ID CVE-2017-5753
Summary Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Vulnerable Configurations
  • Intel Atom C C2308
    cpe:2.3:h:intel:atom_c:c2308
  • Intel Atom C C2316
    cpe:2.3:h:intel:atom_c:c2316
  • Intel Atom C C2338
    cpe:2.3:h:intel:atom_c:c2338
  • Intel Atom C C2350
    cpe:2.3:h:intel:atom_c:c2350
  • Intel Atom C C2358
    cpe:2.3:h:intel:atom_c:c2358
  • Intel Atom C C2508
    cpe:2.3:h:intel:atom_c:c2508
  • Intel Atom C C2516
    cpe:2.3:h:intel:atom_c:c2516
  • Intel Atom C C2518
    cpe:2.3:h:intel:atom_c:c2518
  • Intel Atom C C2530
    cpe:2.3:h:intel:atom_c:c2530
  • Intel Atom C C2538
    cpe:2.3:h:intel:atom_c:c2538
  • Intel Atom C C2550
    cpe:2.3:h:intel:atom_c:c2550
  • Intel Atom C C2558
    cpe:2.3:h:intel:atom_c:c2558
  • Intel Atom C C2718
    cpe:2.3:h:intel:atom_c:c2718
  • Intel Atom C C2730
    cpe:2.3:h:intel:atom_c:c2730
  • Intel Atom C C2738
    cpe:2.3:h:intel:atom_c:c2738
  • Intel Atom C C2750
    cpe:2.3:h:intel:atom_c:c2750
  • Intel Atom C C2758
    cpe:2.3:h:intel:atom_c:c2758
  • Intel Atom C C3308
    cpe:2.3:h:intel:atom_c:c3308
  • Intel Atom C C3338
    cpe:2.3:h:intel:atom_c:c3338
  • Intel Atom C C3508
    cpe:2.3:h:intel:atom_c:c3508
  • Intel Atom C C3538
    cpe:2.3:h:intel:atom_c:c3538
  • Intel Atom C C3558
    cpe:2.3:h:intel:atom_c:c3558
  • Intel Atom C C3708
    cpe:2.3:h:intel:atom_c:c3708
  • Intel Atom C C3750
    cpe:2.3:h:intel:atom_c:c3750
  • Intel Atom C C3758
    cpe:2.3:h:intel:atom_c:c3758
  • Intel Atom C C3808
    cpe:2.3:h:intel:atom_c:c3808
  • Intel Atom C C3830
    cpe:2.3:h:intel:atom_c:c3830
  • Intel Atom C C3850
    cpe:2.3:h:intel:atom_c:c3850
  • Intel Atom C C3858
    cpe:2.3:h:intel:atom_c:c3858
  • Intel Atom C C3950
    cpe:2.3:h:intel:atom_c:c3950
  • Intel Atom C C3955
    cpe:2.3:h:intel:atom_c:c3955
  • Intel Atom C C3958
    cpe:2.3:h:intel:atom_c:c3958
  • Intel Atom E E3805
    cpe:2.3:h:intel:atom_e:e3805
  • Intel Atom E E3815
    cpe:2.3:h:intel:atom_e:e3815
  • Intel Atom E E3825
    cpe:2.3:h:intel:atom_e:e3825
  • Intel Atom E E3826
    cpe:2.3:h:intel:atom_e:e3826
  • Intel Atom E E3827
    cpe:2.3:h:intel:atom_e:e3827
  • Intel Atom E E3845
    cpe:2.3:h:intel:atom_e:e3845
  • Intel Atom X3 C3130
    cpe:2.3:h:intel:atom_x3:c3130
  • Intel Atom X3 C3200RK
    cpe:2.3:h:intel:atom_x3:c3200rk
  • Intel Atom X3 C3205RK
    cpe:2.3:h:intel:atom_x3:c3205rk
  • Intel Atom X3 C3230RK
    cpe:2.3:h:intel:atom_x3:c3230rk
  • Intel Atom X3 C3235RK
    cpe:2.3:h:intel:atom_x3:c3235rk
  • Intel Atom X3 C3265RK
    cpe:2.3:h:intel:atom_x3:c3265rk
  • Intel Atom X3 C3295RK
    cpe:2.3:h:intel:atom_x3:c3295rk
  • Intel Atom X3 C3405
    cpe:2.3:h:intel:atom_x3:c3405
  • Intel Atom X3 C3445
    cpe:2.3:h:intel:atom_x3:c3445
  • Intel Atom Z Z2420
    cpe:2.3:h:intel:atom_z:z2420
  • Intel Atom Z Z2460
    cpe:2.3:h:intel:atom_z:z2460
  • Intel Atom Z Z2480
    cpe:2.3:h:intel:atom_z:z2480
  • Intel Atom Z Z2520
    cpe:2.3:h:intel:atom_z:z2520
  • Intel Atom Z Z2560
    cpe:2.3:h:intel:atom_z:z2560
  • Intel Atom Z Z2580
    cpe:2.3:h:intel:atom_z:z2580
  • Intel Atom Z Z2760
    cpe:2.3:h:intel:atom_z:z2760
  • Intel Atom Z Z3460
    cpe:2.3:h:intel:atom_z:z3460
  • Intel Atom Z Z3480
    cpe:2.3:h:intel:atom_z:z3480
  • Intel Atom Z Z3530
    cpe:2.3:h:intel:atom_z:z3530
  • Intel Atom Z Z3560
    cpe:2.3:h:intel:atom_z:z3560
  • Intel Atom Z Z3570
    cpe:2.3:h:intel:atom_z:z3570
  • Intel Atom Z Z3580
    cpe:2.3:h:intel:atom_z:z3580
  • Intel Atom Z Z3590
    cpe:2.3:h:intel:atom_z:z3590
  • Intel Atom Z Z3735D
    cpe:2.3:h:intel:atom_z:z3735d
  • Intel Atom Z Z3735E
    cpe:2.3:h:intel:atom_z:z3735e
  • Intel Atom Z Z3735F
    cpe:2.3:h:intel:atom_z:z3735f
  • Intel Atom Z Z3735G
    cpe:2.3:h:intel:atom_z:z3735g
  • Intel Atom Z Z3736F
    cpe:2.3:h:intel:atom_z:z3736f
  • Intel Atom Z Z3736G
    cpe:2.3:h:intel:atom_z:z3736g
  • Intel Atom Z Z3740
    cpe:2.3:h:intel:atom_z:z3740
  • Intel Atom Z Z3740D
    cpe:2.3:h:intel:atom_z:z3740d
  • Intel Atom Z Z3745
    cpe:2.3:h:intel:atom_z:z3745
  • Intel Atom Z Z3745D
    cpe:2.3:h:intel:atom_z:z3745d
  • Intel Atom Z Z3770
    cpe:2.3:h:intel:atom_z:z3770
  • Intel Atom Z Z3770D
    cpe:2.3:h:intel:atom_z:z3770d
  • Intel Atom Z Z3775
    cpe:2.3:h:intel:atom_z:z3775
  • Intel Atom Z Z3775D
    cpe:2.3:h:intel:atom_z:z3775d
  • Intel Atom Z Z3785
    cpe:2.3:h:intel:atom_z:z3785
  • Intel Atom Z Z3795
    cpe:2.3:h:intel:atom_z:z3795
  • Intel Celeron J J1750
    cpe:2.3:h:intel:celeron_j:j1750
  • Intel Celeron J J1800
    cpe:2.3:h:intel:celeron_j:j1800
  • Intel Celeron J J1850
    cpe:2.3:h:intel:celeron_j:j1850
  • Intel Celeron J J1900
    cpe:2.3:h:intel:celeron_j:j1900
  • Intel Celeron J J3060
    cpe:2.3:h:intel:celeron_j:j3060
  • Intel Celeron J J3160
    cpe:2.3:h:intel:celeron_j:j3160
  • Intel Celeron J J3355
    cpe:2.3:h:intel:celeron_j:j3355
  • Intel Celeron J J3455
    cpe:2.3:h:intel:celeron_j:j3455
  • Intel Celeron J J4005
    cpe:2.3:h:intel:celeron_j:j4005
  • Intel Celeron J J4105
    cpe:2.3:h:intel:celeron_j:j4105
  • Intel Celeron N N2805
    cpe:2.3:h:intel:celeron_n:n2805
  • Intel Celeron N N2806
    cpe:2.3:h:intel:celeron_n:n2806
  • Intel Celeron N N2807
    cpe:2.3:h:intel:celeron_n:n2807
  • Intel Celeron N N2808
    cpe:2.3:h:intel:celeron_n:n2808
  • Intel Celeron N N2810
    cpe:2.3:h:intel:celeron_n:n2810
  • Intel Celeron N N2815
    cpe:2.3:h:intel:celeron_n:n2815
  • Intel Celeron N N2820
    cpe:2.3:h:intel:celeron_n:n2820
  • Intel Celeron N N2830
    cpe:2.3:h:intel:celeron_n:n2830
  • Intel Celeron N N2840
    cpe:2.3:h:intel:celeron_n:n2840
  • Intel Celeron N N2910
    cpe:2.3:h:intel:celeron_n:n2910
  • Intel Celeron N N2920
    cpe:2.3:h:intel:celeron_n:n2920
  • Intel Celeron N N2930
    cpe:2.3:h:intel:celeron_n:n2930
  • Intel Celeron N N2940
    cpe:2.3:h:intel:celeron_n:n2940
  • Intel Celeron N N3000
    cpe:2.3:h:intel:celeron_n:n3000
  • Intel Celeron N N3010
    cpe:2.3:h:intel:celeron_n:n3010
  • Intel Celeron N N3050
    cpe:2.3:h:intel:celeron_n:n3050
  • Intel Celeron N N3060
    cpe:2.3:h:intel:celeron_n:n3060
  • Intel Celeron N N3150
    cpe:2.3:h:intel:celeron_n:n3150
  • Intel Celeron N N3160
    cpe:2.3:h:intel:celeron_n:n3160
  • Intel Celeron N N3350
    cpe:2.3:h:intel:celeron_n:n3350
  • Intel Celeron N N3450
    cpe:2.3:h:intel:celeron_n:n3450
  • Intel Celeron N N4000
    cpe:2.3:h:intel:celeron_n:n4000
  • Intel Celeron N N4100
    cpe:2.3:h:intel:celeron_n:n4100
  • Intel Core I3 330E
    cpe:2.3:h:intel:core_i3:330e
  • Intel Core I3 330M
    cpe:2.3:h:intel:core_i3:330m
  • Intel Core I3 330UM
    cpe:2.3:h:intel:core_i3:330um
  • Intel Core I3 350M
    cpe:2.3:h:intel:core_i3:350m
  • Intel Core I3 370M
    cpe:2.3:h:intel:core_i3:370m
  • Intel Core I3 380M
    cpe:2.3:h:intel:core_i3:380m
  • Intel Core I3 380UM
    cpe:2.3:h:intel:core_i3:380um
  • Intel Core I3 390M
    cpe:2.3:h:intel:core_i3:390m
  • Intel Core I3 530
    cpe:2.3:h:intel:core_i3:530
  • Intel Core I3 540
    cpe:2.3:h:intel:core_i3:540
  • Intel Core I3 550
    cpe:2.3:h:intel:core_i3:550
  • Intel Core I3 560
    cpe:2.3:h:intel:core_i3:560
  • Intel Core I3 2100
    cpe:2.3:h:intel:core_i3:2100
  • Intel Core I3 2100T
    cpe:2.3:h:intel:core_i3:2100t
  • Intel Core I3 2102
    cpe:2.3:h:intel:core_i3:2102
  • Intel Core I3 2105
    cpe:2.3:h:intel:core_i3:2105
  • Intel Core I3 2115C
    cpe:2.3:h:intel:core_i3:2115c
  • Intel Core I3 2120
    cpe:2.3:h:intel:core_i3:2120
  • Intel Core I3 2120T
    cpe:2.3:h:intel:core_i3:2120t
  • Intel Core I3 2125
    cpe:2.3:h:intel:core_i3:2125
  • Intel Core I3 2130
    cpe:2.3:h:intel:core_i3:2130
  • Intel Core I3 2310E
    cpe:2.3:h:intel:core_i3:2310e
  • Intel Core I3 2310M
    cpe:2.3:h:intel:core_i3:2310m
  • Intel Core I3 2312M
    cpe:2.3:h:intel:core_i3:2312m
  • Intel Core I3 2328M
    cpe:2.3:h:intel:core_i3:2328m
  • Intel Core I3 2330E
    cpe:2.3:h:intel:core_i3:2330e
  • Intel Core I3 2330M
    cpe:2.3:h:intel:core_i3:2330m
  • Intel Core I3 2340UE
    cpe:2.3:h:intel:core_i3:2340ue
  • Intel Core I3 2348M
    cpe:2.3:h:intel:core_i3:2348m
  • Intel Core I3 2350M
    cpe:2.3:h:intel:core_i3:2350m
  • Intel Core I3 2357M
    cpe:2.3:h:intel:core_i3:2357m
  • Intel Core I3 2365M
    cpe:2.3:h:intel:core_i3:2365m
  • Intel Core I3 2367M
    cpe:2.3:h:intel:core_i3:2367m
  • Intel Core I3 2370M
    cpe:2.3:h:intel:core_i3:2370m
  • Intel Core I3 2375M
    cpe:2.3:h:intel:core_i3:2375m
  • Intel Core I3 2377M
    cpe:2.3:h:intel:core_i3:2377m
  • Intel Core I3 3110M
    cpe:2.3:h:intel:core_i3:3110m
  • Intel Core I3 3115C
    cpe:2.3:h:intel:core_i3:3115c
  • Intel Core I3 3120M
    cpe:2.3:h:intel:core_i3:3120m
  • Intel Core I3 3120ME
    cpe:2.3:h:intel:core_i3:3120me
  • Intel Core I3 3130M
    cpe:2.3:h:intel:core_i3:3130m
  • Intel Core I3 3210
    cpe:2.3:h:intel:core_i3:3210
  • Intel Core I3 3217U
    cpe:2.3:h:intel:core_i3:3217u
  • Intel Core I3 3217UE
    cpe:2.3:h:intel:core_i3:3217ue
  • Intel Core I3 3220
    cpe:2.3:h:intel:core_i3:3220
  • Intel Core I3 3220T
    cpe:2.3:h:intel:core_i3:3220t
  • Intel Core I3 3225
    cpe:2.3:h:intel:core_i3:3225
  • Intel Core I3 3227U
    cpe:2.3:h:intel:core_i3:3227u
  • Intel Core I3 3229Y
    cpe:2.3:h:intel:core_i3:3229y
  • Intel Core I3 3240
    cpe:2.3:h:intel:core_i3:3240
  • Intel Core I3 3240T
    cpe:2.3:h:intel:core_i3:3240t
  • Intel Core I3 3245
    cpe:2.3:h:intel:core_i3:3245
  • Intel Core I3 3250
    cpe:2.3:h:intel:core_i3:3250
  • Intel Core I3 3250T
    cpe:2.3:h:intel:core_i3:3250t
  • Intel Core I3 4000M
    cpe:2.3:h:intel:core_i3:4000m
  • Intel Core I3 4005U
    cpe:2.3:h:intel:core_i3:4005u
  • Intel Core I3 4010U
    cpe:2.3:h:intel:core_i3:4010u
  • Intel Core I3 4010Y
    cpe:2.3:h:intel:core_i3:4010y
  • Intel Core I3 4012Y
    cpe:2.3:h:intel:core_i3:4012y
  • Intel Core I3 4020Y
    cpe:2.3:h:intel:core_i3:4020y
  • Intel Core I3 4025U
    cpe:2.3:h:intel:core_i3:4025u
  • Intel Core I3 4030U
    cpe:2.3:h:intel:core_i3:4030u
  • Intel Core I3 4030Y
    cpe:2.3:h:intel:core_i3:4030y
  • Intel Core I3 4100E
    cpe:2.3:h:intel:core_i3:4100e
  • Intel Core I3 4100M
    cpe:2.3:h:intel:core_i3:4100m
  • Intel Core I3 4100U
    cpe:2.3:h:intel:core_i3:4100u
  • Intel Core I3 4102E
    cpe:2.3:h:intel:core_i3:4102e
  • Intel Core I3 4110E
    cpe:2.3:h:intel:core_i3:4110e
  • Intel Core I3 4110M
    cpe:2.3:h:intel:core_i3:4110m
  • Intel Core I3 4112E
    cpe:2.3:h:intel:core_i3:4112e
  • Intel Core I3 4120U
    cpe:2.3:h:intel:core_i3:4120u
  • Intel Core I3 4130
    cpe:2.3:h:intel:core_i3:4130
  • Intel Core I3 4130T
    cpe:2.3:h:intel:core_i3:4130t
  • Intel Core I3 4150
    cpe:2.3:h:intel:core_i3:4150
  • Intel Core I3 4150T
    cpe:2.3:h:intel:core_i3:4150t
  • Intel Core I3 4158U
    cpe:2.3:h:intel:core_i3:4158u
  • Intel Core I3 4160
    cpe:2.3:h:intel:core_i3:4160
  • Intel Core I3 4160T
    cpe:2.3:h:intel:core_i3:4160t
  • Intel Core I3 4170
    cpe:2.3:h:intel:core_i3:4170
  • Intel Core I3 4170T
    cpe:2.3:h:intel:core_i3:4170t
  • Intel Core I3 4330
    cpe:2.3:h:intel:core_i3:4330
  • Intel Core I3 4330T
    cpe:2.3:h:intel:core_i3:4330t
  • Intel Core I3 4330TE
    cpe:2.3:h:intel:core_i3:4330te
  • Intel Core I3 4340
    cpe:2.3:h:intel:core_i3:4340
  • Intel Core I3 4340TE
    cpe:2.3:h:intel:core_i3:4340te
  • Intel Core I3 4350
    cpe:2.3:h:intel:core_i3:4350
  • Intel Core I3 4350T
    cpe:2.3:h:intel:core_i3:4350t
  • Intel Core I3 4360
    cpe:2.3:h:intel:core_i3:4360
  • Intel Core I3 4360T
    cpe:2.3:h:intel:core_i3:4360t
  • Intel Core I3 4370
    cpe:2.3:h:intel:core_i3:4370
  • Intel Core I3 4370T
    cpe:2.3:h:intel:core_i3:4370t
  • Intel Core I3 5005U
    cpe:2.3:h:intel:core_i3:5005u
  • Intel Core I3 5010U
    cpe:2.3:h:intel:core_i3:5010u
  • Intel Core I3 5015U
    cpe:2.3:h:intel:core_i3:5015u
  • Intel Core I3 5020U
    cpe:2.3:h:intel:core_i3:5020u
  • Intel Core I3 5157U
    cpe:2.3:h:intel:core_i3:5157u
  • Intel Core I3 6006U
    cpe:2.3:h:intel:core_i3:6006u
  • Intel Core I3 6098P
    cpe:2.3:h:intel:core_i3:6098p
  • Intel Core I3 6100
    cpe:2.3:h:intel:core_i3:6100
  • Intel Core I3 6100E
    cpe:2.3:h:intel:core_i3:6100e
  • Intel Core I3 6100H
    cpe:2.3:h:intel:core_i3:6100h
  • Intel Core I3 6100T
    cpe:2.3:h:intel:core_i3:6100t
  • Intel Core I3 6100TE
    cpe:2.3:h:intel:core_i3:6100te
  • Intel Core I3 6100U
    cpe:2.3:h:intel:core_i3:6100u
  • Intel Core I3 6102E
    cpe:2.3:h:intel:core_i3:6102e
  • Intel Core I3 6157U
    cpe:2.3:h:intel:core_i3:6157u
  • Intel Core I3 6167U
    cpe:2.3:h:intel:core_i3:6167u
  • Intel Core I3 6300
    cpe:2.3:h:intel:core_i3:6300
  • Intel Core I3 6300T
    cpe:2.3:h:intel:core_i3:6300t
  • Intel Core I3 6320
    cpe:2.3:h:intel:core_i3:6320
  • Intel Core I3 8100
    cpe:2.3:h:intel:core_i3:8100
  • Intel Core I3 8350K
    cpe:2.3:h:intel:core_i3:8350k
  • Intel Core I5 430M
    cpe:2.3:h:intel:core_i5:430m
  • Intel Core I5 430UM
    cpe:2.3:h:intel:core_i5:430um
  • Intel Core I5 450M
    cpe:2.3:h:intel:core_i5:450m
  • Intel Core I5 460M
    cpe:2.3:h:intel:core_i5:460m
  • Intel Core I5 470UM
    cpe:2.3:h:intel:core_i5:470um
  • Intel Core I5 480M
    cpe:2.3:h:intel:core_i5:480m
  • Intel Core I5 520E
    cpe:2.3:h:intel:core_i5:520e
  • Intel Core I5 520M
    cpe:2.3:h:intel:core_i5:520m
  • Intel Core I5 520UM
