
  • Intel Xeon L5638
    cpe:2.3:h:intel:xeon:l5638
  • Intel Xeon L5640
    cpe:2.3:h:intel:xeon:l5640
  • Intel Xeon L7545
    cpe:2.3:h:intel:xeon:l7545
  • Intel Xeon L7555
    cpe:2.3:h:intel:xeon:l7555
  • Intel Xeon LC5518
    cpe:2.3:h:intel:xeon:lc5518
  • Intel Xeon LC5528
    cpe:2.3:h:intel:xeon:lc5528
  • Intel Xeon W3670
    cpe:2.3:h:intel:xeon:w3670
  • Intel Xeon W3680
    cpe:2.3:h:intel:xeon:w3680
  • Intel Xeon W3690
    cpe:2.3:h:intel:xeon:w3690
  • Intel Xeon W5580
    cpe:2.3:h:intel:xeon:w5580
  • Intel Xeon W5590
    cpe:2.3:h:intel:xeon:w5590
  • Intel Xeon X3430
    cpe:2.3:h:intel:xeon:x3430
  • Intel Xeon X3440
    cpe:2.3:h:intel:xeon:x3440
  • Intel Xeon X3450
    cpe:2.3:h:intel:xeon:x3450
  • Intel Xeon X3460
    cpe:2.3:h:intel:xeon:x3460
  • Intel Xeon X3470
    cpe:2.3:h:intel:xeon:x3470
  • Intel Xeon X3480
    cpe:2.3:h:intel:xeon:x3480
  • Intel Xeon X5550
    cpe:2.3:h:intel:xeon:x5550
  • Intel Xeon X5560
    cpe:2.3:h:intel:xeon:x5560
  • Intel Xeon X5570
    cpe:2.3:h:intel:xeon:x5570
  • Intel Xeon X5647
    cpe:2.3:h:intel:xeon:x5647
  • Intel Xeon X5650
    cpe:2.3:h:intel:xeon:x5650
  • Intel Xeon X5660
    cpe:2.3:h:intel:xeon:x5660
  • Intel Xeon X5667
    cpe:2.3:h:intel:xeon:x5667
  • Intel Xeon X5670
    cpe:2.3:h:intel:xeon:x5670
  • Intel Xeon X5672
    cpe:2.3:h:intel:xeon:x5672
  • Intel Xeon X5675
    cpe:2.3:h:intel:xeon:x5675
  • Intel Xeon X5677
    cpe:2.3:h:intel:xeon:x5677
  • Intel Xeon X5680
    cpe:2.3:h:intel:xeon:x5680
  • Intel Xeon X5687
    cpe:2.3:h:intel:xeon:x5687
  • Intel Xeon X5690
    cpe:2.3:h:intel:xeon:x5690
  • Intel Xeon X6550
    cpe:2.3:h:intel:xeon:x6550
  • Intel Xeon X7542
    cpe:2.3:h:intel:xeon:x7542
  • Intel Xeon X7550
    cpe:2.3:h:intel:xeon:x7550
  • Intel Xeon X7560
    cpe:2.3:h:intel:xeon:x7560
  • Intel Xeon Bronze 3104
    cpe:2.3:h:intel:xeon_bronze:3104
  • Intel Xeon Bronze 3106
    cpe:2.3:h:intel:xeon_bronze:3106
  • Intel Xeon E3 1105C
    cpe:2.3:h:intel:xeon_e3:1105c
  • Intel Xeon E3 1105C V2
    cpe:2.3:h:intel:xeon_e3:1105c_v2
  • Intel Xeon E3 1125C
    cpe:2.3:h:intel:xeon_e3:1125c
  • Intel Xeon E3 1125C V2
    cpe:2.3:h:intel:xeon_e3:1125c_v2
  • Intel Xeon E3 1220
    cpe:2.3:h:intel:xeon_e3:1220
  • Intel Xeon E3 1220 V2
    cpe:2.3:h:intel:xeon_e3:1220_v2
  • Intel Xeon E3 1220 V3
    cpe:2.3:h:intel:xeon_e3:1220_v3
  • Intel Xeon E3 1220 V5
    cpe:2.3:h:intel:xeon_e3:1220_v5
  • Intel Xeon E3 1220 V6
    cpe:2.3:h:intel:xeon_e3:1220_v6
  • Intel Xeon E3 1220L
    cpe:2.3:h:intel:xeon_e3:1220l
  • Intel Xeon E3 1220L V2
    cpe:2.3:h:intel:xeon_e3:1220l_v2
  • Intel Xeon E3 1220L V3
    cpe:2.3:h:intel:xeon_e3:1220l_v3
  • Intel Xeon E3 1225
    cpe:2.3:h:intel:xeon_e3:1225
  • Intel Xeon E3 1225 V2
    cpe:2.3:h:intel:xeon_e3:1225_v2
  • Intel Xeon E3 1225 V3
    cpe:2.3:h:intel:xeon_e3:1225_v3
  • Intel Xeon E3 1225 V5
    cpe:2.3:h:intel:xeon_e3:1225_v5
  • Intel Xeon E3 1225 V6
    cpe:2.3:h:intel:xeon_e3:1225_v6
  • Intel Xeon E3 1226 V3
    cpe:2.3:h:intel:xeon_e3:1226_v3
  • Intel Xeon E3 1230
    cpe:2.3:h:intel:xeon_e3:1230
  • Intel Xeon E3 1230 V2
    cpe:2.3:h:intel:xeon_e3:1230_v2
  • Intel Xeon E3 1230 V3
    cpe:2.3:h:intel:xeon_e3:1230_v3
  • Intel Xeon E3 1230 V5
    cpe:2.3:h:intel:xeon_e3:1230_v5
  • Intel Xeon E3 1230 V6
    cpe:2.3:h:intel:xeon_e3:1230_v6
  • Intel Xeon E3 1230L V3
    cpe:2.3:h:intel:xeon_e3:1230l_v3
  • Intel Xeon E3 1231 V3
    cpe:2.3:h:intel:xeon_e3:1231_v3
  • Intel Xeon E3 1235
    cpe:2.3:h:intel:xeon_e3:1235
  • Intel Xeon E3 1235L V5
    cpe:2.3:h:intel:xeon_e3:1235l_v5
  • Intel Xeon E3 1240
    cpe:2.3:h:intel:xeon_e3:1240
  • Intel Xeon E3 1240 V2
    cpe:2.3:h:intel:xeon_e3:1240_v2
  • Intel Xeon E3 1240 V3
    cpe:2.3:h:intel:xeon_e3:1240_v3
  • Intel Xeon E3 1240 V5
    cpe:2.3:h:intel:xeon_e3:1240_v5
  • Intel Xeon E3 1240 V6
    cpe:2.3:h:intel:xeon_e3:1240_v6
  • Intel Xeon E3 1240L V3
    cpe:2.3:h:intel:xeon_e3:1240l_v3
  • Intel Xeon E3 1240L V5
    cpe:2.3:h:intel:xeon_e3:1240l_v5
  • Intel Xeon E3 1241 V3
    cpe:2.3:h:intel:xeon_e3:1241_v3
  • Intel Xeon E3 1245
    cpe:2.3:h:intel:xeon_e3:1245
  • Intel Xeon E3 1245 V2
    cpe:2.3:h:intel:xeon_e3:1245_v2
  • Intel Xeon E3 1245 V3
    cpe:2.3:h:intel:xeon_e3:1245_v3
  • Intel Xeon E3 1245 V5
    cpe:2.3:h:intel:xeon_e3:1245_v5
  • Intel Xeon E3 1245 V6
    cpe:2.3:h:intel:xeon_e3:1245_v6
  • Intel Xeon E3 1246 V3
    cpe:2.3:h:intel:xeon_e3:1246_v3
  • Intel Xeon E3 1258L V4
    cpe:2.3:h:intel:xeon_e3:1258l_v4
  • Intel Xeon E3 1260L
    cpe:2.3:h:intel:xeon_e3:1260l
  • Intel Xeon E3 1260L V5
    cpe:2.3:h:intel:xeon_e3:1260l_v5
  • Intel Xeon E3 1265L V2
    cpe:2.3:h:intel:xeon_e3:1265l_v2
  • Intel Xeon E3 1265L V3
    cpe:2.3:h:intel:xeon_e3:1265l_v3
  • Intel Xeon E3 1265L V4
    cpe:2.3:h:intel:xeon_e3:1265l_v4
  • Intel Xeon E3 1268L V3
    cpe:2.3:h:intel:xeon_e3:1268l_v3
  • Intel Xeon E3 1268L V5
    cpe:2.3:h:intel:xeon_e3:1268l_v5
  • Intel Xeon E3 1270
    cpe:2.3:h:intel:xeon_e3:1270
  • Intel Xeon E3 1270 V2
    cpe:2.3:h:intel:xeon_e3:1270_v2
  • Intel Xeon E3 1270 V3
    cpe:2.3:h:intel:xeon_e3:1270_v3
  • Intel Xeon E3 1270 V5
    cpe:2.3:h:intel:xeon_e3:1270_v5
  • Intel Xeon E3 1270 V6
    cpe:2.3:h:intel:xeon_e3:1270_v6
  • Intel Xeon E3 1271 V3
    cpe:2.3:h:intel:xeon_e3:1271_v3
  • Intel Xeon E3 1275
    cpe:2.3:h:intel:xeon_e3:1275
  • Intel Xeon E3 1275 V2
    cpe:2.3:h:intel:xeon_e3:1275_v2
  • Intel Xeon E3 1275 V3
    cpe:2.3:h:intel:xeon_e3:1275_v3
  • Intel Xeon E3 1275 V5
    cpe:2.3:h:intel:xeon_e3:1275_v5
  • Intel Xeon E3 1275 V6
    cpe:2.3:h:intel:xeon_e3:1275_v6
  • Intel Xeon E3 1275L V3
    cpe:2.3:h:intel:xeon_e3:1275l_v3
  • Intel Xeon E3 1276 V3
    cpe:2.3:h:intel:xeon_e3:1276_v3
  • Intel Xeon E3 1278L V4
    cpe:2.3:h:intel:xeon_e3:1278l_v4
  • Intel Xeon E3 1280
    cpe:2.3:h:intel:xeon_e3:1280
  • Intel Xeon E3 1280 V2
    cpe:2.3:h:intel:xeon_e3:1280_v2
  • Intel Xeon E3 1280 V3
    cpe:2.3:h:intel:xeon_e3:1280_v3
  • Intel Xeon E3 1280 V5
    cpe:2.3:h:intel:xeon_e3:1280_v5
  • Intel Xeon E3 1280 V6
