- Home
- CVEs with nessus.description==According to the versions of the cpupools / cpupools-features / etc
packages installed, the Virtuozzo installation on the remote host is
affected by the following vulnerabilities :
- CVE-2017-5715 triggers the speculative execution by
utilizing branch target injection. It relies on the
presence of a precisely-defined instruction sequence in
the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's
data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an
unprivileged attacker could use this flaw to cross the
syscall and guest/host boundaries and read privileged
memory by conducting targeted cache side-channel
attacks.
- CVE-2017-5753 triggers the speculative execution by
performing a bounds-check bypass. It relies on the
presence of a precisely-defined instruction sequence in
the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's
data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an
unprivileged attacker could use this flaw to cross the
syscall boundary and read privileged memory by
conducting targeted cache side-channel attacks.
- CVE-2017-5754 relies on the fact that, on impacted
microprocessors, during speculative execution of
instruction permission faults, exception generation
triggered by a faulting access is suppressed until the
retirement of the whole instruction block. In a
combination with the fact that memory accesses may
populate the cache even when the block is being dropped
and never committed (executed), an unprivileged local
attacker could use this flaw to read privileged (kernel
space) memory by conducting targeted cache side-channel
attacks.
Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top