    cpe:2.3:h:intel:core_i5:520um
  • Intel Core I5 540M
    cpe:2.3:h:intel:core_i5:540m
  • Intel Core I5 540UM
    cpe:2.3:h:intel:core_i5:540um
  • Intel Core I5 560M
    cpe:2.3:h:intel:core_i5:560m
  • Intel Core I5 560UM
    cpe:2.3:h:intel:core_i5:560um
  • Intel Core I5 580M
    cpe:2.3:h:intel:core_i5:580m
  • Intel Core I5 650
    cpe:2.3:h:intel:core_i5:650
  • Intel Core I5 655K
    cpe:2.3:h:intel:core_i5:655k
  • Intel Core I5 660
    cpe:2.3:h:intel:core_i5:660
  • Intel Core I5 661
    cpe:2.3:h:intel:core_i5:661
  • Intel Core I5 670
    cpe:2.3:h:intel:core_i5:670
  • Intel Core I5 680
    cpe:2.3:h:intel:core_i5:680
  • Intel Core I5 750
    cpe:2.3:h:intel:core_i5:750
  • Intel Core I5 750S
    cpe:2.3:h:intel:core_i5:750s
  • Intel Core I5 760
    cpe:2.3:h:intel:core_i5:760
  • Intel Core I5 2300
    cpe:2.3:h:intel:core_i5:2300
  • Intel Core I5 2310
    cpe:2.3:h:intel:core_i5:2310
  • Intel Core I5 2320
    cpe:2.3:h:intel:core_i5:2320
  • Intel Core I5 2380P
    cpe:2.3:h:intel:core_i5:2380p
  • Intel Core I5 2390T
    cpe:2.3:h:intel:core_i5:2390t
  • Intel Core I5 2400
    cpe:2.3:h:intel:core_i5:2400
  • Intel Core I5 2400S
    cpe:2.3:h:intel:core_i5:2400s
  • Intel Core I5 2405S
    cpe:2.3:h:intel:core_i5:2405s
  • Intel Core I5 2410M
    cpe:2.3:h:intel:core_i5:2410m
  • Intel Core I5 2430M
    cpe:2.3:h:intel:core_i5:2430m
  • Intel Core I5 2435M
    cpe:2.3:h:intel:core_i5:2435m
  • Intel Core I5 2450M
    cpe:2.3:h:intel:core_i5:2450m
  • Intel Core I5 2450P
    cpe:2.3:h:intel:core_i5:2450p
  • Intel Core I5 2467M
    cpe:2.3:h:intel:core_i5:2467m
  • Intel Core I5 2500
    cpe:2.3:h:intel:core_i5:2500
  • Intel Core I5 2500K
    cpe:2.3:h:intel:core_i5:2500k
  • Intel Core I5 2500S
    cpe:2.3:h:intel:core_i5:2500s
  • Intel Core I5 2500T
    cpe:2.3:h:intel:core_i5:2500t
  • Intel Core I5 2510E
    cpe:2.3:h:intel:core_i5:2510e
  • Intel Core I5 2515E
    cpe:2.3:h:intel:core_i5:2515e
  • Intel Core I5 2520M
    cpe:2.3:h:intel:core_i5:2520m
  • Intel Core I5 2537M
    cpe:2.3:h:intel:core_i5:2537m
  • Intel Core I5 2540M
    cpe:2.3:h:intel:core_i5:2540m
  • Intel Core I5 2550K
    cpe:2.3:h:intel:core_i5:2550k
  • Intel Core I5 2557M
    cpe:2.3:h:intel:core_i5:2557m
  • Intel Core I5 3210M
    cpe:2.3:h:intel:core_i5:3210m
  • Intel Core I5 3230M
    cpe:2.3:h:intel:core_i5:3230m
  • Intel Core I5 3317U
    cpe:2.3:h:intel:core_i5:3317u
  • Intel Core I5 3320M
    cpe:2.3:h:intel:core_i5:3320m
  • Intel Core I5 3330
    cpe:2.3:h:intel:core_i5:3330
  • Intel Core I5 3330S
    cpe:2.3:h:intel:core_i5:3330s
  • Intel Core I5 3337U
    cpe:2.3:h:intel:core_i5:3337u
  • Intel Core I5 3339Y
    cpe:2.3:h:intel:core_i5:3339y
  • Intel Core I5 3340
    cpe:2.3:h:intel:core_i5:3340
  • Intel Core I5 3340M
    cpe:2.3:h:intel:core_i5:3340m
  • Intel Core I5 3340S
    cpe:2.3:h:intel:core_i5:3340s
  • Intel Core I5 3350P
    cpe:2.3:h:intel:core_i5:3350p
  • Intel Core I5 3360M
    cpe:2.3:h:intel:core_i5:3360m
  • Intel Core I5 3380M
    cpe:2.3:h:intel:core_i5:3380m
  • Intel Core I5 3427U
    cpe:2.3:h:intel:core_i5:3427u
  • Intel Core I5 3437U
    cpe:2.3:h:intel:core_i5:3437u
  • Intel Core I5 3439Y
    cpe:2.3:h:intel:core_i5:3439y
  • Intel Core I5 3450
    cpe:2.3:h:intel:core_i5:3450
  • Intel Core I5 3450S
    cpe:2.3:h:intel:core_i5:3450s
  • Intel Core I5 3470
    cpe:2.3:h:intel:core_i5:3470
  • Intel Core I5 3470S
    cpe:2.3:h:intel:core_i5:3470s
  • Intel Core I5 3470T
    cpe:2.3:h:intel:core_i5:3470t
  • Intel Core I5 3475S
    cpe:2.3:h:intel:core_i5:3475s
  • Intel Core I5 3550
    cpe:2.3:h:intel:core_i5:3550
  • Intel Core I5 3550S
    cpe:2.3:h:intel:core_i5:3550s
  • Intel Core I5 3570
    cpe:2.3:h:intel:core_i5:3570
  • Intel Core I5 3570K
    cpe:2.3:h:intel:core_i5:3570k
  • Intel Core I5 3570S
    cpe:2.3:h:intel:core_i5:3570s
  • Intel Core I5 3570T
    cpe:2.3:h:intel:core_i5:3570t
  • Intel Core I5 3610ME
    cpe:2.3:h:intel:core_i5:3610me
  • Intel Core I5 4200H
    cpe:2.3:h:intel:core_i5:4200h
  • Intel Core I5 4200M
    cpe:2.3:h:intel:core_i5:4200m
  • Intel Core I5 4200U
    cpe:2.3:h:intel:core_i5:4200u
  • Intel Core I5 4200Y
    cpe:2.3:h:intel:core_i5:4200y
  • Intel Core I5 4202Y
    cpe:2.3:h:intel:core_i5:4202y
  • Intel Core I5 4210H
    cpe:2.3:h:intel:core_i5:4210h
  • Intel Core I5 4210M
    cpe:2.3:h:intel:core_i5:4210m
  • Intel Core I5 4210U
    cpe:2.3:h:intel:core_i5:4210u
  • Intel Core I5 4210Y
    cpe:2.3:h:intel:core_i5:4210y
  • Intel Core I5 4220Y
    cpe:2.3:h:intel:core_i5:4220y
  • Intel Core I5 4250U
    cpe:2.3:h:intel:core_i5:4250u
  • Intel Core I5 4258U
    cpe:2.3:h:intel:core_i5:4258u
  • Intel Core I5 4260U
    cpe:2.3:h:intel:core_i5:4260u
  • Intel Core I5 4278U
    cpe:2.3:h:intel:core_i5:4278u
  • Intel Core I5 4288U
    cpe:2.3:h:intel:core_i5:4288u
  • Intel Core I5 4300M
    cpe:2.3:h:intel:core_i5:4300m
  • Intel Core I5 4300U
    cpe:2.3:h:intel:core_i5:4300u
  • Intel Core I5 4300Y
    cpe:2.3:h:intel:core_i5:4300y
  • Intel Core I5 4302Y
    cpe:2.3:h:intel:core_i5:4302y
  • Intel Core I5 4308U
    cpe:2.3:h:intel:core_i5:4308u
  • Intel Core I5 4310M
    cpe:2.3:h:intel:core_i5:4310m
  • Intel Core I5 4310U
    cpe:2.3:h:intel:core_i5:4310u
  • Intel Core I5 4330M
    cpe:2.3:h:intel:core_i5:4330m
  • Intel Core I5 4340M
    cpe:2.3:h:intel:core_i5:4340m
  • Intel Core I5 4350U
    cpe:2.3:h:intel:core_i5:4350u
  • Intel Core I5 4360U
    cpe:2.3:h:intel:core_i5:4360u
  • Intel Core I5 4400E
    cpe:2.3:h:intel:core_i5:4400e
  • Intel Core I5 4402E
    cpe:2.3:h:intel:core_i5:4402e
  • Intel Core I5 4402EC
    cpe:2.3:h:intel:core_i5:4402ec
  • Intel Core I5 4410E
    cpe:2.3:h:intel:core_i5:4410e
  • Intel Core I5 4422E
    cpe:2.3:h:intel:core_i5:4422e
  • Intel Core I5 4430
    cpe:2.3:h:intel:core_i5:4430
  • Intel Core I5 4430S
    cpe:2.3:h:intel:core_i5:4430s
  • Intel Core I5 4440
    cpe:2.3:h:intel:core_i5:4440
  • Intel Core I5 4440S
    cpe:2.3:h:intel:core_i5:4440s
  • Intel Core I5 4460
    cpe:2.3:h:intel:core_i5:4460
  • Intel Core I5 4460S
    cpe:2.3:h:intel:core_i5:4460s
  • Intel Core I5 4460T
    cpe:2.3:h:intel:core_i5:4460t
  • Intel Core I5 4570
    cpe:2.3:h:intel:core_i5:4570
  • Intel Core I5 4570R
    cpe:2.3:h:intel:core_i5:4570r
  • Intel Core I5 4570S
    cpe:2.3:h:intel:core_i5:4570s
  • Intel Core I5 4570T
    cpe:2.3:h:intel:core_i5:4570t
  • Intel Core I5 4570TE
    cpe:2.3:h:intel:core_i5:4570te
  • Intel Core I5 4590
    cpe:2.3:h:intel:core_i5:4590
  • Intel Core I5 4590S
    cpe:2.3:h:intel:core_i5:4590s
  • Intel Core I5 4590T
    cpe:2.3:h:intel:core_i5:4590t
  • Intel Core I5 4670
    cpe:2.3:h:intel:core_i5:4670
  • Intel Core I5 4670K
    cpe:2.3:h:intel:core_i5:4670k
  • Intel Core I5 4670R
    cpe:2.3:h:intel:core_i5:4670r
  • Intel Core I5 4670S
    cpe:2.3:h:intel:core_i5:4670s
  • Intel Core I5 4670T
    cpe:2.3:h:intel:core_i5:4670t
  • Intel Core I5 4690
    cpe:2.3:h:intel:core_i5:4690
  • Intel Core I5 4690K
    cpe:2.3:h:intel:core_i5:4690k
  • Intel Core I5 4690S
    cpe:2.3:h:intel:core_i5:4690s
  • Intel Core I5 4690T
    cpe:2.3:h:intel:core_i5:4690t
  • Intel Core I5 5200U
    cpe:2.3:h:intel:core_i5:5200u
  • Intel Core I5 5250U
    cpe:2.3:h:intel:core_i5:5250u
  • Intel Core I5 5257U
    cpe:2.3:h:intel:core_i5:5257u
  • Intel Core I5 5287U
    cpe:2.3:h:intel:core_i5:5287u
  • Intel Core I5 5300U
    cpe:2.3:h:intel:core_i5:5300u
  • Intel Core I5 5350H
    cpe:2.3:h:intel:core_i5:5350h
  • Intel Core I5 5350U
    cpe:2.3:h:intel:core_i5:5350u
  • Intel Core I5 5575R
    cpe:2.3:h:intel:core_i5:5575r
  • Intel Core I5 5675C
    cpe:2.3:h:intel:core_i5:5675c
  • Intel Core I5 5675R
    cpe:2.3:h:intel:core_i5:5675r
  • Intel Core I5 6200U
    cpe:2.3:h:intel:core_i5:6200u
  • Intel Core I5 6260U
    cpe:2.3:h:intel:core_i5:6260u
  • Intel Core I5 6267U
    cpe:2.3:h:intel:core_i5:6267u
  • Intel Core I5 6287U
    cpe:2.3:h:intel:core_i5:6287u
  • Intel Core I5 6300HQ
    cpe:2.3:h:intel:core_i5:6300hq
  • Intel Core I5 6300U
    cpe:2.3:h:intel:core_i5:6300u
  • Intel Core I5 6350HQ
    cpe:2.3:h:intel:core_i5:6350hq
  • Intel Core I5 6360U
    cpe:2.3:h:intel:core_i5:6360u
  • Intel Core I5 6400
    cpe:2.3:h:intel:core_i5:6400
  • Intel Core I5 6400T
    cpe:2.3:h:intel:core_i5:6400t
  • Intel Core I5 6402P
    cpe:2.3:h:intel:core_i5:6402p
  • Intel Core I5 6440EQ
    cpe:2.3:h:intel:core_i5:6440eq
  • Intel Core I5 6440HQ
    cpe:2.3:h:intel:core_i5:6440hq
  • Intel Core I5 6442EQ
    cpe:2.3:h:intel:core_i5:6442eq
  • Intel Core I5 6500
    cpe:2.3:h:intel:core_i5:6500
  • Intel Core I5 6500T
    cpe:2.3:h:intel:core_i5:6500t
  • Intel Core I5 6500TE
    cpe:2.3:h:intel:core_i5:6500te
  • Intel Core I5 6585R
    cpe:2.3:h:intel:core_i5:6585r
  • Intel Core I5 6600
    cpe:2.3:h:intel:core_i5:6600
  • Intel Core I5 6600K
    cpe:2.3:h:intel:core_i5:6600k
  • Intel Core I5 6600T
    cpe:2.3:h:intel:core_i5:6600t
  • Intel Core I5 6685R
    cpe:2.3:h:intel:core_i5:6685r
  • Intel Core I5 8250U
    cpe:2.3:h:intel:core_i5:8250u
  • Intel Core I5 8350U
    cpe:2.3:h:intel:core_i5:8350u
  • Intel Core I5 8400
    cpe:2.3:h:intel:core_i5:8400
  • Intel Core I5 8600K
    cpe:2.3:h:intel:core_i5:8600k
  • Intel Core I7 7Y75
    cpe:2.3:h:intel:core_i7:7y75
  • Intel Core I7 610E
    cpe:2.3:h:intel:core_i7:610e
  • Intel Core I7 620LE
    cpe:2.3:h:intel:core_i7:620le
  • Intel Core I7 620LM
    cpe:2.3:h:intel:core_i7:620lm
  • Intel Core I7 620M
    cpe:2.3:h:intel:core_i7:620m
  • Intel Core I7 620UE
    cpe:2.3:h:intel:core_i7:620ue
  • Intel Core I7 620UM
    cpe:2.3:h:intel:core_i7:620um
  • Intel Core I7 640LM
    cpe:2.3:h:intel:core_i7:640lm
  • Intel Core I7 640M
    cpe:2.3:h:intel:core_i7:640m
  • Intel Core I7 640UM
    cpe:2.3:h:intel:core_i7:640um
  • Intel Core I7 660LM
    cpe:2.3:h:intel:core_i7:660lm
  • Intel Core I7 660UE
    cpe:2.3:h:intel:core_i7:660ue
  • Intel Core I7 660UM
    cpe:2.3:h:intel:core_i7:660um
  • Intel Core I7 680UM
    cpe:2.3:h:intel:core_i7:680um
  • Intel Core I7 720QM
    cpe:2.3:h:intel:core_i7:720qm
  • Intel Core I7 740QM
    cpe:2.3:h:intel:core_i7:740qm
  • Intel Core I7 820QM
    cpe:2.3:h:intel:core_i7:820qm
  • Intel Core I7 840QM
    cpe:2.3:h:intel:core_i7:840qm
  • Intel Core I7 860
    cpe:2.3:h:intel:core_i7:860
  • Intel Core I7 860S
    cpe:2.3:h:intel:core_i7:860s
  • Intel Core I7 870
    cpe:2.3:h:intel:core_i7:870
  • Intel Core I7 870S
    cpe:2.3:h:intel:core_i7:870s
  • Intel Core I7 875K
    cpe:2.3:h:intel:core_i7:875k
  • Intel Core I7 880
    cpe:2.3:h:intel:core_i7:880
  • Intel Core I7 920
    cpe:2.3:h:intel:core_i7:920
  • Intel Core I7 920XM
    cpe:2.3:h:intel:core_i7:920xm
  • Intel Core I7 930
    cpe:2.3:h:intel:core_i7:930
  • Intel Core I7 940
    cpe:2.3:h:intel:core_i7:940
  • Intel Core I7 940XM
    cpe:2.3:h:intel:core_i7:940xm
  • Intel Core I7 950
    cpe:2.3:h:intel:core_i7:950
  • Intel Core I7 960
    cpe:2.3:h:intel:core_i7:960
  • Intel Core I7 965
    cpe:2.3:h:intel:core_i7:965
  • Intel Core I7 970
    cpe:2.3:h:intel:core_i7:970
  • Intel Core I7 975
    cpe:2.3:h:intel:core_i7:975
  • Intel Core I7 980
    cpe:2.3:h:intel:core_i7:980
  • Intel Core I7 980X
    cpe:2.3:h:intel:core_i7:980x
  • Intel Core I7 990X
    cpe:2.3:h:intel:core_i7:990x
  • Intel Core I7 2600
    cpe:2.3:h:intel:core_i7:2600
  • Intel Core I7 2600K
    cpe:2.3:h:intel:core_i7:2600k
  • Intel Core I7 2600S
    cpe:2.3:h:intel:core_i7:2600s
  • Intel Core I7 2610UE
    cpe:2.3:h:intel:core_i7:2610ue
  • Intel Core I7 2617M
    cpe:2.3:h:intel:core_i7:2617m
  • Intel Core I7 2620M
    cpe:2.3:h:intel:core_i7:2620m
  • Intel Core I7 2629M
    cpe:2.3:h:intel:core_i7:2629m
  • Intel Core I7 2630QM
    cpe:2.3:h:intel:core_i7:2630qm
  • Intel Core I7 2635QM
    cpe:2.3:h:intel:core_i7:2635qm
  • Intel Core I7 2637M
    cpe:2.3:h:intel:core_i7:2637m
  • Intel Core I7 2640M
    cpe:2.3:h:intel:core_i7:2640m
  • Intel Core I7 2649M
    cpe:2.3:h:intel:core_i7:2649m
  • Intel Core I7 2655LE
    cpe:2.3:h:intel:core_i7:2655le
  • Intel Core I7 2657M
    cpe:2.3:h:intel:core_i7:2657m
  • Intel Core I7 2670QM
    cpe:2.3:h:intel:core_i7:2670qm
  • Intel Core I7 2675QM
    cpe:2.3:h:intel:core_i7:2675qm
  • Intel Core I7 2677M
    cpe:2.3:h:intel:core_i7:2677m
  • Intel Core I7 2700K
    cpe:2.3:h:intel:core_i7:2700k
  • Intel Core I7 2710QE
    cpe:2.3:h:intel:core_i7:2710qe
  • Intel Core I7 2715QE
    cpe:2.3:h:intel:core_i7:2715qe
  • Intel Core I7 2720QM
    cpe:2.3:h:intel:core_i7:2720qm
  • Intel Core I7 2760QM
    cpe:2.3:h:intel:core_i7:2760qm
  • Intel Core I7 2820QM
    cpe:2.3:h:intel:core_i7:2820qm
  • Intel Core I7 2860QM
    cpe:2.3:h:intel:core_i7:2860qm
  • Intel Core I7 2920XM
    cpe:2.3:h:intel:core_i7:2920xm
  • Intel Core I7 2960XM
    cpe:2.3:h:intel:core_i7:2960xm
  • Intel Core I7 3517U
    cpe:2.3:h:intel:core_i7:3517u
  • Intel Core I7 3517UE
    cpe:2.3:h:intel:core_i7:3517ue
  • Intel Core I7 3520M
    cpe:2.3:h:intel:core_i7:3520m
  • Intel Core I7 3537U
    cpe:2.3:h:intel:core_i7:3537u
  • Intel Core I7 3540M
    cpe:2.3:h:intel:core_i7:3540m
  • Intel Core I7 3555LE
    cpe:2.3:h:intel:core_i7:3555le
  • Intel Core I7 3610QE
    cpe:2.3:h:intel:core_i7:3610qe
  • Intel Core I7 3610QM
    cpe:2.3:h:intel:core_i7:3610qm
  • Intel Core I7 3612QE
    cpe:2.3:h:intel:core_i7:3612qe
  • Intel Core I7 3612QM