    cpe:2.3:h:intel:xeon_e3:1280_v6
  • Intel Xeon E3 1281 V3
    cpe:2.3:h:intel:xeon_e3:1281_v3
  • Intel Xeon E3 1285 V3
    cpe:2.3:h:intel:xeon_e3:1285_v3
  • Intel Xeon E3 1285 V4
    cpe:2.3:h:intel:xeon_e3:1285_v4
  • Intel Xeon E3 1285 V6
    cpe:2.3:h:intel:xeon_e3:1285_v6
  • Intel Xeon E3 1285L V3
    cpe:2.3:h:intel:xeon_e3:1285l_v3
  • Intel Xeon E3 1285L V4
    cpe:2.3:h:intel:xeon_e3:1285l_v4
  • Intel Xeon E3 1286 V3
    cpe:2.3:h:intel:xeon_e3:1286_v3
  • Intel Xeon E3 1286L V3
    cpe:2.3:h:intel:xeon_e3:1286l_v3
  • Intel Xeon E3 1290
    cpe:2.3:h:intel:xeon_e3:1290
  • Intel Xeon E3 1290 V2
    cpe:2.3:h:intel:xeon_e3:1290_v2
  • Intel Xeon E3 1501L V6
    cpe:2.3:h:intel:xeon_e3:1501l_v6
  • Intel Xeon E3 1501M V6
    cpe:2.3:h:intel:xeon_e3:1501m_v6
  • Intel Xeon E3 1505L V5
    cpe:2.3:h:intel:xeon_e3:1505l_v5
  • Intel Xeon E3 1505L V6
    cpe:2.3:h:intel:xeon_e3:1505l_v6
  • Intel Xeon E3 1505M V5
    cpe:2.3:h:intel:xeon_e3:1505m_v5
  • Intel Xeon E3 1505M V6
    cpe:2.3:h:intel:xeon_e3:1505m_v6
  • Intel Xeon E3 1515M V5
    cpe:2.3:h:intel:xeon_e3:1515m_v5
  • Intel Xeon E3 1535M V5
    cpe:2.3:h:intel:xeon_e3:1535m_v5
  • Intel Xeon E3 1535M V6
    cpe:2.3:h:intel:xeon_e3:1535m_v6
  • Intel Xeon E3 1545M V5
    cpe:2.3:h:intel:xeon_e3:1545m_v5
  • Intel Xeon E3 1558L V5
    cpe:2.3:h:intel:xeon_e3:1558l_v5
  • Intel Xeon E3 1565L V5
    cpe:2.3:h:intel:xeon_e3:1565l_v5
  • Intel Xeon E3 1575M V5
    cpe:2.3:h:intel:xeon_e3:1575m_v5
  • Intel Xeon E3 1578L V5
    cpe:2.3:h:intel:xeon_e3:1578l_v5
  • Intel Xeon E3 1585 V5
    cpe:2.3:h:intel:xeon_e3:1585_v5
  • Intel Xeon E3 1585L V5
    cpe:2.3:h:intel:xeon_e3:1585l_v5
  • Intel Xeon E5 1428L
    cpe:2.3:h:intel:xeon_e5:1428l
  • Intel Xeon E5 1428L V2
    cpe:2.3:h:intel:xeon_e5:1428l_v2
  • Intel Xeon E5 1428L V3
    cpe:2.3:h:intel:xeon_e5:1428l_v3
  • Intel Xeon E5 1620
    cpe:2.3:h:intel:xeon_e5:1620
  • Intel Xeon E5 1620 V2
    cpe:2.3:h:intel:xeon_e5:1620_v2
  • Intel Xeon E5 1620 V3
    cpe:2.3:h:intel:xeon_e5:1620_v3
  • Intel Xeon E5 1620 V4
    cpe:2.3:h:intel:xeon_e5:1620_v4
  • Intel Xeon E5 1630 V3
    cpe:2.3:h:intel:xeon_e5:1630_v3
  • Intel Xeon E5 1630 V4
    cpe:2.3:h:intel:xeon_e5:1630_v4
  • Intel Xeon E5 1650
    cpe:2.3:h:intel:xeon_e5:1650
  • Intel Xeon E5 1650 V2
    cpe:2.3:h:intel:xeon_e5:1650_v2
  • Intel Xeon E5 1650 V3
    cpe:2.3:h:intel:xeon_e5:1650_v3
  • Intel Xeon E5 1650 V4
    cpe:2.3:h:intel:xeon_e5:1650_v4
  • Intel Xeon E5 1660
    cpe:2.3:h:intel:xeon_e5:1660
  • Intel Xeon E5 1660 V2
    cpe:2.3:h:intel:xeon_e5:1660_v2
  • Intel Xeon E5 1660 V3
    cpe:2.3:h:intel:xeon_e5:1660_v3
  • Intel Xeon E5 1660 V4
    cpe:2.3:h:intel:xeon_e5:1660_v4
  • Intel Xeon E5 1680 V3
    cpe:2.3:h:intel:xeon_e5:1680_v3
  • Intel Xeon E5 1680 V4
    cpe:2.3:h:intel:xeon_e5:1680_v4
  • Intel Xeon E5 2403
    cpe:2.3:h:intel:xeon_e5:2403
  • Intel Xeon E5 2403 V2
    cpe:2.3:h:intel:xeon_e5:2403_v2
  • Intel Xeon E5 2407
    cpe:2.3:h:intel:xeon_e5:2407
  • Intel Xeon E5 2407 V2
    cpe:2.3:h:intel:xeon_e5:2407_v2
  • Intel Xeon E5 2408L V3
    cpe:2.3:h:intel:xeon_e5:2408l_v3
  • Intel Xeon E5 2418L
    cpe:2.3:h:intel:xeon_e5:2418l
  • Intel Xeon E5 2418L V2
    cpe:2.3:h:intel:xeon_e5:2418l_v2
  • Intel Xeon E5 2418L V3
    cpe:2.3:h:intel:xeon_e5:2418l_v3
  • Intel Xeon E5 2420
    cpe:2.3:h:intel:xeon_e5:2420
  • Intel Xeon E5 2420 V2
    cpe:2.3:h:intel:xeon_e5:2420_v2
  • Intel Xeon E5 2428L
    cpe:2.3:h:intel:xeon_e5:2428l
  • Intel Xeon E5 2428L V2
    cpe:2.3:h:intel:xeon_e5:2428l_v2
  • Intel Xeon E5 2428L V3
    cpe:2.3:h:intel:xeon_e5:2428l_v3
  • Intel Xeon E5 2430
    cpe:2.3:h:intel:xeon_e5:2430
  • Intel Xeon E5 2430 V2
    cpe:2.3:h:intel:xeon_e5:2430_v2
  • Intel Xeon E5 2430L
    cpe:2.3:h:intel:xeon_e5:2430l
  • Intel Xeon E5 2430L V2
    cpe:2.3:h:intel:xeon_e5:2430l_v2
  • Intel Xeon E5 2438L V3
    cpe:2.3:h:intel:xeon_e5:2438l_v3
  • Intel Xeon E5 2440
    cpe:2.3:h:intel:xeon_e5:2440
  • Intel Xeon E5 2440 V2
    cpe:2.3:h:intel:xeon_e5:2440_v2
  • Intel Xeon E5 2448L
    cpe:2.3:h:intel:xeon_e5:2448l
  • Intel Xeon E5 2448L V2
    cpe:2.3:h:intel:xeon_e5:2448l_v2
  • Intel Xeon E5 2450
    cpe:2.3:h:intel:xeon_e5:2450
  • Intel Xeon E5 2450 V2
    cpe:2.3:h:intel:xeon_e5:2450_v2
  • Intel Xeon E5 2450L
    cpe:2.3:h:intel:xeon_e5:2450l
  • Intel Xeon E5 2450L V2
    cpe:2.3:h:intel:xeon_e5:2450l_v2
  • Intel Xeon E5 2470
    cpe:2.3:h:intel:xeon_e5:2470
  • Intel Xeon E5 2470 V2
    cpe:2.3:h:intel:xeon_e5:2470_v2
  • Intel Xeon E5 2603
    cpe:2.3:h:intel:xeon_e5:2603
  • Intel Xeon E5 2603 V2
    cpe:2.3:h:intel:xeon_e5:2603_v2
  • Intel Xeon E5 2603 V3
    cpe:2.3:h:intel:xeon_e5:2603_v3
  • Intel Xeon E5 2603 V4
    cpe:2.3:h:intel:xeon_e5:2603_v4
  • Intel Xeon E5 2608L V3
    cpe:2.3:h:intel:xeon_e5:2608l_v3
  • Intel Xeon E5 2608L V4
    cpe:2.3:h:intel:xeon_e5:2608l_v4
  • Intel Xeon E5 2609
    cpe:2.3:h:intel:xeon_e5:2609
  • Intel Xeon E5 2609 V2
    cpe:2.3:h:intel:xeon_e5:2609_v2
  • Intel Xeon E5 2609 V3
    cpe:2.3:h:intel:xeon_e5:2609_v3
  • Intel Xeon E5 2609 V4
    cpe:2.3:h:intel:xeon_e5:2609_v4
  • Intel Xeon E5 2618L V2
    cpe:2.3:h:intel:xeon_e5:2618l_v2
  • Intel Xeon E5 2618L V3
    cpe:2.3:h:intel:xeon_e5:2618l_v3
  • Intel Xeon E5 2618L V4
    cpe:2.3:h:intel:xeon_e5:2618l_v4
  • Intel Xeon E5 2620
    cpe:2.3:h:intel:xeon_e5:2620
  • Intel Xeon E5 2620 V2
    cpe:2.3:h:intel:xeon_e5:2620_v2
  • Intel Xeon E5 2620 V3
    cpe:2.3:h:intel:xeon_e5:2620_v3
  • Intel Xeon E5 2620 V4
    cpe:2.3:h:intel:xeon_e5:2620_v4
  • Intel Xeon E5 2623 V3
    cpe:2.3:h:intel:xeon_e5:2623_v3
  • Intel Xeon E5 2623 V4
    cpe:2.3:h:intel:xeon_e5:2623_v4
  • Intel Xeon E5 2628L V2
    cpe:2.3:h:intel:xeon_e5:2628l_v2
  • Intel Xeon E5 2628L V3
    cpe:2.3:h:intel:xeon_e5:2628l_v3
  • Intel Xeon E5 2628L V4
    cpe:2.3:h:intel:xeon_e5:2628l_v4
  • Intel Xeon E5 2630
    cpe:2.3:h:intel:xeon_e5:2630
  • Intel Xeon E5 2630 V2
    cpe:2.3:h:intel:xeon_e5:2630_v2
  • Intel Xeon E5 2630 V3
    cpe:2.3:h:intel:xeon_e5:2630_v3
  • Intel Xeon E5 2630 V4
    cpe:2.3:h:intel:xeon_e5:2630_v4
  • Intel Xeon E5 2630L
    cpe:2.3:h:intel:xeon_e5:2630l
  • Intel Xeon E5 2630L V2
    cpe:2.3:h:intel:xeon_e5:2630l_v2
  • Intel Xeon E5 2630L V3
    cpe:2.3:h:intel:xeon_e5:2630l_v3
  • Intel Xeon E5 2630L V4
    cpe:2.3:h:intel:xeon_e5:2630l_v4
  • Intel Xeon E5 2637
    cpe:2.3:h:intel:xeon_e5:2637
  • Intel Xeon E5 2637 V2
    cpe:2.3:h:intel:xeon_e5:2637_v2
  • Intel Xeon E5 2637 V3
    cpe:2.3:h:intel:xeon_e5:2637_v3
  • Intel Xeon E5 2637 V4
    cpe:2.3:h:intel:xeon_e5:2637_v4
  • Intel Xeon E5 2640
    cpe:2.3:h:intel:xeon_e5:2640
  • Intel Xeon E5 2640 V2
    cpe:2.3:h:intel:xeon_e5:2640_v2
  • Intel Xeon E5 2640 V3
    cpe:2.3:h:intel:xeon_e5:2640_v3
  • Intel Xeon E5 2640 V4
    cpe:2.3:h:intel:xeon_e5:2640_v4
  • Intel Xeon E5 2643
    cpe:2.3:h:intel:xeon_e5:2643
  • Intel Xeon E5 2643 V2
    cpe:2.3:h:intel:xeon_e5:2643_v2
  • Intel Xeon E5 2643 V3
    cpe:2.3:h:intel:xeon_e5:2643_v3
  • Intel Xeon E5 2643 V4
    cpe:2.3:h:intel:xeon_e5:2643_v4
  • Intel Xeon E5 2648L
    cpe:2.3:h:intel:xeon_e5:2648l
  • Intel Xeon E5 2648L V2
    cpe:2.3:h:intel:xeon_e5:2648l_v2
  • Intel Xeon E5 2648L V3
    cpe:2.3:h:intel:xeon_e5:2648l_v3
  • Intel Xeon E5 2648L V4
    cpe:2.3:h:intel:xeon_e5:2648l_v4
  • Intel Xeon E5 2650
    cpe:2.3:h:intel:xeon_e5:2650
  • Intel Xeon E5 2650 V2
    cpe:2.3:h:intel:xeon_e5:2650_v2
  • Intel Xeon E5 2650 V3
    cpe:2.3:h:intel:xeon_e5:2650_v3
  • Intel Xeon E5 2650 V4
    cpe:2.3:h:intel:xeon_e5:2650_v4
  • Intel Xeon E5 2650L
    cpe:2.3:h:intel:xeon_e5:2650l
  • Intel Xeon E5 2650L V2
    cpe:2.3:h:intel:xeon_e5:2650l_v2
  • Intel Xeon E5 2650L V3
    cpe:2.3:h:intel:xeon_e5:2650l_v3
  • Intel Xeon E5 2650L V4
    cpe:2.3:h:intel:xeon_e5:2650l_v4
  • Intel Xeon E5 2658
    cpe:2.3:h:intel:xeon_e5:2658
  • Intel Xeon E5 2658 V2
    cpe:2.3:h:intel:xeon_e5:2658_v2
  • Intel Xeon E5 2658 V3
    cpe:2.3:h:intel:xeon_e5:2658_v3
  • Intel Xeon E5 2658 V4
    cpe:2.3:h:intel:xeon_e5:2658_v4
  • Intel Xeon E5 2658A V3
    cpe:2.3:h:intel:xeon_e5:2658a_v3
  • Intel Xeon E5 2660
    cpe:2.3:h:intel:xeon_e5:2660
  • Intel Xeon E5 2660 V2
    cpe:2.3:h:intel:xeon_e5:2660_v2
  • Intel Xeon E5 2660 V3
    cpe:2.3:h:intel:xeon_e5:2660_v3
  • Intel Xeon E5 2660 V4
    cpe:2.3:h:intel:xeon_e5:2660_v4
  • Intel Xeon E5 2665
    cpe:2.3:h:intel:xeon_e5:2665
  • Intel Xeon E5 2667
    cpe:2.3:h:intel:xeon_e5:2667
  • Intel Xeon E5 2667 V2
    cpe:2.3:h:intel:xeon_e5:2667_v2
  • Intel Xeon E5 2667 V3
    cpe:2.3:h:intel:xeon_e5:2667_v3
  • Intel Xeon E5 2667 V4
    cpe:2.3:h:intel:xeon_e5:2667_v4
  • Intel Xeon E5 2670
    cpe:2.3:h:intel:xeon_e5:2670
  • Intel Xeon E5 2670 V2
    cpe:2.3:h:intel:xeon_e5:2670_v2
  • Intel Xeon E5 2670 V3
    cpe:2.3:h:intel:xeon_e5:2670_v3
  • Intel Xeon E5 2680
    cpe:2.3:h:intel:xeon_e5:2680
  • Intel Xeon E5 2680 V2
    cpe:2.3:h:intel:xeon_e5:2680_v2
  • Intel Xeon E5 2680 V3
    cpe:2.3:h:intel:xeon_e5:2680_v3
  • Intel Xeon E5 2680 V4
    cpe:2.3:h:intel:xeon_e5:2680_v4
  • Intel Xeon E5 2683 V3
    cpe:2.3:h:intel:xeon_e5:2683_v3
  • Intel Xeon E5 2683 V4
    cpe:2.3:h:intel:xeon_e5:2683_v4
  • Intel Xeon E5 2687W
    cpe:2.3:h:intel:xeon_e5:2687w
  • Intel Xeon E5 2687W V2
    cpe:2.3:h:intel:xeon_e5:2687w_v2
  • Intel Xeon E5 2687W V3
    cpe:2.3:h:intel:xeon_e5:2687w_v3
  • Intel Xeon E5 2687W V4
    cpe:2.3:h:intel:xeon_e5:2687w_v4
  • Intel Xeon E5 2690
    cpe:2.3:h:intel:xeon_e5:2690
  • Intel Xeon E5 2690 V2
    cpe:2.3:h:intel:xeon_e5:2690_v2
  • Intel Xeon E5 2690 V3
    cpe:2.3:h:intel:xeon_e5:2690_v3
  • Intel Xeon E5 2690 V4
    cpe:2.3:h:intel:xeon_e5:2690_v4
  • Intel Xeon E5 2695 V2
    cpe:2.3:h:intel:xeon_e5:2695_v2
  • Intel Xeon E5 2695 V3
    cpe:2.3:h:intel:xeon_e5:2695_v3
  • Intel Xeon E5 2695 V4
    cpe:2.3:h:intel:xeon_e5:2695_v4
  • Intel Xeon E5 2697 V2
    cpe:2.3:h:intel:xeon_e5:2697_v2
  • Intel Xeon E5 2697 V3
    cpe:2.3:h:intel:xeon_e5:2697_v3
  • Intel Xeon E5 2697 V4
    cpe:2.3:h:intel:xeon_e5:2697_v4
  • Intel Xeon E5 2697A V4
    cpe:2.3:h:intel:xeon_e5:2697a_v4
  • Intel Xeon E5 2698 V3
    cpe:2.3:h:intel:xeon_e5:2698_v3
  • Intel Xeon E5 2698 V4
    cpe:2.3:h:intel:xeon_e5:2698_v4
  • Intel Xeon E5 2699 V3
    cpe:2.3:h:intel:xeon_e5:2699_v3
  • Intel Xeon E5 2699 V4
    cpe:2.3:h:intel:xeon_e5:2699_v4
  • Intel Xeon E5 2699A V4
    cpe:2.3:h:intel:xeon_e5:2699a_v4
  • Intel Xeon E5 2699R V4
    cpe:2.3:h:intel:xeon_e5:2699r_v4
  • Intel Xeon E5 4603
    cpe:2.3:h:intel:xeon_e5:4603
  • Intel Xeon E5 4603 V2
    cpe:2.3:h:intel:xeon_e5:4603_v2
  • Intel Xeon E5 4607
    cpe:2.3:h:intel:xeon_e5:4607
  • Intel Xeon E5 4607 V2
    cpe:2.3:h:intel:xeon_e5:4607_v2
  • Intel Xeon E5 4610
    cpe:2.3:h:intel:xeon_e5:4610
  • Intel Xeon E5 4610 V2
    cpe:2.3:h:intel:xeon_e5:4610_v2
  • Intel Xeon E5 4610 V3
    cpe:2.3:h:intel:xeon_e5:4610_v3
  • Intel Xeon E5 4610 V4
    cpe:2.3:h:intel:xeon_e5:4610_v4
  • Intel Xeon E5 4617
    cpe:2.3:h:intel:xeon_e5:4617
  • Intel Xeon E5 4620
    cpe:2.3:h:intel:xeon_e5:4620
  • Intel Xeon E5 4620 V2
    cpe:2.3:h:intel:xeon_e5:4620_v2
  • Intel Xeon E5 4620 V3
    cpe:2.3:h:intel:xeon_e5:4620_v3
  • Intel Xeon E5 4620 V4
    cpe:2.3:h:intel:xeon_e5:4620_v4
  • Intel Xeon E5 4624L V2
    cpe:2.3:h:intel:xeon_e5:4624l_v2
  • Intel Xeon E5 4627 V2
    cpe:2.3:h:intel:xeon_e5:4627_v2
  • Intel Xeon E5 4627 V3
    cpe:2.3:h:intel:xeon_e5:4627_v3
  • Intel Xeon E5 4627 V4
    cpe:2.3:h:intel:xeon_e5:4627_v4
  • Intel Xeon E5 4628L V4
    cpe:2.3:h:intel:xeon_e5:4628l_v4
  • Intel Xeon E5 4640
    cpe:2.3:h:intel:xeon_e5:4640
  • Intel Xeon E5 4640 V2
    cpe:2.3:h:intel:xeon_e5:4640_v2
  • Intel Xeon E5 4640 V3
    cpe:2.3:h:intel:xeon_e5:4640_v3
  • Intel Xeon E5 4640 V4
    cpe:2.3:h:intel:xeon_e5:4640_v4
  • Intel Xeon E5 4648 V3
    cpe:2.3:h:intel:xeon_e5:4648_v3
  • Intel Xeon E5 4650
    cpe:2.3:h:intel:xeon_e5:4650
  • Intel Xeon E5 4650 V2
    cpe:2.3:h:intel:xeon_e5:4650_v2
  • Intel Xeon E5 4650 V3
    cpe:2.3:h:intel:xeon_e5:4650_v3
  • Intel Xeon E5 4650 V4
    cpe:2.3:h:intel:xeon_e5:4650_v4