    cpe:2.3:h:intel:core_i7:3612qm
  • Intel Core I7 3615QE
    cpe:2.3:h:intel:core_i7:3615qe
  • Intel Core I7 3615QM
    cpe:2.3:h:intel:core_i7:3615qm
  • Intel Core I7 3630QM
    cpe:2.3:h:intel:core_i7:3630qm
  • Intel Core I7 3632QM
    cpe:2.3:h:intel:core_i7:3632qm
  • Intel Core I7 3635QM
    cpe:2.3:h:intel:core_i7:3635qm
  • Intel Core I7 3667U
    cpe:2.3:h:intel:core_i7:3667u
  • Intel Core I7 3687U
    cpe:2.3:h:intel:core_i7:3687u
  • Intel Core I7 3689Y
    cpe:2.3:h:intel:core_i7:3689y
  • Intel Core I7 3720QM
    cpe:2.3:h:intel:core_i7:3720qm
  • Intel Core I7 3740QM
    cpe:2.3:h:intel:core_i7:3740qm
  • Intel Core I7 3770
    cpe:2.3:h:intel:core_i7:3770
  • Intel Core I7 3770K
    cpe:2.3:h:intel:core_i7:3770k
  • Intel Core I7 3770S
    cpe:2.3:h:intel:core_i7:3770s
  • Intel Core I7 3770T
    cpe:2.3:h:intel:core_i7:3770t
  • Intel Core I7 3820QM
    cpe:2.3:h:intel:core_i7:3820qm
  • Intel Core I7 3840QM
    cpe:2.3:h:intel:core_i7:3840qm
  • Intel Core I7 4500U
    cpe:2.3:h:intel:core_i7:4500u
  • Intel Core I7 4510U
    cpe:2.3:h:intel:core_i7:4510u
  • Intel Core I7 4550U
    cpe:2.3:h:intel:core_i7:4550u
  • Intel Core I7 4558U
    cpe:2.3:h:intel:core_i7:4558u
  • Intel Core I7 4578U
    cpe:2.3:h:intel:core_i7:4578u
  • Intel Core I7 4600M
    cpe:2.3:h:intel:core_i7:4600m
  • Intel Core I7 4600U
    cpe:2.3:h:intel:core_i7:4600u
  • Intel Core I7 4610M
    cpe:2.3:h:intel:core_i7:4610m
  • Intel Core I7 4610Y
    cpe:2.3:h:intel:core_i7:4610y
  • Intel Core I7 4650U
    cpe:2.3:h:intel:core_i7:4650u
  • Intel Core I7 4700EC
    cpe:2.3:h:intel:core_i7:4700ec
  • Intel Core I7 4700EQ
    cpe:2.3:h:intel:core_i7:4700eq
  • Intel Core I7 4700HQ
    cpe:2.3:h:intel:core_i7:4700hq
  • Intel Core I7 4700MQ
    cpe:2.3:h:intel:core_i7:4700mq
  • Intel Core I7 4702EC
    cpe:2.3:h:intel:core_i7:4702ec
  • Intel Core I7 4702HQ
    cpe:2.3:h:intel:core_i7:4702hq
  • Intel Core I7 4702MQ
    cpe:2.3:h:intel:core_i7:4702mq
  • Intel Core I7 4710HQ
    cpe:2.3:h:intel:core_i7:4710hq
  • Intel Core I7 4710MQ
    cpe:2.3:h:intel:core_i7:4710mq
  • Intel Core I7 4712HQ
    cpe:2.3:h:intel:core_i7:4712hq
  • Intel Core I7 4712MQ
    cpe:2.3:h:intel:core_i7:4712mq
  • Intel Core I7 4720HQ
    cpe:2.3:h:intel:core_i7:4720hq
  • Intel Core I7 4722HQ
    cpe:2.3:h:intel:core_i7:4722hq
  • Intel Core I7 4750HQ
    cpe:2.3:h:intel:core_i7:4750hq
  • Intel Core I7 4760HQ
    cpe:2.3:h:intel:core_i7:4760hq
  • Intel Core I7 4765T
    cpe:2.3:h:intel:core_i7:4765t
  • Intel Core I7 4770
    cpe:2.3:h:intel:core_i7:4770
  • Intel Core I7 4770HQ
    cpe:2.3:h:intel:core_i7:4770hq
  • Intel Core I7 4770K
    cpe:2.3:h:intel:core_i7:4770k
  • Intel Core I7 4770R
    cpe:2.3:h:intel:core_i7:4770r
  • Intel Core I7 4770S
    cpe:2.3:h:intel:core_i7:4770s
  • Intel Core I7 4770T
    cpe:2.3:h:intel:core_i7:4770t
  • Intel Core I7 4770TE
    cpe:2.3:h:intel:core_i7:4770te
  • Intel Core I7 4771
    cpe:2.3:h:intel:core_i7:4771
  • Intel Core I7 4785T
    cpe:2.3:h:intel:core_i7:4785t
  • Intel Core I7 4790
    cpe:2.3:h:intel:core_i7:4790
  • Intel Core I7 4790K
    cpe:2.3:h:intel:core_i7:4790k
  • Intel Core I7 4790S
    cpe:2.3:h:intel:core_i7:4790s
  • Intel Core I7 4790T
    cpe:2.3:h:intel:core_i7:4790t
  • Intel Core I7 4800MQ
    cpe:2.3:h:intel:core_i7:4800mq
  • Intel Core I7 4810MQ
    cpe:2.3:h:intel:core_i7:4810mq
  • Intel Core I7 4850HQ
    cpe:2.3:h:intel:core_i7:4850hq
  • Intel Core I7 4860HQ
    cpe:2.3:h:intel:core_i7:4860hq
  • Intel Core I7 4870HQ
    cpe:2.3:h:intel:core_i7:4870hq
  • Intel Core I7 4900MQ
    cpe:2.3:h:intel:core_i7:4900mq
  • Intel Core I7 4910MQ
    cpe:2.3:h:intel:core_i7:4910mq
  • Intel Core I7 4950HQ
    cpe:2.3:h:intel:core_i7:4950hq
  • Intel Core I7 4960HQ
    cpe:2.3:h:intel:core_i7:4960hq
  • Intel Core I7 4980HQ
    cpe:2.3:h:intel:core_i7:4980hq
  • Intel Core I7 5500U
    cpe:2.3:h:intel:core_i7:5500u
  • Intel Core I7 5550U
    cpe:2.3:h:intel:core_i7:5550u
  • Intel Core I7 5557U
    cpe:2.3:h:intel:core_i7:5557u
  • Intel Core I7 5600U
    cpe:2.3:h:intel:core_i7:5600u
  • Intel Core I7 5650U
    cpe:2.3:h:intel:core_i7:5650u
  • Intel Core I7 5700EQ
    cpe:2.3:h:intel:core_i7:5700eq
  • Intel Core I7 5700HQ
    cpe:2.3:h:intel:core_i7:5700hq
  • Intel Core I7 5750HQ
    cpe:2.3:h:intel:core_i7:5750hq
  • Intel Core I7 5775C
    cpe:2.3:h:intel:core_i7:5775c
  • Intel Core I7 5775R
    cpe:2.3:h:intel:core_i7:5775r
  • Intel Core I7 5850EQ
    cpe:2.3:h:intel:core_i7:5850eq
  • Intel Core I7 5850HQ
    cpe:2.3:h:intel:core_i7:5850hq
  • Intel Core I7 5950HQ
    cpe:2.3:h:intel:core_i7:5950hq
  • Intel Core I7 7500U
    cpe:2.3:h:intel:core_i7:7500u
  • Intel Core I7 7560U
    cpe:2.3:h:intel:core_i7:7560u
  • Intel Core I7 7567U
    cpe:2.3:h:intel:core_i7:7567u
  • Intel Core I7 7600U
    cpe:2.3:h:intel:core_i7:7600u
  • Intel Core I7 7660U
    cpe:2.3:h:intel:core_i7:7660u
  • Intel Core I7 7700
    cpe:2.3:h:intel:core_i7:7700
  • Intel Core I7 7700HQ
    cpe:2.3:h:intel:core_i7:7700hq
  • Intel Core I7 7700K
    cpe:2.3:h:intel:core_i7:7700k
  • Intel Core I7 7700T
    cpe:2.3:h:intel:core_i7:7700t
  • Intel Core I7 7820EQ
    cpe:2.3:h:intel:core_i7:7820eq
  • Intel Core I7 7820HK
    cpe:2.3:h:intel:core_i7:7820hk
  • Intel Core I7 7820HQ
    cpe:2.3:h:intel:core_i7:7820hq
  • Intel Core I7 7920HQ
    cpe:2.3:h:intel:core_i7:7920hq
  • Intel Core I7 8550U
    cpe:2.3:h:intel:core_i7:8550u
  • Intel Core I7 8650U
    cpe:2.3:h:intel:core_i7:8650u
  • Intel Core I7 8700
    cpe:2.3:h:intel:core_i7:8700
  • Intel Core I7 8700K
    cpe:2.3:h:intel:core_i7:8700k
  • Intel Core M 5Y10
    cpe:2.3:h:intel:core_m:5y10
  • Intel Core M 5Y10A
    cpe:2.3:h:intel:core_m:5y10a
  • Intel Core M 5Y10C
    cpe:2.3:h:intel:core_m:5y10c
  • Intel Core M 5Y31
    cpe:2.3:h:intel:core_m:5y31
  • Intel Core M 5Y51
    cpe:2.3:h:intel:core_m:5y51
  • Intel Core M 5Y70
    cpe:2.3:h:intel:core_m:5y70
  • Intel Core M 5Y71
    cpe:2.3:h:intel:core_m:5y71
  • Intel Core M3 6Y30
    cpe:2.3:h:intel:core_m3:6y30
  • Intel Core M3 7Y30
    cpe:2.3:h:intel:core_m3:7y30
  • Intel Core M3 7Y32
    cpe:2.3:h:intel:core_m3:7y32
  • Intel Core M5 6Y54
    cpe:2.3:h:intel:core_m5:6y54
  • Intel Core M5 6Y57
    cpe:2.3:h:intel:core_m5:6y57
  • Intel Core M7 6Y75
    cpe:2.3:h:intel:core_m7:6y75
  • Intel Pentium J J2850
    cpe:2.3:h:intel:pentium_j:j2850
  • Intel Pentium J J2900
    cpe:2.3:h:intel:pentium_j:j2900
  • Intel Pentium J J3710
    cpe:2.3:h:intel:pentium_j:j3710
  • Intel Pentium J J4205
    cpe:2.3:h:intel:pentium_j:j4205
  • Intel Pentium N N3510
    cpe:2.3:h:intel:pentium_n:n3510
  • Intel Pentium N N3520
    cpe:2.3:h:intel:pentium_n:n3520
  • Intel Pentium N N3530
    cpe:2.3:h:intel:pentium_n:n3530
  • Intel Pentium N N3540
    cpe:2.3:h:intel:pentium_n:n3540
  • Intel Pentium N N3700
    cpe:2.3:h:intel:pentium_n:n3700
  • Intel Pentium N N3710
    cpe:2.3:h:intel:pentium_n:n3710
  • Intel Pentium N N4200
    cpe:2.3:h:intel:pentium_n:n4200
  • Intel Xeon E5502
    cpe:2.3:h:intel:xeon:e5502
  • Intel Xeon E5503
    cpe:2.3:h:intel:xeon:e5503
  • Intel Xeon E5504
    cpe:2.3:h:intel:xeon:e5504
  • Intel Xeon E5506
    cpe:2.3:h:intel:xeon:e5506
  • Intel Xeon E5507
    cpe:2.3:h:intel:xeon:e5507
  • Intel Xeon E5520
    cpe:2.3:h:intel:xeon:e5520
  • Intel Xeon E5530
    cpe:2.3:h:intel:xeon:e5530
  • Intel Xeon E5540
    cpe:2.3:h:intel:xeon:e5540
  • Intel Xeon E5603
    cpe:2.3:h:intel:xeon:e5603
  • Intel Xeon E5606
    cpe:2.3:h:intel:xeon:e5606
  • Intel Xeon E5607
    cpe:2.3:h:intel:xeon:e5607
  • Intel Xeon E5620
    cpe:2.3:h:intel:xeon:e5620
  • Intel Xeon E5630
    cpe:2.3:h:intel:xeon:e5630
  • Intel Xeon E5640
    cpe:2.3:h:intel:xeon:e5640
  • Intel Xeon E5645
    cpe:2.3:h:intel:xeon:e5645
  • Intel Xeon E5649
    cpe:2.3:h:intel:xeon:e5649
  • Intel Xeon E6510
    cpe:2.3:h:intel:xeon:e6510
  • Intel Xeon E6540
    cpe:2.3:h:intel:xeon:e6540
  • Intel Xeon E7520
    cpe:2.3:h:intel:xeon:e7520
  • Intel Xeon E7530
    cpe:2.3:h:intel:xeon:e7530
  • Intel Xeon E7540
    cpe:2.3:h:intel:xeon:e7540
  • Intel Xeon EC5509
    cpe:2.3:h:intel:xeon:ec5509
  • Intel Xeon EC5539
    cpe:2.3:h:intel:xeon:ec5539
  • Intel Xeon EC5549
    cpe:2.3:h:intel:xeon:ec5549
  • Intel Xeon L3406
    cpe:2.3:h:intel:xeon:l3406
  • Intel Xeon L3426
    cpe:2.3:h:intel:xeon:l3426
  • Intel Xeon L5506
    cpe:2.3:h:intel:xeon:l5506
  • Intel Xeon L5508
    cpe:2.3:h:intel:xeon:l5508
  • Intel Xeon L5518
    cpe:2.3:h:intel:xeon:l5518
  • Intel Xeon L5520
    cpe:2.3:h:intel:xeon:l5520
  • Intel Xeon L5530
    cpe:2.3:h:intel:xeon:l5530
  • Intel Xeon L5609
    cpe:2.3:h:intel:xeon:l5609
  • Intel Xeon L5618
    cpe:2.3:h:intel:xeon:l5618
  • Intel Xeon L5630
    cpe:2.3:h:intel:xeon:l5630
  • Intel Xeon L5638
    cpe:2.3:h:intel:xeon:l5638
  • Intel Xeon L5640
    cpe:2.3:h:intel:xeon:l5640
  • Intel Xeon L7545
    cpe:2.3:h:intel:xeon:l7545
  • Intel Xeon L7555
    cpe:2.3:h:intel:xeon:l7555
  • Intel Xeon LC5518
    cpe:2.3:h:intel:xeon:lc5518
  • Intel Xeon LC5528
    cpe:2.3:h:intel:xeon:lc5528
  • Intel Xeon W3670
    cpe:2.3:h:intel:xeon:w3670
  • Intel Xeon W3680
    cpe:2.3:h:intel:xeon:w3680
  • Intel Xeon W3690
    cpe:2.3:h:intel:xeon:w3690
  • Intel Xeon W5580
    cpe:2.3:h:intel:xeon:w5580
  • Intel Xeon W5590
    cpe:2.3:h:intel:xeon:w5590
  • Intel Xeon X3430
    cpe:2.3:h:intel:xeon:x3430
  • Intel Xeon X3440
    cpe:2.3:h:intel:xeon:x3440
  • Intel Xeon X3450
    cpe:2.3:h:intel:xeon:x3450
  • Intel Xeon X3460
    cpe:2.3:h:intel:xeon:x3460
  • Intel Xeon X3470
    cpe:2.3:h:intel:xeon:x3470
  • Intel Xeon X3480
    cpe:2.3:h:intel:xeon:x3480
  • Intel Xeon X5550
    cpe:2.3:h:intel:xeon:x5550
  • Intel Xeon X5560
    cpe:2.3:h:intel:xeon:x5560
  • Intel Xeon X5570
    cpe:2.3:h:intel:xeon:x5570
  • Intel Xeon X5647
    cpe:2.3:h:intel:xeon:x5647
  • Intel Xeon X5650
    cpe:2.3:h:intel:xeon:x5650
  • Intel Xeon X5660
    cpe:2.3:h:intel:xeon:x5660
  • Intel Xeon X5667
    cpe:2.3:h:intel:xeon:x5667
  • Intel Xeon X5670
    cpe:2.3:h:intel:xeon:x5670
  • Intel Xeon X5672
    cpe:2.3:h:intel:xeon:x5672
  • Intel Xeon X5675
    cpe:2.3:h:intel:xeon:x5675
  • Intel Xeon X5677
    cpe:2.3:h:intel:xeon:x5677
  • Intel Xeon X5680
    cpe:2.3:h:intel:xeon:x5680
  • Intel Xeon X5687
    cpe:2.3:h:intel:xeon:x5687
  • Intel Xeon X5690
    cpe:2.3:h:intel:xeon:x5690
  • Intel Xeon X6550
    cpe:2.3:h:intel:xeon:x6550
  • Intel Xeon X7542
    cpe:2.3:h:intel:xeon:x7542
  • Intel Xeon X7550
    cpe:2.3:h:intel:xeon:x7550
  • Intel Xeon X7560
    cpe:2.3:h:intel:xeon:x7560
  • Intel Xeon Bronze 3104
    cpe:2.3:h:intel:xeon_bronze:3104
  • Intel Xeon Bronze 3106
    cpe:2.3:h:intel:xeon_bronze:3106
  • Intel Xeon E3 1105C
    cpe:2.3:h:intel:xeon_e3:1105c
  • Intel Xeon E3 1105C V2
    cpe:2.3:h:intel:xeon_e3:1105c_v2
  • Intel Xeon E3 1125C
    cpe:2.3:h:intel:xeon_e3:1125c
  • Intel Xeon E3 1125C V2
    cpe:2.3:h:intel:xeon_e3:1125c_v2
  • Intel Xeon E3 1220
    cpe:2.3:h:intel:xeon_e3:1220
  • Intel Xeon E3 1220 V2
    cpe:2.3:h:intel:xeon_e3:1220_v2
  • Intel Xeon E3 1220 V3
    cpe:2.3:h:intel:xeon_e3:1220_v3
  • Intel Xeon E3 1220 V5
    cpe:2.3:h:intel:xeon_e3:1220_v5
  • Intel Xeon E3 1220 V6
    cpe:2.3:h:intel:xeon_e3:1220_v6
  • Intel Xeon E3 1220L
    cpe:2.3:h:intel:xeon_e3:1220l
  • Intel Xeon E3 1220L V2
    cpe:2.3:h:intel:xeon_e3:1220l_v2
  • Intel Xeon E3 1220L V3
    cpe:2.3:h:intel:xeon_e3:1220l_v3
  • Intel Xeon E3 1225
    cpe:2.3:h:intel:xeon_e3:1225
  • Intel Xeon E3 1225 V2
    cpe:2.3:h:intel:xeon_e3:1225_v2
  • Intel Xeon E3 1225 V3
    cpe:2.3:h:intel:xeon_e3:1225_v3
  • Intel Xeon E3 1225 V5
    cpe:2.3:h:intel:xeon_e3:1225_v5
  • Intel Xeon E3 1225 V6
    cpe:2.3:h:intel:xeon_e3:1225_v6
  • Intel Xeon E3 1226 V3
    cpe:2.3:h:intel:xeon_e3:1226_v3
  • Intel Xeon E3 1230
    cpe:2.3:h:intel:xeon_e3:1230
  • Intel Xeon E3 1230 V2
    cpe:2.3:h:intel:xeon_e3:1230_v2
  • Intel Xeon E3 1230 V3
    cpe:2.3:h:intel:xeon_e3:1230_v3
  • Intel Xeon E3 1230 V5
    cpe:2.3:h:intel:xeon_e3:1230_v5
  • Intel Xeon E3 1230 V6
    cpe:2.3:h:intel:xeon_e3:1230_v6
  • Intel Xeon E3 1230L V3
    cpe:2.3:h:intel:xeon_e3:1230l_v3
  • Intel Xeon E3 1231 V3
    cpe:2.3:h:intel:xeon_e3:1231_v3
  • Intel Xeon E3 1235
    cpe:2.3:h:intel:xeon_e3:1235
  • Intel Xeon E3 1235L V5
    cpe:2.3:h:intel:xeon_e3:1235l_v5
  • Intel Xeon E3 1240
    cpe:2.3:h:intel:xeon_e3:1240
  • Intel Xeon E3 1240 V2
    cpe:2.3:h:intel:xeon_e3:1240_v2
  • Intel Xeon E3 1240 V3
    cpe:2.3:h:intel:xeon_e3:1240_v3
  • Intel Xeon E3 1240 V5
    cpe:2.3:h:intel:xeon_e3:1240_v5
  • Intel Xeon E3 1240 V6
    cpe:2.3:h:intel:xeon_e3:1240_v6
  • Intel Xeon E3 1240L V3
    cpe:2.3:h:intel:xeon_e3:1240l_v3
  • Intel Xeon E3 1240L V5
    cpe:2.3:h:intel:xeon_e3:1240l_v5
  • Intel Xeon E3 1241 V3
    cpe:2.3:h:intel:xeon_e3:1241_v3
  • Intel Xeon E3 1245
    cpe:2.3:h:intel:xeon_e3:1245
  • Intel Xeon E3 1245 V2
    cpe:2.3:h:intel:xeon_e3:1245_v2
  • Intel Xeon E3 1245 V3
    cpe:2.3:h:intel:xeon_e3:1245_v3
  • Intel Xeon E3 1245 V5
    cpe:2.3:h:intel:xeon_e3:1245_v5
  • Intel Xeon E3 1245 V6
    cpe:2.3:h:intel:xeon_e3:1245_v6
  • Intel Xeon E3 1246 V3
    cpe:2.3:h:intel:xeon_e3:1246_v3
  • Intel Xeon E3 1258L V4
    cpe:2.3:h:intel:xeon_e3:1258l_v4
  • Intel Xeon E3 1260L
    cpe:2.3:h:intel:xeon_e3:1260l
  • Intel Xeon E3 1260L V5