  • Intel Xeon E5 4650L
    cpe:2.3:h:intel:xeon_e5:4650l
  • Intel Xeon E5 4655 V3
    cpe:2.3:h:intel:xeon_e5:4655_v3
  • Intel Xeon E5 4655 V4
    cpe:2.3:h:intel:xeon_e5:4655_v4
  • Intel Xeon E5 4657L V2
    cpe:2.3:h:intel:xeon_e5:4657l_v2
  • Intel Xeon E5 4660 V3
    cpe:2.3:h:intel:xeon_e5:4660_v3
  • Intel Xeon E5 4660 V4
    cpe:2.3:h:intel:xeon_e5:4660_v4
  • Intel Xeon E5 4667 V3
    cpe:2.3:h:intel:xeon_e5:4667_v3
  • Intel Xeon E5 4667 V4
    cpe:2.3:h:intel:xeon_e5:4667_v4
  • Intel Xeon E5 4669 V3
    cpe:2.3:h:intel:xeon_e5:4669_v3
  • Intel Xeon E5 4669 V4
    cpe:2.3:h:intel:xeon_e5:4669_v4
  • Intel Xeon E7 2803
    cpe:2.3:h:intel:xeon_e7:2803
  • Intel Xeon E7 2820
    cpe:2.3:h:intel:xeon_e7:2820
  • Intel Xeon E7 2830
    cpe:2.3:h:intel:xeon_e7:2830
  • Intel Xeon E7 2850
    cpe:2.3:h:intel:xeon_e7:2850
  • Intel Xeon E7 2850 V2
    cpe:2.3:h:intel:xeon_e7:2850_v2
  • Intel Xeon E7 2860
    cpe:2.3:h:intel:xeon_e7:2860
  • Intel Xeon E7 2870
    cpe:2.3:h:intel:xeon_e7:2870
  • Intel Xeon E7 2870 V2
    cpe:2.3:h:intel:xeon_e7:2870_v2
  • Intel Xeon E7 2880 V2
    cpe:2.3:h:intel:xeon_e7:2880_v2
  • Intel Xeon E7 2890 V2
    cpe:2.3:h:intel:xeon_e7:2890_v2
  • Intel Xeon E7 4807
    cpe:2.3:h:intel:xeon_e7:4807
  • Intel Xeon E7 4809 V2
    cpe:2.3:h:intel:xeon_e7:4809_v2
  • Intel Xeon E7 4809 V3
    cpe:2.3:h:intel:xeon_e7:4809_v3
  • Intel Xeon E7 4809 V4
    cpe:2.3:h:intel:xeon_e7:4809_v4
  • Intel Xeon E7 4820
    cpe:2.3:h:intel:xeon_e7:4820
  • Intel Xeon E7 4820 V2
    cpe:2.3:h:intel:xeon_e7:4820_v2
  • Intel Xeon E7 4820 V3
    cpe:2.3:h:intel:xeon_e7:4820_v3
  • Intel Xeon E7 4820 V4
    cpe:2.3:h:intel:xeon_e7:4820_v4
  • Intel Xeon E7 4830
    cpe:2.3:h:intel:xeon_e7:4830
  • Intel Xeon E7 4830 V2
    cpe:2.3:h:intel:xeon_e7:4830_v2
  • Intel Xeon E7 4830 V3
    cpe:2.3:h:intel:xeon_e7:4830_v3
  • Intel Xeon E7 4830 V4
    cpe:2.3:h:intel:xeon_e7:4830_v4
  • Intel Xeon E7 4850
    cpe:2.3:h:intel:xeon_e7:4850
  • Intel Xeon E7 4850 V2
    cpe:2.3:h:intel:xeon_e7:4850_v2
  • Intel Xeon E7 4850 V3
    cpe:2.3:h:intel:xeon_e7:4850_v3
  • Intel Xeon E7 4850 V4
    cpe:2.3:h:intel:xeon_e7:4850_v4
  • Intel Xeon E7 4860
    cpe:2.3:h:intel:xeon_e7:4860
  • Intel Xeon E7 4860 V2
    cpe:2.3:h:intel:xeon_e7:4860_v2
  • Intel Xeon E7 4870
    cpe:2.3:h:intel:xeon_e7:4870
  • Intel Xeon E7 4870 V2
    cpe:2.3:h:intel:xeon_e7:4870_v2
  • Intel Xeon E7 4880 V2
    cpe:2.3:h:intel:xeon_e7:4880_v2
  • Intel Xeon E7 4890 V2
    cpe:2.3:h:intel:xeon_e7:4890_v2
  • Intel Xeon E7 8830
    cpe:2.3:h:intel:xeon_e7:8830
  • Intel Xeon E7 8837
    cpe:2.3:h:intel:xeon_e7:8837
  • Intel Xeon E7 8850
    cpe:2.3:h:intel:xeon_e7:8850
  • Intel Xeon E7 8850 V2
    cpe:2.3:h:intel:xeon_e7:8850_v2
  • Intel Xeon E7 8857 V2
    cpe:2.3:h:intel:xeon_e7:8857_v2
  • Intel Xeon E7 8860
    cpe:2.3:h:intel:xeon_e7:8860
  • Intel Xeon E7 8860 V3
    cpe:2.3:h:intel:xeon_e7:8860_v3
  • Intel Xeon E7 8860 V4
    cpe:2.3:h:intel:xeon_e7:8860_v4
  • Intel Xeon E7 8867 V3
    cpe:2.3:h:intel:xeon_e7:8867_v3
  • Intel Xeon E7 8867 V4
    cpe:2.3:h:intel:xeon_e7:8867_v4
  • Intel Xeon E7 8867L
    cpe:2.3:h:intel:xeon_e7:8867l
  • Intel Xeon E7 8870
    cpe:2.3:h:intel:xeon_e7:8870
  • Intel Xeon E7 8870 V2
    cpe:2.3:h:intel:xeon_e7:8870_v2
  • Intel Xeon E7 8870 V3
    cpe:2.3:h:intel:xeon_e7:8870_v3
  • Intel Xeon E7 8870 V4
    cpe:2.3:h:intel:xeon_e7:8870_v4
  • Intel Xeon E7 8880 V2
    cpe:2.3:h:intel:xeon_e7:8880_v2
  • Intel Xeon E7 8880 V3
    cpe:2.3:h:intel:xeon_e7:8880_v3
  • Intel Xeon E7 8880 V4
    cpe:2.3:h:intel:xeon_e7:8880_v4
  • Intel Xeon E7 8880L V2
    cpe:2.3:h:intel:xeon_e7:8880l_v2
  • Intel Xeon E7 8880L V3
    cpe:2.3:h:intel:xeon_e7:8880l_v3
  • Intel Xeon E7 8890 V2
    cpe:2.3:h:intel:xeon_e7:8890_v2
  • Intel Xeon E7 8890 V3
    cpe:2.3:h:intel:xeon_e7:8890_v3
  • Intel Xeon E7 8890 V4
    cpe:2.3:h:intel:xeon_e7:8890_v4
  • Intel Xeon E7 8891 V2
    cpe:2.3:h:intel:xeon_e7:8891_v2
  • Intel Xeon E7 8891 V3
    cpe:2.3:h:intel:xeon_e7:8891_v3
  • Intel Xeon E7 8891 V4
    cpe:2.3:h:intel:xeon_e7:8891_v4
  • Intel Xeon E7 8893 V2
    cpe:2.3:h:intel:xeon_e7:8893_v2
  • Intel Xeon E7 8893 V3
    cpe:2.3:h:intel:xeon_e7:8893_v3
  • Intel Xeon E7 8893 V4
    cpe:2.3:h:intel:xeon_e7:8893_v4
  • Intel Xeon E7 8894 V4
    cpe:2.3:h:intel:xeon_e7:8894_v4
  • Intel Xeon Gold 5115
    cpe:2.3:h:intel:xeon_gold:5115
  • Intel Xeon Gold 5118
    cpe:2.3:h:intel:xeon_gold:5118
  • Intel Xeon Gold 5119T
    cpe:2.3:h:intel:xeon_gold:5119t
  • Intel Xeon Gold 5120
    cpe:2.3:h:intel:xeon_gold:5120
  • Intel Xeon Gold 5120T
    cpe:2.3:h:intel:xeon_gold:5120t
  • Intel Xeon Gold 5122
    cpe:2.3:h:intel:xeon_gold:5122
  • Intel Xeon Gold 6126
    cpe:2.3:h:intel:xeon_gold:6126
  • Intel Xeon Gold 6126F
    cpe:2.3:h:intel:xeon_gold:6126f
  • Intel Xeon Gold 6126T
    cpe:2.3:h:intel:xeon_gold:6126t
  • Intel Xeon Gold 6128
    cpe:2.3:h:intel:xeon_gold:6128
  • Intel Xeon Gold 6130
    cpe:2.3:h:intel:xeon_gold:6130
  • Intel Xeon Gold 6130F
    cpe:2.3:h:intel:xeon_gold:6130f
  • Intel Xeon Gold 6130T
    cpe:2.3:h:intel:xeon_gold:6130t
  • Intel Xeon Gold 6132
    cpe:2.3:h:intel:xeon_gold:6132
  • Intel Xeon Gold 6134
    cpe:2.3:h:intel:xeon_gold:6134
  • Intel Xeon Gold 6134M
    cpe:2.3:h:intel:xeon_gold:6134m
  • Intel Xeon Gold 6136
    cpe:2.3:h:intel:xeon_gold:6136
  • Intel Xeon Gold 6138
    cpe:2.3:h:intel:xeon_gold:6138
  • Intel Xeon Gold 6138F
    cpe:2.3:h:intel:xeon_gold:6138f
  • Intel Xeon Gold 6138T
    cpe:2.3:h:intel:xeon_gold:6138t
  • Intel Xeon Gold 6140
    cpe:2.3:h:intel:xeon_gold:6140
  • Intel Xeon Gold 6140M
    cpe:2.3:h:intel:xeon_gold:6140m
  • Intel Xeon Gold 6142
    cpe:2.3:h:intel:xeon_gold:6142
  • Intel Xeon Gold 6142F
    cpe:2.3:h:intel:xeon_gold:6142f
  • Intel Xeon Gold 6142M
    cpe:2.3:h:intel:xeon_gold:6142m
  • Intel Xeon Gold 6144
    cpe:2.3:h:intel:xeon_gold:6144
  • Intel Xeon Gold 6146
    cpe:2.3:h:intel:xeon_gold:6146
  • Intel Xeon Gold 6148
    cpe:2.3:h:intel:xeon_gold:6148
  • Intel Xeon Gold 6148F