    cpe:2.3:h:intel:xeon_e3:1260l_v5
  • Intel Xeon E3 1265L V2
    cpe:2.3:h:intel:xeon_e3:1265l_v2
  • Intel Xeon E3 1265L V3
    cpe:2.3:h:intel:xeon_e3:1265l_v3
  • Intel Xeon E3 1265L V4
    cpe:2.3:h:intel:xeon_e3:1265l_v4
  • Intel Xeon E3 1268L V3
    cpe:2.3:h:intel:xeon_e3:1268l_v3
  • Intel Xeon E3 1268L V5
    cpe:2.3:h:intel:xeon_e3:1268l_v5
  • Intel Xeon E3 1270
    cpe:2.3:h:intel:xeon_e3:1270
  • Intel Xeon E3 1270 V2
    cpe:2.3:h:intel:xeon_e3:1270_v2
  • Intel Xeon E3 1270 V3
    cpe:2.3:h:intel:xeon_e3:1270_v3
  • Intel Xeon E3 1270 V5
    cpe:2.3:h:intel:xeon_e3:1270_v5
  • Intel Xeon E3 1270 V6
    cpe:2.3:h:intel:xeon_e3:1270_v6
  • Intel Xeon E3 1271 V3
    cpe:2.3:h:intel:xeon_e3:1271_v3
  • Intel Xeon E3 1275
    cpe:2.3:h:intel:xeon_e3:1275
  • Intel Xeon E3 1275 V2
    cpe:2.3:h:intel:xeon_e3:1275_v2
  • Intel Xeon E3 1275 V3
    cpe:2.3:h:intel:xeon_e3:1275_v3
  • Intel Xeon E3 1275 V5
    cpe:2.3:h:intel:xeon_e3:1275_v5
  • Intel Xeon E3 1275 V6
    cpe:2.3:h:intel:xeon_e3:1275_v6
  • Intel Xeon E3 1275L V3
    cpe:2.3:h:intel:xeon_e3:1275l_v3
  • Intel Xeon E3 1276 V3
    cpe:2.3:h:intel:xeon_e3:1276_v3
  • Intel Xeon E3 1278L V4
    cpe:2.3:h:intel:xeon_e3:1278l_v4
  • Intel Xeon E3 1280
    cpe:2.3:h:intel:xeon_e3:1280
  • Intel Xeon E3 1280 V2
    cpe:2.3:h:intel:xeon_e3:1280_v2
  • Intel Xeon E3 1280 V3
    cpe:2.3:h:intel:xeon_e3:1280_v3
  • Intel Xeon E3 1280 V5
    cpe:2.3:h:intel:xeon_e3:1280_v5
  • Intel Xeon E3 1280 V6
    cpe:2.3:h:intel:xeon_e3:1280_v6
  • Intel Xeon E3 1281 V3
    cpe:2.3:h:intel:xeon_e3:1281_v3
  • Intel Xeon E3 1285 V3
    cpe:2.3:h:intel:xeon_e3:1285_v3
  • Intel Xeon E3 1285 V4
    cpe:2.3:h:intel:xeon_e3:1285_v4
  • Intel Xeon E3 1285 V6
    cpe:2.3:h:intel:xeon_e3:1285_v6
  • Intel Xeon E3 1285L V3
    cpe:2.3:h:intel:xeon_e3:1285l_v3
  • Intel Xeon E3 1285L V4
    cpe:2.3:h:intel:xeon_e3:1285l_v4
  • Intel Xeon E3 1286 V3
    cpe:2.3:h:intel:xeon_e3:1286_v3
  • Intel Xeon E3 1286L V3
    cpe:2.3:h:intel:xeon_e3:1286l_v3
  • Intel Xeon E3 1290
    cpe:2.3:h:intel:xeon_e3:1290
  • Intel Xeon E3 1290 V2
    cpe:2.3:h:intel:xeon_e3:1290_v2
  • Intel Xeon E3 1501L V6
    cpe:2.3:h:intel:xeon_e3:1501l_v6
  • Intel Xeon E3 1501M V6
    cpe:2.3:h:intel:xeon_e3:1501m_v6
  • Intel Xeon E3 1505L V5
    cpe:2.3:h:intel:xeon_e3:1505l_v5
  • Intel Xeon E3 1505L V6
    cpe:2.3:h:intel:xeon_e3:1505l_v6
  • Intel Xeon E3 1505M V5
    cpe:2.3:h:intel:xeon_e3:1505m_v5
  • Intel Xeon E3 1505M V6
    cpe:2.3:h:intel:xeon_e3:1505m_v6
  • Intel Xeon E3 1515M V5
    cpe:2.3:h:intel:xeon_e3:1515m_v5
  • Intel Xeon E3 1535M V5
    cpe:2.3:h:intel:xeon_e3:1535m_v5
  • Intel Xeon E3 1535M V6
    cpe:2.3:h:intel:xeon_e3:1535m_v6
  • Intel Xeon E3 1545M V5
    cpe:2.3:h:intel:xeon_e3:1545m_v5
  • Intel Xeon E3 1558L V5
    cpe:2.3:h:intel:xeon_e3:1558l_v5
  • Intel Xeon E3 1565L V5
    cpe:2.3:h:intel:xeon_e3:1565l_v5
  • Intel Xeon E3 1575M V5
    cpe:2.3:h:intel:xeon_e3:1575m_v5
  • Intel Xeon E3 1578L V5
    cpe:2.3:h:intel:xeon_e3:1578l_v5
  • Intel Xeon E3 1585 V5
    cpe:2.3:h:intel:xeon_e3:1585_v5
  • Intel Xeon E3 1585L V5
    cpe:2.3:h:intel:xeon_e3:1585l_v5
  • Intel Xeon E5 1428L
    cpe:2.3:h:intel:xeon_e5:1428l
  • Intel Xeon E5 1428L V2
    cpe:2.3:h:intel:xeon_e5:1428l_v2
  • Intel Xeon E5 1428L V3
    cpe:2.3:h:intel:xeon_e5:1428l_v3
  • Intel Xeon E5 1620
    cpe:2.3:h:intel:xeon_e5:1620
  • Intel Xeon E5 1620 V2
    cpe:2.3:h:intel:xeon_e5:1620_v2
  • Intel Xeon E5 1620 V3
    cpe:2.3:h:intel:xeon_e5:1620_v3
  • Intel Xeon E5 1620 V4
    cpe:2.3:h:intel:xeon_e5:1620_v4
  • Intel Xeon E5 1630 V3
    cpe:2.3:h:intel:xeon_e5:1630_v3
  • Intel Xeon E5 1630 V4
    cpe:2.3:h:intel:xeon_e5:1630_v4
  • Intel Xeon E5 1650
    cpe:2.3:h:intel:xeon_e5:1650
  • Intel Xeon E5 1650 V2
    cpe:2.3:h:intel:xeon_e5:1650_v2
  • Intel Xeon E5 1650 V3
    cpe:2.3:h:intel:xeon_e5:1650_v3
  • Intel Xeon E5 1650 V4
    cpe:2.3:h:intel:xeon_e5:1650_v4
  • Intel Xeon E5 1660
    cpe:2.3:h:intel:xeon_e5:1660
  • Intel Xeon E5 1660 V2
    cpe:2.3:h:intel:xeon_e5:1660_v2
  • Intel Xeon E5 1660 V3
    cpe:2.3:h:intel:xeon_e5:1660_v3
  • Intel Xeon E5 1660 V4
    cpe:2.3:h:intel:xeon_e5:1660_v4
  • Intel Xeon E5 1680 V3
    cpe:2.3:h:intel:xeon_e5:1680_v3
  • Intel Xeon E5 1680 V4
    cpe:2.3:h:intel:xeon_e5:1680_v4
  • Intel Xeon E5 2403
    cpe:2.3:h:intel:xeon_e5:2403
  • Intel Xeon E5 2403 V2
    cpe:2.3:h:intel:xeon_e5:2403_v2
  • Intel Xeon E5 2407
    cpe:2.3:h:intel:xeon_e5:2407
  • Intel Xeon E5 2407 V2
    cpe:2.3:h:intel:xeon_e5:2407_v2
  • Intel Xeon E5 2408L V3
    cpe:2.3:h:intel:xeon_e5:2408l_v3
  • Intel Xeon E5 2418L
    cpe:2.3:h:intel:xeon_e5:2418l
  • Intel Xeon E5 2418L V2
    cpe:2.3:h:intel:xeon_e5:2418l_v2
  • Intel Xeon E5 2418L V3
    cpe:2.3:h:intel:xeon_e5:2418l_v3
  • Intel Xeon E5 2420
    cpe:2.3:h:intel:xeon_e5:2420
  • Intel Xeon E5 2420 V2
    cpe:2.3:h:intel:xeon_e5:2420_v2
  • Intel Xeon E5 2428L
    cpe:2.3:h:intel:xeon_e5:2428l
  • Intel Xeon E5 2428L V2
    cpe:2.3:h:intel:xeon_e5:2428l_v2
  • Intel Xeon E5 2428L V3
    cpe:2.3:h:intel:xeon_e5:2428l_v3
  • Intel Xeon E5 2430
    cpe:2.3:h:intel:xeon_e5:2430
  • Intel Xeon E5 2430 V2
    cpe:2.3:h:intel:xeon_e5:2430_v2
  • Intel Xeon E5 2430L
    cpe:2.3:h:intel:xeon_e5:2430l
  • Intel Xeon E5 2430L V2
    cpe:2.3:h:intel:xeon_e5:2430l_v2
  • Intel Xeon E5 2438L V3
    cpe:2.3:h:intel:xeon_e5:2438l_v3
  • Intel Xeon E5 2440
    cpe:2.3:h:intel:xeon_e5:2440
  • Intel Xeon E5 2440 V2
    cpe:2.3:h:intel:xeon_e5:2440_v2
  • Intel Xeon E5 2448L
    cpe:2.3:h:intel:xeon_e5:2448l
  • Intel Xeon E5 2448L V2
    cpe:2.3:h:intel:xeon_e5:2448l_v2
  • Intel Xeon E5 2450
    cpe:2.3:h:intel:xeon_e5:2450
  • Intel Xeon E5 2450 V2
    cpe:2.3:h:intel:xeon_e5:2450_v2
  • Intel Xeon E5 2450L
    cpe:2.3:h:intel:xeon_e5:2450l
  • Intel Xeon E5 2450L V2
    cpe:2.3:h:intel:xeon_e5:2450l_v2
  • Intel Xeon E5 2470
    cpe:2.3:h:intel:xeon_e5:2470
  • Intel Xeon E5 2470 V2
    cpe:2.3:h:intel:xeon_e5:2470_v2
  • Intel Xeon E5 2603
    cpe:2.3:h:intel:xeon_e5:2603
  • Intel Xeon E5 2603 V2
    cpe:2.3:h:intel:xeon_e5:2603_v2
  • Intel Xeon E5 2603 V3
    cpe:2.3:h:intel:xeon_e5:2603_v3
  • Intel Xeon E5 2603 V4
    cpe:2.3:h:intel:xeon_e5:2603_v4
  • Intel Xeon E5 2608L V3
    cpe:2.3:h:intel:xeon_e5:2608l_v3
  • Intel Xeon E5 2608L V4
    cpe:2.3:h:intel:xeon_e5:2608l_v4
  • Intel Xeon E5 2609
    cpe:2.3:h:intel:xeon_e5:2609
  • Intel Xeon E5 2609 V2
    cpe:2.3:h:intel:xeon_e5:2609_v2
  • Intel Xeon E5 2609 V3
    cpe:2.3:h:intel:xeon_e5:2609_v3
  • Intel Xeon E5 2609 V4
    cpe:2.3:h:intel:xeon_e5:2609_v4
  • Intel Xeon E5 2618L V2
    cpe:2.3:h:intel:xeon_e5:2618l_v2
  • Intel Xeon E5 2618L V3
    cpe:2.3:h:intel:xeon_e5:2618l_v3
  • Intel Xeon E5 2618L V4
    cpe:2.3:h:intel:xeon_e5:2618l_v4
  • Intel Xeon E5 2620
    cpe:2.3:h:intel:xeon_e5:2620
  • Intel Xeon E5 2620 V2
    cpe:2.3:h:intel:xeon_e5:2620_v2
  • Intel Xeon E5 2620 V3
    cpe:2.3:h:intel:xeon_e5:2620_v3
  • Intel Xeon E5 2620 V4
    cpe:2.3:h:intel:xeon_e5:2620_v4
  • Intel Xeon E5 2623 V3
    cpe:2.3:h:intel:xeon_e5:2623_v3
  • Intel Xeon E5 2623 V4
    cpe:2.3:h:intel:xeon_e5:2623_v4
  • Intel Xeon E5 2628L V2
    cpe:2.3:h:intel:xeon_e5:2628l_v2
  • Intel Xeon E5 2628L V3
    cpe:2.3:h:intel:xeon_e5:2628l_v3
  • Intel Xeon E5 2628L V4
    cpe:2.3:h:intel:xeon_e5:2628l_v4
  • Intel Xeon E5 2630
    cpe:2.3:h:intel:xeon_e5:2630
  • Intel Xeon E5 2630 V2
    cpe:2.3:h:intel:xeon_e5:2630_v2
  • Intel Xeon E5 2630 V3
    cpe:2.3:h:intel:xeon_e5:2630_v3
  • Intel Xeon E5 2630 V4
    cpe:2.3:h:intel:xeon_e5:2630_v4
  • Intel Xeon E5 2630L
    cpe:2.3:h:intel:xeon_e5:2630l
  • Intel Xeon E5 2630L V2
    cpe:2.3:h:intel:xeon_e5:2630l_v2
  • Intel Xeon E5 2630L V3
    cpe:2.3:h:intel:xeon_e5:2630l_v3
  • Intel Xeon E5 2630L V4
    cpe:2.3:h:intel:xeon_e5:2630l_v4
  • Intel Xeon E5 2637
    cpe:2.3:h:intel:xeon_e5:2637
  • Intel Xeon E5 2637 V2
    cpe:2.3:h:intel:xeon_e5:2637_v2
  • Intel Xeon E5 2637 V3
    cpe:2.3:h:intel:xeon_e5:2637_v3
  • Intel Xeon E5 2637 V4
    cpe:2.3:h:intel:xeon_e5:2637_v4
  • Intel Xeon E5 2640
    cpe:2.3:h:intel:xeon_e5:2640
  • Intel Xeon E5 2640 V2
    cpe:2.3:h:intel:xeon_e5:2640_v2
  • Intel Xeon E5 2640 V3
    cpe:2.3:h:intel:xeon_e5:2640_v3
  • Intel Xeon E5 2640 V4
    cpe:2.3:h:intel:xeon_e5:2640_v4
  • Intel Xeon E5 2643
    cpe:2.3:h:intel:xeon_e5:2643
  • Intel Xeon E5 2643 V2
    cpe:2.3:h:intel:xeon_e5:2643_v2
  • Intel Xeon E5 2643 V3
    cpe:2.3:h:intel:xeon_e5:2643_v3
  • Intel Xeon E5 2643 V4
    cpe:2.3:h:intel:xeon_e5:2643_v4
  • Intel Xeon E5 2648L
    cpe:2.3:h:intel:xeon_e5:2648l
  • Intel Xeon E5 2648L V2
    cpe:2.3:h:intel:xeon_e5:2648l_v2
  • Intel Xeon E5 2648L V3
    cpe:2.3:h:intel:xeon_e5:2648l_v3
  • Intel Xeon E5 2648L V4
    cpe:2.3:h:intel:xeon_e5:2648l_v4
  • Intel Xeon E5 2650
    cpe:2.3:h:intel:xeon_e5:2650
  • Intel Xeon E5 2650 V2
    cpe:2.3:h:intel:xeon_e5:2650_v2
  • Intel Xeon E5 2650 V3
    cpe:2.3:h:intel:xeon_e5:2650_v3
  • Intel Xeon E5 2650 V4
    cpe:2.3:h:intel:xeon_e5:2650_v4
  • Intel Xeon E5 2650L
    cpe:2.3:h:intel:xeon_e5:2650l
  • Intel Xeon E5 2650L V2
    cpe:2.3:h:intel:xeon_e5:2650l_v2
  • Intel Xeon E5 2650L V3
    cpe:2.3:h:intel:xeon_e5:2650l_v3
  • Intel Xeon E5 2650L V4
    cpe:2.3:h:intel:xeon_e5:2650l_v4
  • Intel Xeon E5 2658
    cpe:2.3:h:intel:xeon_e5:2658
  • Intel Xeon E5 2658 V2
    cpe:2.3:h:intel:xeon_e5:2658_v2
  • Intel Xeon E5 2658 V3
    cpe:2.3:h:intel:xeon_e5:2658_v3
  • Intel Xeon E5 2658 V4
    cpe:2.3:h:intel:xeon_e5:2658_v4
  • Intel Xeon E5 2658A V3
    cpe:2.3:h:intel:xeon_e5:2658a_v3
  • Intel Xeon E5 2660
    cpe:2.3:h:intel:xeon_e5:2660
  • Intel Xeon E5 2660 V2
    cpe:2.3:h:intel:xeon_e5:2660_v2
  • Intel Xeon E5 2660 V3
    cpe:2.3:h:intel:xeon_e5:2660_v3
  • Intel Xeon E5 2660 V4
    cpe:2.3:h:intel:xeon_e5:2660_v4
  • Intel Xeon E5 2665
    cpe:2.3:h:intel:xeon_e5:2665
  • Intel Xeon E5 2667
    cpe:2.3:h:intel:xeon_e5:2667
  • Intel Xeon E5 2667 V2
    cpe:2.3:h:intel:xeon_e5:2667_v2
  • Intel Xeon E5 2667 V3
    cpe:2.3:h:intel:xeon_e5:2667_v3
  • Intel Xeon E5 2667 V4
    cpe:2.3:h:intel:xeon_e5:2667_v4
  • Intel Xeon E5 2670
    cpe:2.3:h:intel:xeon_e5:2670
  • Intel Xeon E5 2670 V2
    cpe:2.3:h:intel:xeon_e5:2670_v2
  • Intel Xeon E5 2670 V3
    cpe:2.3:h:intel:xeon_e5:2670_v3
  • Intel Xeon E5 2680
    cpe:2.3:h:intel:xeon_e5:2680
  • Intel Xeon E5 2680 V2
    cpe:2.3:h:intel:xeon_e5:2680_v2
  • Intel Xeon E5 2680 V3
    cpe:2.3:h:intel:xeon_e5:2680_v3
  • Intel Xeon E5 2680 V4
    cpe:2.3:h:intel:xeon_e5:2680_v4
  • Intel Xeon E5 2683 V3
    cpe:2.3:h:intel:xeon_e5:2683_v3
  • Intel Xeon E5 2683 V4
    cpe:2.3:h:intel:xeon_e5:2683_v4
  • Intel Xeon E5 2687W
    cpe:2.3:h:intel:xeon_e5:2687w
  • Intel Xeon E5 2687W V2
    cpe:2.3:h:intel:xeon_e5:2687w_v2
  • Intel Xeon E5 2687W V3
    cpe:2.3:h:intel:xeon_e5:2687w_v3
  • Intel Xeon E5 2687W V4
    cpe:2.3:h:intel:xeon_e5:2687w_v4
  • Intel Xeon E5 2690
    cpe:2.3:h:intel:xeon_e5:2690
  • Intel Xeon E5 2690 V2
    cpe:2.3:h:intel:xeon_e5:2690_v2
  • Intel Xeon E5 2690 V3
    cpe:2.3:h:intel:xeon_e5:2690_v3
  • Intel Xeon E5 2690 V4
    cpe:2.3:h:intel:xeon_e5:2690_v4
  • Intel Xeon E5 2695 V2
    cpe:2.3:h:intel:xeon_e5:2695_v2
  • Intel Xeon E5 2695 V3
    cpe:2.3:h:intel:xeon_e5:2695_v3
  • Intel Xeon E5 2695 V4
    cpe:2.3:h:intel:xeon_e5:2695_v4
  • Intel Xeon E5 2697 V2
    cpe:2.3:h:intel:xeon_e5:2697_v2
  • Intel Xeon E5 2697 V3
    cpe:2.3:h:intel:xeon_e5:2697_v3
  • Intel Xeon E5 2697 V4
    cpe:2.3:h:intel:xeon_e5:2697_v4
  • Intel Xeon E5 2697A V4
    cpe:2.3:h:intel:xeon_e5:2697a_v4
  • Intel Xeon E5 2698 V3
    cpe:2.3:h:intel:xeon_e5:2698_v3
  • Intel Xeon E5 2698 V4
    cpe:2.3:h:intel:xeon_e5:2698_v4
  • Intel Xeon E5 2699 V3
    cpe:2.3:h:intel:xeon_e5:2699_v3
  • Intel Xeon E5 2699 V4
    cpe:2.3:h:intel:xeon_e5:2699_v4
  • Intel Xeon E5 2699A V4
    cpe:2.3:h:intel:xeon_e5:2699a_v4
  • Intel Xeon E5 2699R V4
    cpe:2.3:h:intel:xeon_e5:2699r_v4
  • Intel Xeon E5 4603
    cpe:2.3:h:intel:xeon_e5:4603
  • Intel Xeon E5 4603 V2
    cpe:2.3:h:intel:xeon_e5:4603_v2
  • Intel Xeon E5 4607
    cpe:2.3:h:intel:xeon_e5:4607
  • Intel Xeon E5 4607 V2
    cpe:2.3:h:intel:xeon_e5:4607_v2
  • Intel Xeon E5 4610
    cpe:2.3:h:intel:xeon_e5:4610
  • Intel Xeon E5 4610 V2
    cpe:2.3:h:intel:xeon_e5:4610_v2
  • Intel Xeon E5 4610 V3
    cpe:2.3:h:intel:xeon_e5:4610_v3
  • Intel Xeon E5 4610 V4
    cpe:2.3:h:intel:xeon_e5:4610_v4
  • Intel Xeon E5 4617
    cpe:2.3:h:intel:xeon_e5:4617
  • Intel Xeon E5 4620
    cpe:2.3:h:intel:xeon_e5:4620
  • Intel Xeon E5 4620 V2
    cpe:2.3:h:intel:xeon_e5:4620_v2
  • Intel Xeon E5 4620 V3
    cpe:2.3:h:intel:xeon_e5:4620_v3
  • Intel Xeon E5 4620 V4
    cpe:2.3:h:intel:xeon_e5:4620_v4
  • Intel Xeon E5 4624L V2
    cpe:2.3:h:intel:xeon_e5:4624l_v2
  • Intel Xeon E5 4627 V2
    cpe:2.3:h:intel:xeon_e5:4627_v2
  • Intel Xeon E5 4627 V3
    cpe:2.3:h:intel:xeon_e5:4627_v3
  • Intel Xeon E5 4627 V4
    cpe:2.3:h:intel:xeon_e5:4627_v4
  • Intel Xeon E5 4628L V4
    cpe:2.3:h:intel:xeon_e5:4628l_v4
  • Intel Xeon E5 4640
    cpe:2.3:h:intel:xeon_e5:4640
  • Intel Xeon E5 4640 V2
    cpe:2.3:h:intel:xeon_e5:4640_v2
  • Intel Xeon E5 4640 V3
    cpe:2.3:h:intel:xeon_e5:4640_v3
  • Intel Xeon E5 4640 V4
    cpe:2.3:h:intel:xeon_e5:4640_v4
  • Intel Xeon E5 4648 V3
    cpe:2.3:h:intel:xeon_e5:4648_v3
  • Intel Xeon E5 4650
    cpe:2.3:h:intel:xeon_e5:4650
  • Intel Xeon E5 4650 V2
    cpe:2.3:h:intel:xeon_e5:4650_v2
  • Intel Xeon E5 4650 V3
    cpe:2.3:h:intel:xeon_e5:4650_v3
  • Intel Xeon E5 4650 V4
    cpe:2.3:h:intel:xeon_e5:4650_v4
  • Intel Xeon E5 4650L
    cpe:2.3:h:intel:xeon_e5:4650l
  • Intel Xeon E5 4655 V3
    cpe:2.3:h:intel:xeon_e5:4655_v3
  • Intel Xeon E5 4655 V4
    cpe:2.3:h:intel:xeon_e5:4655_v4
  • Intel Xeon E5 4657L V2
    cpe:2.3:h:intel:xeon_e5:4657l_v2
  • Intel Xeon E5 4660 V3
    cpe:2.3:h:intel:xeon_e5:4660_v3
  • Intel Xeon E5 4660 V4
    cpe:2.3:h:intel:xeon_e5:4660_v4
  • Intel Xeon E5 4667 V3
    cpe:2.3:h:intel:xeon_e5:4667_v3
  • Intel Xeon E5 4667 V4
    cpe:2.3:h:intel:xeon_e5:4667_v4
  • Intel Xeon E5 4669 V3
    cpe:2.3:h:intel:xeon_e5:4669_v3
  • Intel Xeon E5 4669 V4
    cpe:2.3:h:intel:xeon_e5:4669_v4
  • Intel Xeon E7 2803
    cpe:2.3:h:intel:xeon_e7:2803
  • Intel Xeon E7 2820
    cpe:2.3:h:intel:xeon_e7:2820
  • Intel Xeon E7 2830
    cpe:2.3:h:intel:xeon_e7:2830
  • Intel Xeon E7 2850
    cpe:2.3:h:intel:xeon_e7:2850
  • Intel Xeon E7 2850 V2
    cpe:2.3:h:intel:xeon_e7:2850_v2
  • Intel Xeon E7 2860
    cpe:2.3:h:intel:xeon_e7:2860
  • Intel Xeon E7 2870
    cpe:2.3:h:intel:xeon_e7:2870
  • Intel Xeon E7 2870 V2
    cpe:2.3:h:intel:xeon_e7:2870_v2
  • Intel Xeon E7 2880 V2
    cpe:2.3:h:intel:xeon_e7:2880_v2
  • Intel Xeon E7 2890 V2
    cpe:2.3:h:intel:xeon_e7:2890_v2
  • Intel Xeon E7 4807
    cpe:2.3:h:intel:xeon_e7:4807
  • Intel Xeon E7 4809 V2
    cpe:2.3:h:intel:xeon_e7:4809_v2
  • Intel Xeon E7 4809 V3
    cpe:2.3:h:intel:xeon_e7:4809_v3
  • Intel Xeon E7 4809 V4
    cpe:2.3:h:intel:xeon_e7:4809_v4
  • Intel Xeon E7 4820
    cpe:2.3:h:intel:xeon_e7:4820
  • Intel Xeon E7 4820 V2
    cpe:2.3:h:intel:xeon_e7:4820_v2
  • Intel Xeon E7 4820 V3
    cpe:2.3:h:intel:xeon_e7:4820_v3
  • Intel Xeon E7 4820 V4
    cpe:2.3:h:intel:xeon_e7:4820_v4
  • Intel Xeon E7 4830
    cpe:2.3:h:intel:xeon_e7:4830
  • Intel Xeon E7 4830 V2
    cpe:2.3:h:intel:xeon_e7:4830_v2
  • Intel Xeon E7 4830 V3
    cpe:2.3:h:intel:xeon_e7:4830_v3
  • Intel Xeon E7 4830 V4
    cpe:2.3:h:intel:xeon_e7:4830_v4
  • Intel Xeon E7 4850
    cpe:2.3:h:intel:xeon_e7:4850
  • Intel Xeon E7 4850 V2
    cpe:2.3:h:intel:xeon_e7:4850_v2
  • Intel Xeon E7 4850 V3
    cpe:2.3:h:intel:xeon_e7:4850_v3
  • Intel Xeon E7 4850 V4
    cpe:2.3:h:intel:xeon_e7:4850_v4
  • Intel Xeon E7 4860
    cpe:2.3:h:intel:xeon_e7:4860
  • Intel Xeon E7 4860 V2
    cpe:2.3:h:intel:xeon_e7:4860_v2
  • Intel Xeon E7 4870
    cpe:2.3:h:intel:xeon_e7:4870
  • Intel Xeon E7 4870 V2
    cpe:2.3:h:intel:xeon_e7:4870_v2
  • Intel Xeon E7 4880 V2
    cpe:2.3:h:intel:xeon_e7:4880_v2
  • Intel Xeon E7 4890 V2
    cpe:2.3:h:intel:xeon_e7:4890_v2
  • Intel Xeon E7 8830
    cpe:2.3:h:intel:xeon_e7:8830
  • Intel Xeon E7 8837
    cpe:2.3:h:intel:xeon_e7:8837
  • Intel Xeon E7 8850
    cpe:2.3:h:intel:xeon_e7:8850
  • Intel Xeon E7 8850 V2
    cpe:2.3:h:intel:xeon_e7:8850_v2
  • Intel Xeon E7 8857 V2
    cpe:2.3:h:intel:xeon_e7:8857_v2
  • Intel Xeon E7 8860
    cpe:2.3:h:intel:xeon_e7:8860
  • Intel Xeon E7 8860 V3
    cpe:2.3:h:intel:xeon_e7:8860_v3
  • Intel Xeon E7 8860 V4
    cpe:2.3:h:intel:xeon_e7:8860_v4
  • Intel Xeon E7 8867 V3
    cpe:2.3:h:intel:xeon_e7:8867_v3
  • Intel Xeon E7 8867 V4
    cpe:2.3:h:intel:xeon_e7:8867_v4
  • Intel Xeon E7 8867L
    cpe:2.3:h:intel:xeon_e7:8867l
  • Intel Xeon E7 8870
    cpe:2.3:h:intel:xeon_e7:8870
  • Intel Xeon E7 8870 V2
    cpe:2.3:h:intel:xeon_e7:8870_v2
  • Intel Xeon E7 8870 V3
    cpe:2.3:h:intel:xeon_e7:8870_v3
  • Intel Xeon E7 8870 V4
    cpe:2.3:h:intel:xeon_e7:8870_v4
  • Intel Xeon E7 8880 V2
    cpe:2.3:h:intel:xeon_e7:8880_v2
  • Intel Xeon E7 8880 V3
    cpe:2.3:h:intel:xeon_e7:8880_v3
  • Intel Xeon E7 8880 V4
    cpe:2.3:h:intel:xeon_e7:8880_v4
  • Intel Xeon E7 8880L V2
    cpe:2.3:h:intel:xeon_e7:8880l_v2
  • Intel Xeon E7 8880L V3
    cpe:2.3:h:intel:xeon_e7:8880l_v3
  • Intel Xeon E7 8890 V2
    cpe:2.3:h:intel:xeon_e7:8890_v2
  • Intel Xeon E7 8890 V3
    cpe:2.3:h:intel:xeon_e7:8890_v3
  • Intel Xeon E7 8890 V4
    cpe:2.3:h:intel:xeon_e7:8890_v4
  • Intel Xeon E7 8891 V2
    cpe:2.3:h:intel:xeon_e7:8891_v2
  • Intel Xeon E7 8891 V3
    cpe:2.3:h:intel:xeon_e7:8891_v3
  • Intel Xeon E7 8891 V4
    cpe:2.3:h:intel:xeon_e7:8891_v4
  • Intel Xeon E7 8893 V2
    cpe:2.3:h:intel:xeon_e7:8893_v2
  • Intel Xeon E7 8893 V3
    cpe:2.3:h:intel:xeon_e7:8893_v3
  • Intel Xeon E7 8893 V4
    cpe:2.3:h:intel:xeon_e7:8893_v4
  • Intel Xeon E7 8894 V4
    cpe:2.3:h:intel:xeon_e7:8894_v4
  • Intel Xeon Gold 5115
    cpe:2.3:h:intel:xeon_gold:5115
  • Intel Xeon Gold 5118
    cpe:2.3:h:intel:xeon_gold:5118
  • Intel Xeon Gold 5119T
    cpe:2.3:h:intel:xeon_gold:5119t
  • Intel Xeon Gold 5120
    cpe:2.3:h:intel:xeon_gold:5120
  • Intel Xeon Gold 5120T
    cpe:2.3:h:intel:xeon_gold:5120t
  • Intel Xeon Gold 5122
    cpe:2.3:h:intel:xeon_gold:5122
  • Intel Xeon Gold 6126
    cpe:2.3:h:intel:xeon_gold:6126
  • Intel Xeon Gold 6126F
    cpe:2.3:h:intel:xeon_gold:6126f
  • Intel Xeon Gold 6126T
    cpe:2.3:h:intel:xeon_gold:6126t
  • Intel Xeon Gold 6128
    cpe:2.3:h:intel:xeon_gold:6128
  • Intel Xeon Gold 6130
    cpe:2.3:h:intel:xeon_gold:6130
  • Intel Xeon Gold 6130F
    cpe:2.3:h:intel:xeon_gold:6130f
  • Intel Xeon Gold 6130T
    cpe:2.3:h:intel:xeon_gold:6130t
  • Intel Xeon Gold 6132
    cpe:2.3:h:intel:xeon_gold:6132
  • Intel Xeon Gold 6134
    cpe:2.3:h:intel:xeon_gold:6134
  • Intel Xeon Gold 6134M
    cpe:2.3:h:intel:xeon_gold:6134m
  • Intel Xeon Gold 6136
    cpe:2.3:h:intel:xeon_gold:6136
  • Intel Xeon Gold 6138
    cpe:2.3:h:intel:xeon_gold:6138
  • Intel Xeon Gold 6138F
    cpe:2.3:h:intel:xeon_gold:6138f
  • Intel Xeon Gold 6138T
    cpe:2.3:h:intel:xeon_gold:6138t
  • Intel Xeon Gold 6140
    cpe:2.3:h:intel:xeon_gold:6140
  • Intel Xeon Gold 6140M
    cpe:2.3:h:intel:xeon_gold:6140m
  • Intel Xeon Gold 6142
    cpe:2.3:h:intel:xeon_gold:6142
  • Intel Xeon Gold 6142F
    cpe:2.3:h:intel:xeon_gold:6142f
  • Intel Xeon Gold 6142M
    cpe:2.3:h:intel:xeon_gold:6142m
  • Intel Xeon Gold 6144
    cpe:2.3:h:intel:xeon_gold:6144
  • Intel Xeon Gold 6146
    cpe:2.3:h:intel:xeon_gold:6146
  • Intel Xeon Gold 6148
    cpe:2.3:h:intel:xeon_gold:6148
  • Intel Xeon Gold 6148F
    cpe:2.3:h:intel:xeon_gold:6148f
  • Intel Xeon Gold 6150
    cpe:2.3:h:intel:xeon_gold:6150
  • Intel Xeon Gold 6152
    cpe:2.3:h:intel:xeon_gold:6152
  • Intel Xeon Gold 6154
    cpe:2.3:h:intel:xeon_gold:6154
  • Intel Xeon Phi 7210
    cpe:2.3:h:intel:xeon_phi:7210
  • Intel Xeon Phi 7210F
    cpe:2.3:h:intel:xeon_phi:7210f
  • Intel Xeon Phi 7230
    cpe:2.3:h:intel:xeon_phi:7230
  • Intel Xeon Phi 7230F
    cpe:2.3:h:intel:xeon_phi:7230f
  • Intel Xeon Phi 7235
    cpe:2.3:h:intel:xeon_phi:7235
  • Intel Xeon Phi 7250
    cpe:2.3:h:intel:xeon_phi:7250
  • Intel Xeon Phi 7250F
    cpe:2.3:h:intel:xeon_phi:7250f
  • Intel Xeon Phi 7285
    cpe:2.3:h:intel:xeon_phi:7285
  • Intel Xeon Phi 7290
    cpe:2.3:h:intel:xeon_phi:7290
  • Intel Xeon Phi 7290F
    cpe:2.3:h:intel:xeon_phi:7290f
  • Intel Xeon Phi 7295
    cpe:2.3:h:intel:xeon_phi:7295
  • Intel Xeon Platinum 8153
    cpe:2.3:h:intel:xeon_platinum:8153
  • Intel Xeon Platinum 8156
    cpe:2.3:h:intel:xeon_platinum:8156
  • Intel Xeon Platinum 8158
    cpe:2.3:h:intel:xeon_platinum:8158
  • Intel Xeon Platinum 8160
    cpe:2.3:h:intel:xeon_platinum:8160
  • Intel Xeon Platinum 8160F
    cpe:2.3:h:intel:xeon_platinum:8160f
  • Intel Xeon Platinum 8160M
    cpe:2.3:h:intel:xeon_platinum:8160m
  • Intel Xeon Platinum 8160T
    cpe:2.3:h:intel:xeon_platinum:8160t
  • Intel Xeon Platinum 8164
    cpe:2.3:h:intel:xeon_platinum:8164
  • Intel Xeon Platinum 8168
    cpe:2.3:h:intel:xeon_platinum:8168
  • Intel Xeon Platinum 8170
    cpe:2.3:h:intel:xeon_platinum:8170
  • Intel Xeon Platinum 8170M
    cpe:2.3:h:intel:xeon_platinum:8170m
  • Intel Xeon Platinum 8176
    cpe:2.3:h:intel:xeon_platinum:8176
  • Intel Xeon Platinum 8176F
    cpe:2.3:h:intel:xeon_platinum:8176f
  • Intel Xeon Platinum 8176M
    cpe:2.3:h:intel:xeon_platinum:8176m
  • Intel Xeon Platinum 8180
    cpe:2.3:h:intel:xeon_platinum:8180
  • Intel Xeon Silver 4108
    cpe:2.3:h:intel:xeon_silver:4108
  • Intel Xeon Silver 4109T
    cpe:2.3:h:intel:xeon_silver:4109t
  • Intel Xeon Silver 4110
    cpe:2.3:h:intel:xeon_silver:4110
  • Intel Xeon Silver 4112
    cpe:2.3:h:intel:xeon_silver:4112
  • Intel Xeon Silver 4114
    cpe:2.3:h:intel:xeon_silver:4114
  • Intel Xeon Silver 4114T
    cpe:2.3:h:intel:xeon_silver:4114t
  • Intel Xeon Silver 4116
    cpe:2.3:h:intel:xeon_silver:4116
  • Intel Xeon Silver 4116T
    cpe:2.3:h:intel:xeon_silver:4116t
  • cpe:2.3:h:arm:cortex-a:8
    cpe:2.3:h:arm:cortex-a:8
  • ARM Cortex-A9
    cpe:2.3:h:arm:cortex-a:9
  • cpe:2.3:h:arm:cortex-a:12
    cpe:2.3:h:arm:cortex-a:12
  • ARM Cortex-A15
    cpe:2.3:h:arm:cortex-a:15
  • ARM Cortex-A17
    cpe:2.3:h:arm:cortex-a:17
  • ARM Cortex-A57
    cpe:2.3:h:arm:cortex-a:57
  • ARM Cortex-A72
    cpe:2.3:h:arm:cortex-a:72
  • ARM Cortex-A73
    cpe:2.3:h:arm:cortex-a:73
  • ARM Cortex-A75
    cpe:2.3:h:arm:cortex-a:75
  • cpe:2.3:h:arm:cortex-a:76
    cpe:2.3:h:arm:cortex-a:76
  • cpe:2.3:h:arm:cortex-r:7
    cpe:2.3:h:arm:cortex-r:7
  • cpe:2.3:h:arm:cortex-r:8
    cpe:2.3:h:arm:cortex-r:8
CVSS
Base: 4.7
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
exploit-db via4
description Multiple CPUs - 'Spectre' Information Disclosure. CVE-2017-5715,CVE-2017-5753. Local exploit for Multiple platform
file exploits/multiple/local/43427.c
id EDB-ID:43427
last seen 2018-01-24
modified 2018-01-03
platform multiple
port
published 2018-01-03
reporter Exploit-DB
source https://www.exploit-db.com/download/43427/
title Multiple CPUs - 'Spectre' Information Disclosure
type local
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-118.NASL
    description This update for webkit2gtk3 fixes the following issues : Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715). Update to version 2.18.4 : + Make WebDriver implementation more spec compliant. + Fix a bug when trying to remove cookies before a web process is spawned. + WebKitWebDriver process no longer links to libjavascriptcoregtk. + Fix several memory leaks in GStreamer media backend. + bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to version 2.18.3 : + Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. + Fix handling of null capabilities in WebDriver implementation. + Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803. Update to version 2.18.2 : + Fix rendering of arabic text. + Fix a crash in the web process when decoding GIF images. + Fix rendering of wind in Windy.com. + Fix several crashes and rendering issues. Update to version 2.18.1 : + Improve performance of GIF animations. + Fix garbled display in GMail. + Fix rendering of several material design icons when using the web font. + Fix flickering when resizing the window in Wayland. + Prevent default kerberos authentication credentials from being used in ephemeral sessions. + Fix a crash when webkit_web_resource_get_data() is cancelled. + Correctly handle touchmove and touchend events in WebKitWebView. + Fix the build with enchant 2.1.1. + Fix the build in HPPA and Alpha. + Fix several crashes and rendering issues. + Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. - Enable gold linker on s390/s390x on SLE15/Tumbleweed. This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 106549
    published 2018-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106549
    title openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180103_KERNEL_ON_SL6_X.NASL
    description Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workload and hardware configuration. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 105534
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105534
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (Meltdown) (Spectre)
  • NASL family AIX Local Security Checks
    NASL id AIX_IJ03034.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 106314
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106314
    title AIX 7.2 TL 0 : spectre_meltdown (IJ03034) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0021.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - gnttab: don't blindly free status pages upon version change (Andrew Cooper)  [Orabug: 27571750]  (CVE-2018-7541) - memory: don't implicitly unpin for decrease-reservation (Andrew Cooper)  [Orabug: 27571737]  (CVE-2018-7540) - BUILDINFO: xen commit=873b8236e886daa3c26dae28d0c1c53d88447dc0 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xend: if secure boot is enabled don't write pci config space (Elena Ufimtseva)  [Orabug: 27533309] - BUILDINFO: xen commit=81602116e75b6bbc519366b242c71888aa1b1673 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - xen/cmdline: Fix parse_boolean for unadorned values (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Optimize the context switch code a bit (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Update init_speculation_mitigations to upstream's (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Update RSB related implementation to upstream ones (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - BUILDINFO: xen commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) (Konrad Rzeszutek Wilk)  [Orabug: 27445678] - BUILDINFO: xen commit=9657d91fcbf49798d2c5135866e1947113d536dc - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/Spectre: Set thunk to THUNK_NONE if compiler support is not available (Boris Ostrovsky)  [Orabug: 27375688] - BUILDINFO: xen commit=4e5826dfcb56d3a868a9934646989f8483f03b3c - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xen: No dependencies on dracut and microcode_ctl RPMs (Boris Ostrovsky)  [Orabug: 27409718]