    cpe:2.3:h:intel:xeon_gold:6148f
  • Intel Xeon Gold 6150
    cpe:2.3:h:intel:xeon_gold:6150
  • Intel Xeon Gold 6152
    cpe:2.3:h:intel:xeon_gold:6152
  • Intel Xeon Gold 6154
    cpe:2.3:h:intel:xeon_gold:6154
  • Intel Xeon Phi 7210
    cpe:2.3:h:intel:xeon_phi:7210
  • Intel Xeon Phi 7210F
    cpe:2.3:h:intel:xeon_phi:7210f
  • Intel Xeon Phi 7230
    cpe:2.3:h:intel:xeon_phi:7230
  • Intel Xeon Phi 7230F
    cpe:2.3:h:intel:xeon_phi:7230f
  • Intel Xeon Phi 7235
    cpe:2.3:h:intel:xeon_phi:7235
  • Intel Xeon Phi 7250
    cpe:2.3:h:intel:xeon_phi:7250
  • Intel Xeon Phi 7250F
    cpe:2.3:h:intel:xeon_phi:7250f
  • Intel Xeon Phi 7285
    cpe:2.3:h:intel:xeon_phi:7285
  • Intel Xeon Phi 7290
    cpe:2.3:h:intel:xeon_phi:7290
  • Intel Xeon Phi 7290F
    cpe:2.3:h:intel:xeon_phi:7290f
  • Intel Xeon Phi 7295
    cpe:2.3:h:intel:xeon_phi:7295
  • Intel Xeon Platinum 8153
    cpe:2.3:h:intel:xeon_platinum:8153
  • Intel Xeon Platinum 8156
    cpe:2.3:h:intel:xeon_platinum:8156
  • Intel Xeon Platinum 8158
    cpe:2.3:h:intel:xeon_platinum:8158
  • Intel Xeon Platinum 8160
    cpe:2.3:h:intel:xeon_platinum:8160
  • Intel Xeon Platinum 8160F
    cpe:2.3:h:intel:xeon_platinum:8160f
  • Intel Xeon Platinum 8160M
    cpe:2.3:h:intel:xeon_platinum:8160m
  • Intel Xeon Platinum 8160T
    cpe:2.3:h:intel:xeon_platinum:8160t
  • Intel Xeon Platinum 8164
    cpe:2.3:h:intel:xeon_platinum:8164
  • Intel Xeon Platinum 8168
    cpe:2.3:h:intel:xeon_platinum:8168
  • Intel Xeon Platinum 8170
    cpe:2.3:h:intel:xeon_platinum:8170
  • Intel Xeon Platinum 8170M
    cpe:2.3:h:intel:xeon_platinum:8170m
  • Intel Xeon Platinum 8176
    cpe:2.3:h:intel:xeon_platinum:8176
  • Intel Xeon Platinum 8176F
    cpe:2.3:h:intel:xeon_platinum:8176f
  • Intel Xeon Platinum 8176M
    cpe:2.3:h:intel:xeon_platinum:8176m
  • Intel Xeon Platinum 8180
    cpe:2.3:h:intel:xeon_platinum:8180
  • Intel Xeon Silver 4108
    cpe:2.3:h:intel:xeon_silver:4108
  • Intel Xeon Silver 4109T
    cpe:2.3:h:intel:xeon_silver:4109t
  • Intel Xeon Silver 4110
    cpe:2.3:h:intel:xeon_silver:4110
  • Intel Xeon Silver 4112
    cpe:2.3:h:intel:xeon_silver:4112
  • Intel Xeon Silver 4114
    cpe:2.3:h:intel:xeon_silver:4114
  • Intel Xeon Silver 4114T
    cpe:2.3:h:intel:xeon_silver:4114t
  • Intel Xeon Silver 4116
    cpe:2.3:h:intel:xeon_silver:4116
  • Intel Xeon Silver 4116T
    cpe:2.3:h:intel:xeon_silver:4116t
  • ARM Cortex-A9
    cpe:2.3:h:arm:cortex-a:9
  • ARM Cortex-A15
    cpe:2.3:h:arm:cortex-a:15
  • ARM Cortex-A17
    cpe:2.3:h:arm:cortex-a:17
  • ARM Cortex-A57
    cpe:2.3:h:arm:cortex-a:57
  • ARM Cortex-A72
    cpe:2.3:h:arm:cortex-a:72
  • ARM Cortex-A73
    cpe:2.3:h:arm:cortex-a:73
  • ARM Cortex-A75
    cpe:2.3:h:arm:cortex-a:75
CVSS
Base: 4.7
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
exploit-db via4
description Multiple CPUs - 'Spectre' Information Disclosure. CVE-2017-5715,CVE-2017-5753. Local exploit for Multiple platform
file exploits/multiple/local/43427.c
id EDB-ID:43427
last seen 2018-01-24
modified 2018-01-03
platform multiple
port
published 2018-01-03
reporter Exploit-DB
source https://www.exploit-db.com/download/43427/
title Multiple CPUs - 'Spectre' Information Disclosure
type local
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1386-1.NASL
    description This update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. - CVE-2017-5715: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types. We remove that initial patch and now rely on patches from upstream (bsc#1068032). This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. - A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110090
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110090
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:1386-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0909-1.NASL
    description This update for xen fixes the following issues: Update to Xen 4.7.5 bug fix only release (bsc#1027519) Security issues fixed : - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) (bsc#1080635) - CVE-2018-7541: A grant table v2 -> v1 transition may crash Xen (XSA-255) (bsc#1080662) - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. (bsc#1074562) - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251) - Xen HVM: Fixed unchecked MSR access error (bsc#1072834) - Add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N (fate#324965) - Make sure tools and tools-domU require libs from the very same build Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109001
    published 2018-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109001
    title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0909-1) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-938.NASL
    description This update for kbuild, virtualbox fixes the following issues : kbuild changes : - Update to version 0.1.9998svn3110 - Do not assume glibc glob internals - Support GLIBC glob interface version 2 - Fix build failure (boo#1079838) - Fix build with GCC7 (boo#1039375) - Fix build by disabling vboxvideo_drv.so virtualbox security fixes (boo#1101667, boo#1076372) : - CVE-2018-3005 - CVE-2018-3055 - CVE-2018-3085 - CVE-2018-3086 - CVE-2018-3087 - CVE-2018-3088 - CVE-2018-3089 - CVE-2018-3090 - CVE-2018-3091 - CVE-2018-2694 - CVE-2018-2698 - CVE-2018-2685 - CVE-2018-2686 - CVE-2018-2687 - CVE-2018-2688 - CVE-2018-2689 - CVE-2018-2690 - CVE-2018-2676 - CVE-2018-2693 - CVE-2017-5715 virtualbox other changes : - Version bump to 5.2.16 - Use %{?linux_make_arch} when building kernel modules (boo#1098050) - Fixed vboxguestconfig.sh script - Update warning regarding the security hole in USB passthrough. (boo#1097248) - Fixed include for build with Qt 5.11 (boo#1093731) - You can find a detailed list of changes [here](https://www.virtualbox.org/wiki/Changelog#v16)
    last seen 2019-02-21
    modified 2018-08-27
    plugin id 112143
    published 2018-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112143
    title openSUSE Security Update : kbuild / virtualbox (openSUSE-2018-938) (Spectre)
  • NASL family Misc.