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 107130
    published 2018-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107130
    title OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0046.NASL
    description An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 105677
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105677
    title RHEL 6 / 7 : rhev-hypervisor7 (RHSA-2018:0046) (Meltdown) (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4004.NASL
    description Description of changes: [4.1.12-112.14.5.el7uek] - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825] [4.1.12-112.14.4.el7uek] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715} [4.1.12-112.14.3.el7uek] - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 105759
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105759
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4004) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0020.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=9ccc143584e12027a8db854d19ce8a120d22cfac - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - gnttab: don't blindly free status pages upon version change (Andrew Cooper)  [Orabug: 27614581]  (CVE-2018-7541) - memory: don't implicitly unpin for decrease-reservation (Andrew Cooper)  [Orabug: 27614605]  (CVE-2018-7540) - xend: allow setting topology if smt is off in bios (Elena Ufimtseva)  - x86/svm: clear CPUID IBPB when feature is not supported (Elena Ufimtseva)  [Orabug: 27416699] - x86/domain: Move hvm_vcpu_initialize before cpuid_policy_changed (Elena Ufimtseva)  [Orabug: 27416699] - x86, amd_ucode: support multiple container files appended together (Aravind Gopalakrishnan)  [Orabug: 27416699] - x86/intel: change default governor to performance (Joao Martins) - x86/cpuidle: Disable deep C-states due to erratum AAJ72 (Joao Martins)  [Orabug: 27614625] - Revert 'set max cstate to 1' (Joao Martins)  [Orabug: 27614625] - x86/cpuidle: add new CPU families (Jan Beulich)  [Orabug: 27614625] - x86/Intel: Broadwell doesn't have PKG_C[8,9,10]_RESIDENCY MSRs (Jan Beulich)  [Orabug: 27614625] - x86: support newer Intel CPU models (Jan Beulich)  [Orabug: 27614625] - mwait-idle: add KBL support (Len Brown)  [Orabug: 27614625] - mwait-idle: add SKX support (Len Brown)  [Orabug: 27614625] - mwait_idle: Skylake Client Support (Len Brown)  [Orabug: 27614625] - x86: support newer Intel CPU models (Jan Beulich)  [Orabug: 27614625] - x86/idle: update to include further package/core residency MSRs (Jan Beulich)  [Orabug: 27614625] - mwait-idle: support additional Broadwell model (Len Brown) [Orabug: 27614625] - x86/mwait-idle: Broadwell support (Len Brown)  [Orabug: 27614625] - x86/mwait-idle: disable Baytrail Core and Module C6 auto-demotion (Len Brown)  [Orabug: 27614625] - mwait-idle: add CPU model 54 (Atom N2000 series) (Jan Kiszka) [Orabug: 27614625] - mwait-idle: support Bay Trail (Len Brown)  [Orabug: 27614625] - mwait-idle: allow sparse sub-state numbering, for Bay Trail (Len Brown)  [Orabug: 27614625] - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=c837c35e1c04791a50f930926ba815ca5b4d3661 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xend: restore smt parameter on guest reboot (Elena Ufimtseva) [Orabug: 27574191] - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=f36f7903ae0886ab4ef7e3e01c83c9dba819537b - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - xen/cmdline: Fix parse_boolean for unadorned values (Andrew Cooper)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Optimize the context switch code a bit (Zhenzhong Duan)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Update init_speculation_mitigations to upstream's (Zhenzhong Duan)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - Update RSB related implementation to upstream ones (Zhenzhong Duan)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754) - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=bdecffda647e17f8aaeb4057bd1064236075bc9c - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xend: if secure boot is enabled don't write pci config space (Elena Ufimtseva)  [Orabug: 27533309] - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=46aa4f995b266e9dc0bce98b448423c5fdc79fde - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - hvmloader: Correct nr_vnodes when init_vnuma_info fails (Annie Li)  - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=1fb819ca1b801af1f59983f34776501336a57979 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - Fail migration if destination does not allow pv guest running (Annie Li)  [Orabug: 27465310] - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=dfc241a5b6a952bde385b1d68ef42acf8f80302c - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) (Konrad Rzeszutek Wilk)  [Orabug: 27445667] - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=d5afa57c42732dc35a572582099c67ee3c397434 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - Enable creating pv guest on OVM3.4.4 by default (Annie Li) [Orabug: 27424482] - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=619dd3aa6aac97dbc9f23fdae3d6fd6dfab8a0da - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xen/x86: Make sure identify_cpu is called with traps enabled (Joao Martins)  [Orabug: 27393237] - xend: disallow pv guests to run (Joao Martins)  [Orabug: 27370330] - hvmloader, x86/hvm, domctl: enumerate apicid based on vcpu_to_vnode (Joao Martins)  [Orabug: 27119689] - xend: conditionally use dom0 vcpus for vnuma auto (Joao Martins) - x86/Spectre: Set thunk to THUNK_NONE if compiler support is not available (Boris Ostrovsky)  [Orabug: 27375704] - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=1d2270f50ef2b1b22b8f6ee7a9b571ea96f7f37b - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xen: No dependencies on dracut and microcode_ctl RPMs (Boris Ostrovsky)  [Orabug: 27409734]
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 107129
    published 2018-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107129
    title OracleVM 3.4 : xen (OVMSA-2018-0020) (Meltdown) (Spectre)
  • NASL family Misc.
    NASL id CITRIX_XENSERVER_CTX231390.NASL
    description The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities.
    last seen 2018-07-10
    modified 2018-07-09
    plugin id 105617
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105617
    title Citrix XenServer Multiple Vulnerabilities (CTX231390) (Meltdown)(Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_JAN_4056891.NASL
    description The remote Windows host is missing security update 4056891 or 4057144. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0744) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0758, CVE-2018-0769, CVE-2018-0770, CVE-2018-0776, CVE-2018-0777, CVE-2018-0781) - An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752) - An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. (CVE-2018-0803) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0762, CVE-2018-0772) - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0766) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0767, CVE-2018-0780) - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749) - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0745, CVE-2018-0746, CVE-2018-0747) - An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0743)
    last seen 2018-07-31
    modified 2018-07-30
    plugin id 105549
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105549
    title KB4056891: Windows 10 Version 1703 January 2018 Security Update (Meltdown)(Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-0007.NASL
    description From Red Hat Security Advisory 2018:0007 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 105598
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105598
    title Oracle Linux 7 : kernel (ELSA-2018-0007) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0016.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] (CVE-2017-5753) - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] (CVE-2017-5753) - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] (CVE-2017-5715) - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] (CVE-2017-5715) - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) (CVE-2017-5715) - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) (CVE-2017-5715) - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/spec: Don't print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] (CVE-2017-5715) - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5715) - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] (CVE-2017-5715) - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5715) (CVE-2017-5753) - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] (CVE-2017-5715) (CVE-2017-5753) - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] (CVE-2017-5715) - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] (CVE-2017-5715) - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] (CVE-2017-5715) (CVE-2017-5754) - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] (CVE-2017-5715) - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5715) - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] (CVE-2017-5754) - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] (CVE-2017-5715) - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] (CVE-2017-5715) - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] (CVE-2017-5715) - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] (CVE-2017-5715) - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] (CVE-2017-5754) - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] (CVE-2017-5754) (CVE-2017-5754) - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] (CVE-2017-5754) - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] (CVE-2017-5754) - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] (CVE-2017-5754) - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] (CVE-2017-5754) - kaiser: kaiser_flush_tlb_on_return_to_user check PCID (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] (CVE-2017-5754) - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] (CVE-2017-5754) - kaiser: alloc_ldt_struct use get_zeroed_page (Hugh Dickins) [Orabug: 27333764] (CVE-2017-5754) - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] (CVE-2017-5754) - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] (CVE-2017-5754) - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] (CVE-2017-5754) - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] (CVE-2017-5754) - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] (CVE-2017-5754) - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Fix flush_tlb_page on Xen (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] (CVE-2017-5754) - sched/core: Idle_task_exit shouldn't use switch_mm_irqs_off (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm, sched/core: Turn off IRQs in switch_mm (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm, sched/core: Uninline switch_mm (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - sched/core: Add switch_mm_irqs_off and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] (CVE-2017-5754) - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) - x86/paravirt: Don't patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] (CVE-2017-5754) - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] (CVE-2017-5754) (CVE-2015-5157)
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 106524
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106524
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0016) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1376-1.NASL
    description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values : - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypas s file, containing : - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 110041
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110041
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1376-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0601-1.NASL
    description This update for xen fixes several issues. These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635). - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 107140
    published 2018-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107140
    title SUSE SLES12 Security Update : xen (SUSE-SU-2018:0601-1) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0179-1.NASL
    description This update for wireshark to version 2.2.12 fixes the following issues : - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12 .html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-05
    modified 2018-08-02
    plugin id 106293
    published 2018-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106293
    title SUSE SLES11 Security Update : wireshark (SUSE-SU-2018:0179-1) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180313_KERNEL_ON_SL6_X.NASL