    NASL id VIRTUALBOX_5_2_6.NASL
    description The version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.32 or 5.2.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-08
    plugin id 106104
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106104
    title Oracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4022.NASL
    description Description of changes: kernel-uek [3.8.13-118.20.2.el7uek] - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] {CVE-2017-5753} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/spec: Don't print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] {CVE-2017-5715} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] {CVE-2017-5715} - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5754} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5754} - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] {CVE-2017-5715} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] {CVE-2017-5754} {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] {CVE-2017-5754} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] {CVE-2017-5754} - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] {CVE-2017-5754} - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] {CVE-2017-5754} - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix flush_tlb_page() on Xen (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} {CVE-2015-5157}
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 106468
    published 2018-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106468
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4022) (Meltdown) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_JAN_4056893.NASL
    description The remote Windows host is missing security update 4056893 or 4075199. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0744) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0758, CVE-2018-0769, CVE-2018-0770, CVE-2018-0776, CVE-2018-0777) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0746, CVE-2018-0747) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0780) - An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. (CVE-2018-0803) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0762, CVE-2018-0772) - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0766) - An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752) - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749) - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 105551
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105551
    title KB4056893: Windows 10 LTSB January 2018 Security Update (Meltdown)(Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1363-1.NASL
    description This update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. - CVE-2017-5715: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types. We remove that initial patch and now rely on patches from upstream (bsc#1068032). This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. - A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110030
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110030
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:1363-1) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180125_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. * Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important) * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 106340
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106340
    title Scientific Linux Security Update : kernel on SL7.x x86_64 (Meltdown) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0151.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided. * Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important) * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important) Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. This update also fixes the following security issues and bugs : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/ 3327131.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 106353
    published 2018-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106353
    title CentOS 7 : kernel (CESA-2018:0151) (Meltdown) (Spectre)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FUSION_VMSA_2018_0004.NASL
    description The version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.10 or 10.x prior to 10.1.1. It is, therefore, missing security updates that add hypervisor-assisted guest remediation for a speculative execution vulnerability (CVE-2017-5715). These updates will allow guest operating systems to use hardware support for branch target mitigation and will require guest OS security updates as detailed in VMware Knowledge Base article 52085. It is also affected by use-after-free and integer-overflow vulnerabilities. Note that hypervisor-specific remediation's for this vulnerability were released as part of VMSA-2018-0002.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105781
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105781
    title VMware Fusion 8.x < 8.5.10 / 10.x < 10.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre) (macOS)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0021.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - gnttab: don't blindly free status pages upon version change (Andrew Cooper)  [Orabug: 27571750]  (CVE-2018-7541) - memory: don't implicitly unpin for decrease-reservation (Andrew Cooper)  [Orabug: 27571737]  (CVE-2018-7540) - BUILDINFO: xen commit=873b8236e886daa3c26dae28d0c1c53d88447dc0 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xend: if secure boot is enabled don't write pci config space (Elena Ufimtseva)  [Orabug: 27533309] - BUILDINFO: xen commit=81602116e75b6bbc519366b242c71888aa1b1673 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - xen/cmdline: Fix parse_boolean for unadorned values (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Optimize the context switch code a bit (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Update init_speculation_mitigations to upstream's (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Update RSB related implementation to upstream ones (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - BUILDINFO: xen commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) (Konrad Rzeszutek Wilk)  [Orabug: 27445678] - BUILDINFO: xen commit=9657d91fcbf49798d2c5135866e1947113d536dc - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/Spectre: Set thunk to THUNK_NONE if compiler support is not available (Boris Ostrovsky)  [Orabug: 27375688] - BUILDINFO: xen commit=4e5826dfcb56d3a868a9934646989f8483f03b3c - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xen: No dependencies on dracut and microcode_ctl RPMs (Boris Ostrovsky)  [Orabug: 27409718]
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 107130
    published 2018-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107130
    title OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201804-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201804-08 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-25
    plugin id 108929
    published 2018-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108929
    title GLSA-201804-08 : QEMU: Multiple vulnerabilities (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1077-1.NASL
    description This update for kvm fixes the following issues : - This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. - A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre- update/ (CVE-2017-5715 bsc#1068032) - A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) These two patches will be removed when we can reasonably assume everyone is running with the appropriate updates. - Security fixes for the following CVE issues: (bsc#1076114 CVE-2018-5683) (bsc#1083291 CVE-2018-7550) - This patch is already included, add here for CVE track (bsc#1076179 CVE-2017-18030) - Toolchain changes have cause the built size of pxe-virtio.rom to exceed 64K. Tweak rarely used strings in code to reduce size of the binary so it fits again. - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109358
    published 2018-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109358
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:1077-1) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0024.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 105565
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105565
    title RHEL 6 : qemu-kvm (RHSA-2018:0024) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0012.NASL
    description An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105556
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105556
    title CentOS 7 : microcode_ctl (CESA-2018:0012) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2631-2.NASL
    description This update for libvirt fixes the following issues : This new feature was added : bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118286
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118286
    title SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2631-2) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0067-1.NASL
    description This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode version 20180108 (bsc#1075262) The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). New firmware updates since last version (20170707) are avail for these Intel processors : - IVT C0 (06-3e-04:ed) 428->42a - SKL-U/Y D0 (06-4e-03:c0) ba->c2 - BDW-U/Y E/F (06-3d-04:c0) 25->28 - HSW-ULT Cx/Dx (06-45-01:72) 20->21 - Crystalwell Cx (06-46-01:32) 17->18 - BDW-H E/G (06-47-01:22) 17->1b - HSX-EX E0 (06-3f-04:80) 0f->10 - SKL-H/S R0 (06-5e-03:36) ba->c2 - HSW Cx/Dx (06-3c-03:32) 22->23 - HSX C0 (06-3f-02:6f) 3a->3b - BDX-DE V0/V1 (06-56-02:10) 0f->14 - BDX-DE V2 (06-56-03:10) 700000d->7000011 - KBL-U/Y H0 (06-8e-09:c0) 62->80 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80 - KBL-H/S B0 (06-9e-09:2a) 5e->80 - CFL U0 (06-9e-0a:22) 70->80 - CFL B0 (06-9e-0b:02) 72->80 - SKX H0 (06-55-04:b7) 2000035->200003c - GLK B0 (06-7a-01:01) 1e->22 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105763
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105763
    title SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2018:0067-1) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0053.NASL
    description An update for linux-firmware is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 105645
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105645
    title RHEL 7 : linux-firmware (RHSA-2018:0053) (Spectre)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-942.NASL
    description An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)
    last seen 2019-02-21
    modified 2018-04-25
    plugin id 109120
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109120
    title Amazon Linux 2 : qemu-kvm (ALAS-2018-942) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_FEB_4074592.NASL
    description The remote Windows host is missing security update 4074592. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0866) - A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2018-0827) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0763, CVE-2018-0839) - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. (CVE-2018-0847) - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0825) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861) - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822) - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821) - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0809) - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820, CVE-2018-0831) - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-0771) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0840) - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826)
    last seen 2019-02-21
    modified 2018-06-25
    plugin id 106798
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106798
    title KB4074592: Windows 10 Version 1703 February 2018 Security Update (Meltdown)(Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_FEB_4074591.NASL
    description The remote Windows host is missing security update 4074591. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0866) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830) - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820) - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. (CVE-2018-0847) - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0825) - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826) - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860) - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821) - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0840) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)
    last seen 2019-02-21
    modified 2018-06-25
    plugin id 106797
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106797
    title KB4074591: Windows 10 Version 1511 February 2018 Security Update (Meltdown)(Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0019-1.NASL
    description This update for kvm fixes the following issues: Also a mitigation for a security flaw has been applied : - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Security fixes have been applied : - CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105581
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105581
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:0019-1) (Spectre)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4120.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated in the Linux kernel for the Intel x86-64 architecture by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution. - CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is addressed in the Linux kernel on the powerpc/ppc64el architectures by flushing the L1 data cache on exit from kernel mode to user mode (or from hypervisor to kernel). This works on Power7, Power8 and Power9 processors. - CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 IOCTL handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination address to be in kernel space. This bug could be exploited by an attacker to overwrite kernel memory from an unprivileged userland process, leading to privilege escalation. - CVE-2018-5750 An information leak has been found in the Linux kernel. The acpi_smbus_hc_add() prints a kernel address in the kernel log at every boot, which could be used by an attacker on the system to defeat kernel ASLR. Additionnaly to those vulnerability, some mitigations for CVE-2017-5753 are included in this release. - CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated in the Linux kernel architecture by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 106955
    published 2018-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106955
    title Debian DSA-4120-1 : linux - security update (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1295-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Spectre fixes for libvirt (bsc#1079869, bsc#1088147, bsc#1087887). - CVE-2018-1064: Avoid denial of service reading from QEMU guest agent (bsc#1083625). - CVE-2018-5748: Avoid denial of service reading from QEMU monitor (bsc#1076500). Bug fixes : - bsc#1025340: Use xend for nodeGetFreeMemory API. - bsc#960742: Allow read access to script directories in libvirtd AppArmor profile. - bsc#936233: Introduce qemuDomainDefCheckABIStability. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109861
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109861
    title SUSE SLES11 Security Update : libvirt (SUSE-SU-2018:1295-1) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4011.NASL
    description Description of changes: [4.1.12-112.14.11.el7uek] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715}
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 106040
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106040
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4011) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0010.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug: 27352353] (CVE-2017-5754) - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] (CVE-2017-5715) - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] (CVE-2017-5715) - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] (CVE-2017-5715)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 106120
    published 2018-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106120
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0010) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0218.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0218 for details.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 109987
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109987
    title OracleVM 3.4 : xen (OVMSA-2018-0218) (Meltdown) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_JAN_4056888.NASL
    description The remote Windows host is missing security update 4056888 or 4075200. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0744) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0758, CVE-2018-0769, CVE-2018-0770, CVE-2018-0776, CVE-2018-0777, CVE-2018-0781) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0746, CVE-2018-0747) - An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. (CVE-2018-0803) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0762, CVE-2018-0772) - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0766) - An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0767, CVE-2018-0780) - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749) - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 105547
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105547
    title KB4056888: Windows 10 Version 1511 January 2018 Security Update (Meltdown)(Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-358.NASL
    description This update for libvirt and virt-manager fixes the following issues : Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt : - bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager : - bsc#1086038: VM guests cannot be properly installed with virt-install - bsc#1067018: KVM Guest creation failed - Property .cmt not found - bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file - bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-04-25
    plugin id 109020
    published 2018-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109020
    title openSUSE Security Update : libvirt (openSUSE-2018-358) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0027.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 105567
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105567
    title RHEL 7 : qemu-kvm (RHSA-2018:0027) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0020-1.NASL
    description This update for qemu fixes the following issues: A mitigation for a security flaw has been applied : - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105582
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105582
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:0020-1) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0093.NASL
    description An update for microcode_ctl is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The microcode_ctl packages provide microcode updates for Intel and AMD processors. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 ('Spectre') CPU branch injection vulnerability mitigation. (Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience.) Further testing has uncovered problems with the microcode provided along with the 'Spectre' mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates. IMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based platforms must obtain and install updated microcode from their hardware vendor immediately. The 'Spectre' mitigation requires both an updated kernel from Red Hat and updated microcode from your hardware vendor.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 106107
    published 2018-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106107
    title CentOS 6 / 7 : microcode_ctl (CESA-2018:0093) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0014.NASL
    description An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105591
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105591
    title CentOS 7 : linux-firmware (CESA-2018:0014) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0037.NASL
    description An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 105607
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105607
    title RHEL 6 : microcode_ctl (RHSA-2018:0037) (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3594-1.NASL
    description USN-3542-1 mitigated CVE-2017-5715 (Spectre Variant 2) for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details : Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 107293
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107293
    title Ubuntu 14.04 LTS : linux vulnerability (USN-3594-1) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0023.NASL
    description An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 105564
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105564
    title RHEL 7 : qemu-kvm (RHSA-2018:0023) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180104_LIBVIRT_ON_SL6_X.NASL
    description Security Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 105570
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105570
    title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-75.NASL
    description This update for virtualbox to version 5.1.32 fixes the following issues : The following vulnerabilities were fixed (boo#1076372) : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, also known as 'Spectre', bsc#1068032. - CVE-2018-2676: Local authenticated attacker may gain elevated privileges - CVE-2018-2685: Local authenticated attacker may gain elevated privileges - CVE-2018-2686: Local authenticated attacker may gain elevated privileges - CVE-2018-2687: Local authenticated attacker may gain elevated privileges - CVE-2018-2688: Local authenticated attacker may gain elevated privileges - CVE-2018-2689: Local authenticated attacker may gain elevated privileges - CVE-2018-2690: Local authenticated attacker may gain elevated privileges - CVE-2018-2693: Local authenticated attacker may gain elevated privileges via guest additions - CVE-2018-2694: Local authenticated attacker may gain elevated privileges - CVE-2018-2698: Local authenticated attacker may gain elevated privileges The following bug fixes are included : - fix occasional screen corruption when host screen resolution is changed - increase proposed disk size when creating new VMs for Windows 7 and newer - fix broken communication with certain devices on Linux hosts - Fix problems using 256MB VRAM in raw-mode VMs - add HDA support for more exotic guests (e.g. Haiku) - fix playback with ALSA backend (5.1.28 regression) - fix a problem where OHCI emulation might sporadically drop data transfers
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 106289
    published 2018-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106289
    title openSUSE Security Update : virtualbox (openSUSE-2018-75) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0016.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] (CVE-2017-5753) - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] (CVE-2017-5715) - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] (CVE-2017-5715) - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) (CVE-2017-5715) - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) (CVE-2017-5715) - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/spec: Don't print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] (CVE-2017-5715) - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5715) - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] (CVE-2017-5715) - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5715) (CVE-2017-5753) - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] (CVE-2017-5715) (CVE-2017-5753) - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] (CVE-2017-5715) - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] (CVE-2017-5715) (CVE-2017-5754) - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] (CVE-2017-5715) - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5715) - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5754) - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] (CVE-2017-5715) - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] (CVE-2017-5715) - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] (CVE-2017-5715) - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] (CVE-2017-5754) - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] (CVE-2017-5754) (CVE-2017-5754) - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] (CVE-2017-5754) - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] (CVE-2017-5754) - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] (CVE-2017-5754) - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] (CVE-2017-5754) - kaiser: kaiser_flush_tlb_on_return_to_user check PCID (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] (CVE-2017-5754) - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - kaiser: alloc_ldt_struct use get_zeroed_page (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] (CVE-2017-5754) - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] (CVE-2017-5754) - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] (CVE-2017-5754) - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] (CVE-2017-5754) - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] (CVE-2017-5754) - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Fix flush_tlb_page on Xen (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] (CVE-2017-5754) - sched/core: Idle_task_exit shouldn't use switch_mm_irqs_off (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm, sched/core: Turn off IRQs in switch_mm (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm, sched/core: Uninline switch_mm (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - sched/core: Add switch_mm_irqs_off and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/paravirt: Don't patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] (CVE-2017-5754) - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) (CVE-2015-5157)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 106524
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106524
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0016) (Meltdown) (Spectre)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FUSION_VMSA_2017_0021.NASL
    description The version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.9. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine to another virtual machine on the same host.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105485
    published 2017-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105485
    title VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (macOS)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0039-1.NASL
    description This update for kvm fixes the following issues: A security flaw mitigation has been applied : - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Also a security fix has been applied : - CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105684
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105684
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:0039-1) (Spectre)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-9F02E5ED7B.NASL
    description Add new CPU features for CVE-2017-5715 and CVE-2018-3639 On Intel x86 hosts, the 'ssbd' feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcode_ctl RPMs. On AMD x86 hosts, the 'virt-ssbd' feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. There is no microcode dependency for AMD as this is a virtualized CPUID feature. In both cases, kernel >= 4.16.10-301 is required on the host and guest in order to activate the fix. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 110951
    published 2018-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110951
    title Fedora 27 : 2:qemu (2018-9f02e5ed7b) (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3531-2.NASL
    description USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the corresponding Linux kernel updates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106264
    published 2018-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106264
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : intel-microcode regression (USN-3531-2) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0705-1.NASL
    description This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108449
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108449
    title SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2018:0705-1) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1016.NASL
    description According to the version of the libvirt package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.(CVE-2017-5715) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 106157
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106157
    title EulerOS 2.0 SP1 : libvirt (EulerOS-SA-2018-1016)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-0023.NASL
    description From Red Hat Security Advisory 2018:0023 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 105667
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105667
    title Oracle Linux 7 : qemu-kvm (ELSA-2018-0023) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1308-1.NASL
    description This update for kvm fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ (CVE-2017-5715 bsc#1068032) A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Additional security fixes : - CVE-2018-5683: An out-of-bounds read in vga_draw_text routine was fixed which could lead to crashes or information leakage. (bsc#1076114) - CVE-2018-7550: multiboot OOB access while loading kernel image was fixed that could lead to crashes (bsc#1083291) - CVE-2017-18030: An out-of-bounds access in cirrus_invalidate_region routine could lead to crashes or information leakage (bsc#1076179) - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109886
    published 2018-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109886
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:1308-1) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180104_LIBVIRT_ON_SL7_X.NASL
    description Security Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 105611
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105611
    title Scientific Linux Security Update : libvirt on SL7.x x86_64 (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3531-1.NASL
    description It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the corresponding Linux kernel updates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105767
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105767
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : intel-microcode update (USN-3531-1) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0110.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 106253
    published 2018-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106253
    title RHEL 6 : libvirt (RHSA-2018:0110) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-266.NASL
    description This update for ucode-intel fixes the following issues : The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043
    last seen 2019-02-21
    modified 2018-03-22
    plugin id 108437
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108437
    title openSUSE Security Update : ucode-intel (openSUSE-2018-266) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1014.NASL
    description According to the version of the qemu-kvm package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.(CVE-2017-5715) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 106155
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106155
    title EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2018-1014)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_MAR_4088877.NASL
    description The remote Windows host is missing security update 4088880 or cumulative update 4088877. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE). An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0878) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0929) - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-0883) - An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0881) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0889, CVE-2018-0935) - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2018-0885) - A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack. As an example of how an attacker would exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process. To be fully protected against this vulnerability users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems and users must follow the instructions documented HERE to be fully protected. (CVE-2018-0886) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904) - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2018-0868) - An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0816, CVE-2018-0817) - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0927) - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-0888) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0891)
    last seen 2019-02-21
    modified 2019-01-30
    plugin id 108292
    published 2018-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108292
    title KB4088880: Windows Server 2012 March 2018 Security Update (Meltdown)(Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-3.NASL
    description The openSUSE Leap 42.2 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. Note that this is only done on affected platforms. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed : - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed : - Add undefine _unique_build_ids (bsc#964063) - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - Always sign validate_negotiate_info reqs (bsc#1071009, fate#324404). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bcache: Fix building error on MIPS (bnc#1012382). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - btrfs: clear space cache inode generation always (bnc#1012382). - carl9170: prevent speculative execution (bnc#1068032). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cw1200: prevent speculative execution (bnc#1068032). - drm/radeon: fix atombios on big endian (bnc#1012382). - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - Fix leak of validate_negotiate_info resp (bsc#1071009, fate#324404). - Fix NULL pointer deref in SMB2_tcon() (bsc#1071009, fate#324404). - Fix validate_negotiate_info uninitialized mem (bsc#1071009, fate#324404). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ipv6: prevent speculative execution (bnc#1068032). - kabi fix for new hash_cred function (bsc#1012917). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: Disable on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net: mpls: prevent speculative execution (bnc#1068032). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfs: revalidate '.' etc correctly on 'open' (bsc#1068951). - nfs: revalidate '.' etc correctly on 'open' (git-fixes). Fix References tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Redo encryption backport to fix pkt signing (bsc#1071009, fate#324404). - Revert 'drm/radeon: dont switch vt on suspend' (bnc#1012382). - Revert 'ipsec: Fix aborted xfrm policy dump crash' (kabi). - Revert 'netlink: add a start callback for starting a netlink dump' (kabi). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - smb2: Fix share type handling (bnc#1074392). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/efi-bgrt: Fix kernel panic when mapping BGRT data (bnc#1012382). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/efi: Build our own page table structures (bnc#1012382). - x86/efi: Hoist page table switching code into efi_call_virt() (bnc#1012382). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (bnc#1012382). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032).