    description Security Fix(es) : - hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important) - hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important) - hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754) Bug Fixes : - If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue. Consequently, the FC port login failed, leaving the port state as 'Bypassed' instead of 'Online', and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue. As a result, SCSI device now continues working as expected after power cycling the FC switch. - Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior. - Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance. - Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior. - If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. The system must be rebooted for this update to take effect.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 108364
    published 2018-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108364
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (Meltdown) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0044.NASL
    description An update for redhat-virtualization-host is now available for RHEV 3.X Hypervisor and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 105675
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105675
    title RHEL 7 : redhat-virtualization-host (RHSA-2018:0044) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0224.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0224 for details.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 110110
    published 2018-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110110
    title OracleVM 3.3 : xen (OVMSA-2018-0224) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0191-1.NASL
    description This update for wireshark to version 2.2.12 fixes the following issues : - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12 .html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-05
    modified 2018-08-02
    plugin id 106342
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106342
    title SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:0191-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0010-1.NASL
    description The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor for available firmware or BIOS updates. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This is only enabled by default on affected architectures. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed : - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 105574
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105574
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0010-1) (Meltdown) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_FEB_4074596.NASL
    description The remote Windows host is missing security update 4074596. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0866) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830) - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820) - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. (CVE-2018-0847) - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0825) - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860) - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821) - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0840) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)
    last seen 2018-06-26
    modified 2018-06-25
    plugin id 106801
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106801
    title KB4074596: Windows 10 February 2018 Security Update (Meltdown)(Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3597-1.NASL
    description USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details : Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 108371
    published 2018-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108371
    title Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3597-1) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-169.NASL
    description This update for xen fixes several issues. These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). These non-security issues were fixed : - bsc#1067317: pass cache=writeback|unsafe|directsync to qemu depending on the libxl disk settings - bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2 - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1027519: Added several upstream patches This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 106864
    published 2018-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106864
    title openSUSE Security Update : xen (openSUSE-2018-169) (Meltdown) (Spectre)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3549-1.NASL
    description Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-10
    modified 2018-08-06
    plugin id 106483
    published 2018-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106483
    title Ubuntu 16.04 LTS : linux-kvm vulnerabilities (USN-3549-1) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_FEB_4074592.NASL
    description The remote Windows host is missing security update 4074592. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0866) - A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2018-0827) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0763, CVE-2018-0839) - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. (CVE-2018-0847) - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0825) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861) - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822) - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821) - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0809) - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820, CVE-2018-0831) - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-0771) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0840) - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826)
    last seen 2018-06-26
    modified 2018-06-25
    plugin id 106798
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106798
    title KB4074592: Windows 10 Version 1703 February 2018 Security Update (Meltdown)(Spectre)
  • NASL family Misc.
    NASL id XEN_SERVER_XSA-254.NASL
    description According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.
    last seen 2018-08-10
    modified 2018-08-07
    plugin id 106902
    published 2018-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106902
    title Xen Multiple Vulnerabilities (Spectre) (Meltdown) (XSA-254)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3530-1.NASL
    description It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5753, CVE-2017-5715). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-10
    modified 2018-08-06
    plugin id 105766
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105766
    title Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3530-1) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_FEB_4074590.NASL
    description The remote Windows host is missing security update 4074590. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0866) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830) - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842) - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0825) - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826) - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861) - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821) - An elevation of privilege vulnerability exists in Microsoft Windows when the MultiPoint management account password is improperly secured. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. (CVE-2018-0828) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0840) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832) - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. (CVE-2018-0847) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846) - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-0771) - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820, CVE-2018-0831)
    last seen 2018-07-01
    modified 2018-06-29
    plugin id 106796
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106796
    title KB4074590: Windows 10 Version 1607 and Windows Server 2016 February 2018 Security Update (Meltdown)(Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0020.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 105562
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105562
    title RHEL 6 : kernel (RHSA-2018:0020) (Meltdown) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0292.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for IBM zSeries (S390) and x86-64 architectures are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important, S390 and x86-64) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, S390) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important, x86-64) Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 107058
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107058
    title RHEL 5 : kernel (RHSA-2018:0292) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-2.NASL
    description The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. Note that this is only done on affected platforms. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed : - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed : - Add undefine _unique_build_ids (bsc#964063) - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bcache: Fix building error on MIPS (bnc#1012382). - bnxt_en: Do not print 'Link speed -1 no longer supported' messages (bsc#1070116). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - btrfs: clear space cache inode generation always (bnc#1012382). - btrfs: embed extent_changeset::range_changed to the structure (dependent patch, bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (bsc#1031395). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependent patch, bsc#1031395). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (bsc#1031395). - btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make CONFIG_BTRFS_FS_RUN_SANITY_TESTS pass compile). - btrfs: ulist: make the finalization function public (dependent patch, bsc#1031395). - btrfs: ulist: rename ulist_fini to ulist_release (dependent patch, bsc#1031395). - carl9170: prevent speculative execution (bnc#1068032). - ceph: drop negative child dentries before try pruning inode's alias (bsc#1073525). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009). - cw1200: prevent speculative execution (bnc#1068032). - drm/radeon: fix atombios on big endian (bnc#1012382). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - Fix unsed variable warning in has_unmovable_pages (bsc#1073868). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp() (FATE#321231 FATE#321473 FATE#322153 FATE#322149). - ip_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ipv6: prevent speculative execution (bnc#1068032). - iw_cxgb4: fix misuse of integer variable (bsc#963897,FATE#320114). - iw_cxgb4: only insert drain cqes if wq is flushed (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - iw_cxgb4: reflect the original WR opcode in drain cqes (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - iw_cxgb4: when flushing, complete all wrs in a chain (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - kabi fix for new hash_cred function (bsc#1012917). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: disabled on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net/mlx5e: DCBNL, Implement tc with ets type and zero bandwidth (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix ETS BW check (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix error flow in CREATE_QP command (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net: mpls: prevent speculative execution (bnc#1068032). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfs: revalidate '.' etc correctly on 'open' (bsc#1068951). - nfs: revalidate '.' etc correctly on 'open' (git-fixes). Fix References: tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - nvme-fabrics: introduce init command check for a queue that is not alive (bsc#1072890). - nvme-fc: check if queue is ready in queue_rq (bsc#1072890). - nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890). - nvme-loop: check if queue is ready in queue_rq (bsc#1072890). - nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890). - nvmet_fc: correct broken add_port (bsc#1072890). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Revert 'drm/radeon: dont switch vt on suspend' (bnc#1012382). - Revert 'ipsec: Fix aborted xfrm policy dump crash' (kabi). - Revert 'netlink: add a start callback for starting a netlink dump' (kabi). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/qeth: add missing hash table initializations (bnc#1072216, LTC#162173). - s390/qeth: fix early exit from error path (bnc#1072216, LTC#162173). - s390/qeth: fix thinko in IPv4 multicast address tracking (bnc#1072216, LTC#162173). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi: lpfc: correct sg_seg_cnt attribute min vs default (bsc#1072166). - scsi: qedi: Limit number for CQ queues (bsc#1072866). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - sfc: pass valid pointers from efx_enqueue_unwind (bsc#1017967 FATE#321663). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - Update config files: enable KAISER. - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032).