    last seen 2019-02-21
    modified 2018-05-25
    plugin id 105636
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105636
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-3) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-2.NASL
    description The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. Note that this is only done on affected platforms. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed : - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed : - Add undefine _unique_build_ids (bsc#964063) - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bcache: Fix building error on MIPS (bnc#1012382). - bnxt_en: Do not print 'Link speed -1 no longer supported' messages (bsc#1070116). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - btrfs: clear space cache inode generation always (bnc#1012382). - btrfs: embed extent_changeset::range_changed to the structure (dependent patch, bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (bsc#1031395). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependent patch, bsc#1031395). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (bsc#1031395). - btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make CONFIG_BTRFS_FS_RUN_SANITY_TESTS pass compile). - btrfs: ulist: make the finalization function public (dependent patch, bsc#1031395). - btrfs: ulist: rename ulist_fini to ulist_release (dependent patch, bsc#1031395). - carl9170: prevent speculative execution (bnc#1068032). - ceph: drop negative child dentries before try pruning inode's alias (bsc#1073525). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009). - cw1200: prevent speculative execution (bnc#1068032). - drm/radeon: fix atombios on big endian (bnc#1012382). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - Fix unsed variable warning in has_unmovable_pages (bsc#1073868). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp() (FATE#321231 FATE#321473 FATE#322153 FATE#322149). - ip_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ipv6: prevent speculative execution (bnc#1068032). - iw_cxgb4: fix misuse of integer variable (bsc#963897,FATE#320114). - iw_cxgb4: only insert drain cqes if wq is flushed (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - iw_cxgb4: reflect the original WR opcode in drain cqes (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - iw_cxgb4: when flushing, complete all wrs in a chain (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - kabi fix for new hash_cred function (bsc#1012917). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: disabled on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net/mlx5e: DCBNL, Implement tc with ets type and zero bandwidth (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix ETS BW check (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix error flow in CREATE_QP command (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net: mpls: prevent speculative execution (bnc#1068032). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfs: revalidate '.' etc correctly on 'open' (bsc#1068951). - nfs: revalidate '.' etc correctly on 'open' (git-fixes). Fix References: tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - nvme-fabrics: introduce init command check for a queue that is not alive (bsc#1072890). - nvme-fc: check if queue is ready in queue_rq (bsc#1072890). - nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890). - nvme-loop: check if queue is ready in queue_rq (bsc#1072890). - nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890). - nvmet_fc: correct broken add_port (bsc#1072890). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Revert 'drm/radeon: dont switch vt on suspend' (bnc#1012382). - Revert 'ipsec: Fix aborted xfrm policy dump crash' (kabi). - Revert 'netlink: add a start callback for starting a netlink dump' (kabi). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/qeth: add missing hash table initializations (bnc#1072216, LTC#162173). - s390/qeth: fix early exit from error path (bnc#1072216, LTC#162173). - s390/qeth: fix thinko in IPv4 multicast address tracking (bnc#1072216, LTC#162173). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi: lpfc: correct sg_seg_cnt attribute min vs default (bsc#1072166). - scsi: qedi: Limit number for CQ queues (bsc#1072866). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - sfc: pass valid pointers from efx_enqueue_unwind (bsc#1017967 FATE#321663). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - Update config files: enable KAISER. - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032).
    last seen 2019-02-21
    modified 2018-05-25
    plugin id 105597
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105597
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-2) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0040-1.NASL
    description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This feature is disabled on unaffected architectures. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer was fixed. (bnc#1072876). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel didn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702 1069708). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695 1074033). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105685
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105685
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-0151.NASL
    description From Red Hat Security Advisory 2018:0151 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided. * Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important) * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important) Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. This update also fixes the following security issues and bugs : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/ 3327131.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 106364
    published 2018-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106364
    title Oracle Linux 7 : kernel (ELSA-2018-0151) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0005.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0005 for details.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 105717
    published 2018-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105717
    title OracleVM 3.4 : xen (OVMSA-2018-0005) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0708-1.NASL
    description This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108450
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108450
    title SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2018:0708-1) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0512.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important) * hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important) * hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes : * If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue. Consequently, the FC port login failed, leaving the port state as 'Bypassed' instead of 'Online', and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue. As a result, SCSI device now continues working as expected after power cycling the FC switch. (BZ#1519857) * Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior.(BZ# 1527811) * Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance. (BZ#1527802) * Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior. (BZ#1523783) * If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1535938) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-02-04
    plugin id 108341
    published 2018-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108341
    title CentOS 6 : kernel (CESA-2018:0512) (Meltdown) (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3540-2.NASL
    description USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753) USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106269
    published 2018-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106269
    title Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3540-2) (Meltdown) (Spectre)
  • NASL family AIX Local Security Checks
    NASL id AIX_IJ03032.NASL
    description Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
    last seen 2019-02-21
    modified 2019-02-20
    plugin id 106312
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106312
    title AIX 7.1 TL 4 : spectre_meltdown (IJ03032) (Meltdown) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_JAN_4056892.NASL
    description The remote Windows host is missing security update 4056892 or 4073291. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0744) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0767, CVE-2018-0780, CVE-2018-0800) - An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. (CVE-2018-0803) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0762, CVE-2018-0772) - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0766) - An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0781) - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749) - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0745, CVE-2018-0746, CVE-2018-0747) - An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0743)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 105550
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105550
    title KB4056892: Windows 10 Version 1709 and Windows Server Version 1709 January 2018 Security Update (Meltdown)(Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1967.NASL
    description An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC) * This release also includes next iteration of the CVE-2017-5715 mitigation that includes the SMCCC (Secure Monitor Call Calling Convention) 1.1 support. (CVE-2017-5715, ARM) Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715 and Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es) : These updated kernel-alt packages include numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485851
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 110709
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110709
    title RHEL 7 : kernel-alt (RHSA-2018:1967) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4088.NASL
    description Description of changes: [2.6.39-400.298.6.el6uek] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199} [2.6.39-400.298.5.el6uek] - xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579] [2.6.39-400.298.4.el6uek] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533} - cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjø rn Mork) [Orabug: 27215206] {CVE-2017-16649} - Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861} - Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715} - x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715} - x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715} - x86/spectre_v2: Don't spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848] - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773] - x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974] - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044] - x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909] - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715} - x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441] - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441] - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958] - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954] - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923] - x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083] - x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378]
    last seen 2019-02-21
    modified 2018-05-04
    plugin id 109524
    published 2018-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109524
    title Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4088) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2528-1.NASL
    description This update for xen fixes the following issues: These security issue were fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed : - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu's block-backend will be unable to open qcow2 disks on the receiving dom0 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112147
    published 2018-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112147
    title SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201810-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201810-06 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact : A local attacker could cause a Denial of Service condition or disclose sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-10-31
    plugin id 118506
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118506
    title GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)
  • NASL family Windows
    NASL id VMWARE_PLAYER_WIN_VMSA_2018_0004.NASL
    description The version of VMware Player installed on the remote Windows host is 14.x prior to 14.1.1 or 12.x prior to 12.5.9. It is, therefore, missing security updates that add hypervisor-assisted guest remediation for a speculative execution vulnerability (CVE-2017-5715). These updates will allow guest operating systems to use hardware support for branch target mitigation and require guest OS security updates as detailed in VMware Knowledge Base article 52085. It is also affected by use-after-free and integer-overflow vulnerabilities. Note that hypervisor-specific remediation's for this vulnerability were released as part of VMSA-2018-0002.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 105783
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105783
    title VMware Player 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_JAN_4056891.NASL
    description The remote Windows host is missing security update 4056891 or 4057144. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0744) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0758, CVE-2018-0769, CVE-2018-0770, CVE-2018-0776, CVE-2018-0777, CVE-2018-0781) - An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752) - An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. (CVE-2018-0803) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0762, CVE-2018-0772) - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0766) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0767, CVE-2018-0780) - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749) - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0745, CVE-2018-0746, CVE-2018-0747) - An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0743)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 105549
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105549
    title KB4056891: Windows 10 Version 1703 January 2018 Security Update (Meltdown)(Spectre)
  • NASL family Windows
    NASL id VMWARE_PLAYER_WIN_VMSA_2017_0021.NASL
    description The version of VMware Player installed on the remote Windows host is 12.x prior to 12.5.8. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine to another virtual machine on the same host.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 105555
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105555
    title VMware Player 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0008.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 23rd January 2019] The text has been updated to correct the list of architectures addressed by the CVE-2017-5753 mitigation. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update, mitigations for x86 (CVE-2017-5753) and x86-64 (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) architectures are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2019-02-21
    modified 2019-01-30
    plugin id 105589
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105589
    title CentOS 6 : kernel (CESA-2018:0008) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0248.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 111992
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111992
    title OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0047.NASL
    description An update for redhat-virtualization-host is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 105678
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105678
    title RHEL 7 : redhat-virtualization-host (RHSA-2018:0047) (Meltdown) (Spectre)
  • NASL family