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 105597
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105597
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-2) (Meltdown) (Spectre)
  • NASL family Windows
    NASL id VMWARE_PLAYER_WIN_VMSA_2017_0021.NASL
    description The version of VMware Player installed on the remote Windows host is 12.x prior to 12.5.8. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine to another virtual machine on the same host.
    last seen 2018-08-10
    modified 2018-08-06
    plugin id 105555
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105555
    title VMware Player 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1CE95BC7327811E8B52700012E582166.NASL
    description The WebKit team reports many vulnerabilities. Please reference the CVE/URL list for details.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 108703
    published 2018-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108703
    title FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (1ce95bc7-3278-11e8-b527-00012e582166) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1368-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values : - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypas s file, containing : - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895) - CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755). - CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86. - CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel. The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 110035
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110035
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1368-1) (Spectre)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2018-0002.NASL
    description Bounds Check bypass and Branch Target Injection issues CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability. Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.
    last seen 2018-08-10
    modified 2018-08-06
    plugin id 105584
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105584
    title VMSA-2018-0002 : VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. (Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4109.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2018-07-18
    modified 2018-07-16
    plugin id 109829
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109829
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4109) (Meltdown) (Spectre)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_APR_4093112.NASL
    description The remote Windows host is missing security update 4093112. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. (CVE-2018-1009) - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files. (CVE-2018-0966) - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019) - A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows SNMP Service processes SNMP traps. (CVE-2018-0967) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0960) - An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1008) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0987) - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-1003) - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0963) - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2018-0976) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0988, CVE-2018-0996, CVE-2018-1001) - A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings. (CVE-2018-0890) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020) - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0998) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975) - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0892) - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-0957, CVE-2018-0964) - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-1023) - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-8116) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-1004) - An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. (CVE-2018-0981, CVE-2018-0989, CVE-2018-1000) - A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2018-0956) - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0887)
    last seen 2018-08-15
    modified 2018-08-14
    plugin id 108964
    published 2018-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108964
    title KB4093112: Windows 10 Version 1709 and Windows Server Version 1709 April 2018 Security Update (Meltdown)(Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0007.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-03
    modified 2018-07-02
    plugin id 105588
    published 2018-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105588
    title CentOS 7 : kernel (CESA-2018:0007) (Meltdown) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0007.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 105523
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105523
    title RHEL 7 : kernel (RHSA-2018:0007) (Meltdown) (Spectre)
  • NASL family Windows
    NASL id GOOGLE_CHROME_64_0_3282_119.NASL
    description The version of Google Chrome installed on the remote Windows host is prior to 64.0.3282.119. It is, therefore, affected by multiple security vulnerabilities as noted in Chrome stable channel update release notes for January 24th, 2018. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-07-14
    modified 2018-07-13
    plugin id 106485
    published 2018-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106485
    title Google Chrome < 64.0.3282.119 Multiple Vulnerabilities (Spectre)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FUSION_VMSA_2017_0021.NASL
    description The version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.9. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine to another virtual machine on the same host.
    last seen 2018-07-15
    modified 2018-07-14
    plugin id 105485
    published 2017-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105485
    title VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (macOS)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0098.NASL
    description An update of [linux] packages for PhotonOS has been released. This kernel update mitigates vulnerabilities [CVE-2017-5753](https://web.nv d.nist.gov/view/vuln/detail?vulnId=CVE-2017-5753) and [CVE-2017-5715]( https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5715) which are referred to as the variants of Spectre vulnerability.
    last seen 2018-08-18
    modified 2018-08-17
    plugin id 111911
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111911
    title Photon OS 1.0: Linux PHSA-2018-1.0-0098
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_FEB_4074591.NASL
    description The remote Windows host is missing security update 4074591. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0866) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830) - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820) - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. (CVE-2018-0847) - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0825) - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826) - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860) - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821) - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0840) - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832) - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)
    last seen 2018-06-26
    modified 2018-06-25
    plugin id 106797
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106797
    title KB4074591: Windows 10 Version 1511 February 2018 Security Update (Meltdown)(Spectre)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4022.NASL
    description Description of changes: kernel-uek [3.8.13-118.20.2.el7uek] - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] {CVE-2017-5753} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/spec: Don't print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] {CVE-2017-5715} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] {CVE-2017-5715} - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5754} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5754} - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] {CVE-2017-5715} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] {CVE-2017-5754} {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] {CVE-2017-5754} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] {CVE-2017-5754} - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] {CVE-2017-5754} - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] {CVE-2017-5754} - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix flush_tlb_page() on Xen (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} {CVE-2015-5157}
    last seen 2018-07-30
    modified 2018-07-25
    plugin id 106468
    published 2018-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106468
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4022) (Meltdown) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0022.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 105563
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105563
    title RHEL 6 : kernel (RHSA-2018:0022) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0007.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) (CVE-2017-5715) - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753) - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) (CVE-2017-5715) - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] (CVE-2017-5715) - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] (CVE-2017-5715) - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] (CVE-2017-5715) - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] (CVE-2017-5715) - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715) - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] (CVE-2017-5715) - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] (CVE-2017-5715) - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715) - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] (CVE-2017-5715) - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] (CVE-2017-5715) - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] (CVE-2017-5715) - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715) - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] (CVE-2017-5715) - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 105761
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105761
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0007) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180125_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. * Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important) * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important)
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 106340
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106340
    title Scientific Linux Security Update : kernel on SL7.x x86_64 (Meltdown) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180103_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workload and hardware configuration. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 105535
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105535
    title Scientific Linux Security Update : kernel on SL7.x x86_64 (Meltdown) (Spectre)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-690989736A.NASL
    description This update includes improvements to mitigate the effects of Spectre ([CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20 17-5753) and [CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 7-5715)) : - Disable SharedArrayBuffers from Web API. - Reduce the precision of “high” resolution time to 1ms. Additional fixes : - Fix API documentation generation with newer gtk-doc. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 106178
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106178
    title Fedora 26 : webkitgtk4 (2018-690989736a) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1603-1.NASL
    description This update for xen fixes several issues. These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). bsc#1027519 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 110444
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110444
    title SUSE SLES11 Security Update : xen (SUSE-SU-2018:1603-1) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0115-1.NASL
    description The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. This issue is addressed for the x86_64, the IBM Power and IBM zSeries architecture. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 and IBM zSeries architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in separate updates. For IBM Power and zSeries the required firmware updates are supplied over regular channels by IBM. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. This update does this on the x86_64 architecture, it is not required on the IBM zSeries architecture. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed : - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer. (bnc#1072876). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694). - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 106095
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106095
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0115-1) (Meltdown) (Spectre)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0011.NASL
    description An update of [linux] packages for PhotonOS has been released. This kernel update mitigates vulnerabilities CVE-2017-5753 and CVE-2017-5715 which are referred to as the variants of Spectre vulnerability.
    last seen 2018-07-30
    modified 2018-07-25
    plugin id 111282
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111282
    title Photon OS 2.0 : linux (PhotonOS-PHSA-2018-2.0-0011) (Spectre)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1423.NASL
    description Linux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a supported upgrade path for systems that currently use kernel packages from the 'jessie-backports' suite. There is no need to upgrade systems using Linux 3.16, as that kernel version will also continue to be supported in the LTS period. This backport does not include the following binary packages : hyperv-daemons libcpupower1 libcpupower-dev libusbip-dev linux-compiler-gcc-4.9-x86 linux-cpupower linux-libc-dev usbip Older versions of most of those are built from other source packages in Debian 8. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5753 Further instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated. CVE-2017-18255 It was discovered that the performance events subsystem did not properly validate the value of the kernel.perf_cpu_time_max_percent sysctl. Setting a large value could have an unspecified security impact. However, only a privileged user can set this sysctl. CVE-2018-1118 The syzbot software found that the vhost driver did not initialise message buffers which would later be read by user processes. A user with access to the /dev/vhost-net device could use this to read sensitive information from the kernel or other users' processes. CVE-2018-1120 Qualys reported that a user able to mount FUSE filesystems can create a process such that when another process attempting to read its command line will be blocked for an arbitrarily long time. This could be used for denial of service, or to aid in exploiting a race condition in the other program. CVE-2018-1130 The syzbot software found that the DCCP implementation of sendmsg() does not check the socket state, potentially leading to a NULL pointer dereference. A local user could use this to cause a denial of service (crash). CVE-2018-3639 Multiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4. This update allows the issue to be mitigated on some x86 processors by disabling SSB. This requires an update to the processor's microcode, which is non-free. It may be included in an update to the system BIOS or UEFI firmware, or in a future update to the intel-microcode or amd64-microcode packages. Disabling SSB can reduce performance significantly, so by default it is only done in tasks that use the seccomp feature. Applications that require this mitigation should request it explicitly through the prctl() system call. Users can control where the mitigation is enabled with the spec_store_bypass_disable kernel parameter. CVE-2018-5814 Jakub Jirasek reported race conditions in the USB/IP host driver. A malicious client could use this to cause a denial of service (crash or memory corruption), and possibly to execute code, on a USB/IP server. CVE-2018-10021 A physically present attacker who unplugs a SAS cable can cause a denial of service (memory leak and WARN). CVE-2018-10087, CVE-2018-10124 zhongjiang found that the wait4() and kill() system call implementations did not check for the invalid pid value of INT_MIN. If a user passed this value, the behaviour of the code was formally undefined and might have had a security impact. CVE-2018-10853 Andy Lutomirski and Mika Penttilä reported that KVM for x86 processors did not perform a necessary privilege check when emulating certain instructions. This could be used by an unprivileged user in a guest VM to escalate their privileges within the guest. CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883 Wen Xu at SSLab, Gatech, reported that crafted ext4 filesystem images could trigger a crash or memory corruption. A local user able to mount arbitrary filesystems, or an attacker providing filesystems to be mounted, could use this for denial of service or possibly for privilege escalation. CVE-2018-10940 Dan Carpenter reported that the optical disc driver (cdrom) does not correctly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A user with access to a cdrom device could use this to cause a denial of service (crash). CVE-2018-11506 Piotr Gabriel Kosinski and Daniel Shapira reported that the SCSI optical disc driver (sr) did not allocate a sufficiently large buffer for sense data. A user with access to a SCSI optical disc device that can produce more than 64 bytes of sense data could use this to cause a denial of service (crash or memory corruption), and possibly for privilege escalation. CVE-2018-12233 Shankara Pailoor reported that a crafted JFS filesystem image could trigger a denial of service (memory corruption). This could possibly also be used for privilege escalation. CVE-2018-1000204 The syzbot software found that the SCSI generic driver (sg) would in some circumstances allow reading data from uninitialised buffers, which could include sensitive information from the kernel or other tasks. However, only privileged users with the CAP_SYS_ADMIN or CAP_SYS_RAWIO capability were allowed to do this, so this has little or no security impact. For Debian 8 'Jessie', these problems have been fixed in version 4.9.110-1~deb8u1. This update additionally fixes Debian bugs #860900, #872907, #892057, #896775, #897590, and #898137; and includes many more bug fixes from stable updates 4.9.89-4.9.110 inclusive. We recommend that you upgrade your linux-4.9 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-07-30
    modified 2018-07-25
    plugin id 111165
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111165
    title Debian DLA-1423-1 : linux-4.9 new package (Spectre)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-057-01.NASL
    description New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 1.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 107006
    published 2018-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107006
    title Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-057-01) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0012-1.NASL
    description The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpecŧreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. Note that this is only done on affected platforms. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. Also the following unrelated security bugs were fixed : - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 105576
    published 2018-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105576
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0012-1) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0005.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0005 for details.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 105717
    published 2018-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105717
    title OracleVM 3.4 : xen (OVMSA-2018-0005) (Meltdown) (Spectre)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0012.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386890] - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) - xen-blkback: pull nseg validation out in a function (Ankur Arora) - xen-blkback: make struct pending_req less monolithic (Ankur Arora) - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27403317] - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27403317] - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27403317] - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27403317] - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27403317] - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27403317] - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) (CVE-2017-5753) - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27402301] (CVE-2017-1000407) (CVE-2017-1000407) - xfs: give all workqueues rescuer threads (Chris Mason) [Orabug: 27397568] - ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins)
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 106226
    published 2018-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106226
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0012) (Spectre)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4187.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. - CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution. - CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. - CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation. - CVE-2017-13220 Al Viro reported that the Bluetooth HIDP implementation could dereference a pointer before performing the necessary type check. A local user could use this to cause a denial of service. - CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service. - CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users. This information could aid the exploitation of other vulnerabilities. - CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service. - CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service. - CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a received packet, leading to a NULL pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service. - CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution. - CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service. - CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a NULL pointer dereference. A local user could use this for denial of service. - CVE-2017-18232 Jason Yan reported a race condition in the SAS (Serial-Attached SCSI) subsystem, between probing and destroying a port. This could lead to a deadlock. A physically present attacker could use this to cause a denial of service. - CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the 'noflush_merge' mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service. - CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a NULL pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service. - CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default. - CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service. - CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation. - CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a NULL pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service. - CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities. - CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service. - CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact. - CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a null pointer check. A local attacker on a system with the rds module loaded could use this for denial of service. - CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. - CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset. A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service. - CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service. - CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact. - CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation. - CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client. - CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. - CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings. Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 109517
    published 2018-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109517
    title Debian DSA-4187-1 : linux - security update (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-3.NASL
    description The openSUSE Leap 42.2 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. Note that this is only done on affected platforms. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. The following security bugs were fixed : - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed : - Add undefine _unique_build_ids (bsc#964063) - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - Always sign validate_negotiate_info reqs (bsc#1071009, fate#324404). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bcache: Fix building error on MIPS (bnc#1012382). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - btrfs: clear space cache inode generation always (bnc#1012382). - carl9170: prevent speculative execution (bnc#1068032). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cw1200: prevent speculative execution (bnc#1068032). - drm/radeon: fix atombios on big endian (bnc#1012382). - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - Fix leak of validate_negotiate_info resp (bsc#1071009, fate#324404). - Fix NULL pointer deref in SMB2_tcon() (bsc#1071009, fate#324404). - Fix validate_negotiate_info uninitialized mem (bsc#1071009, fate#324404). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ipv6: prevent speculative execution (bnc#1068032). - kabi fix for new hash_cred function (bsc#1012917). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: Disable on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net: mpls: prevent speculative execution (bnc#1068032). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfs: revalidate '.' etc correctly on 'open' (bsc#1068951). - nfs: revalidate '.' etc correctly on 'open' (git-fixes). Fix References tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Redo encryption backport to fix pkt signing (bsc#1071009, fate#324404). - Revert 'drm/radeon: dont switch vt on suspend' (bnc#1012382). - Revert 'ipsec: Fix aborted xfrm policy dump crash' (kabi). - Revert 'netlink: add a start callback for starting a netlink dump' (kabi). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - smb2: Fix share type handling (bnc#1074392). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/efi-bgrt: Fix kernel panic when mapping BGRT data (bnc#1012382). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/efi: Build our own page table structures (bnc#1012382). - x86/efi: Hoist page table switching code into efi_call_virt() (bnc#1012382). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (bnc#1012382). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032).
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 105636
    published 2018-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105636
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-3) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0472-1.NASL
    description This update for xen fixes several issues. These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 106901
    published 2018-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106901
    title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0472-1) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0069-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 105765
    published 2018-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105765
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0069-1) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0114-1.NASL
    description The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 106094
    published 2018-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106094
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0114-1) (Meltdown) (Spectre)
  • NASL family AIX Local Security Checks
    NASL id AIX_IJ03029.NASL
    description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 106310
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106310
    title AIX 5.3 TL 12 : spectre_meltdown (IJ03029) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0113-1.NASL
    description The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified