Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-225
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Citrix XenServer. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "XenServer 7.4",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.3",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.1",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.2",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.0",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 6.5",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 6.2.0",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 6.0.2",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
}
],
"initial_release_date": "2018-05-09T00:00:00",
"last_revision_date": "2018-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-225",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix XenServer.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix XenServer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX234679 du 8 mai 2018",
"url": "https://support.citrix.com/article/CTX234679"
}
]
}
CVE-2018-8897 (GCVE-0-2018-8897)
Vulnerability from cvelistv5
Published
2018-05-08 18:00
Modified
2024-08-05 07:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2018/05/08/4"
},
{
"name": "1040849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040849"
},
{
"name": "104071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104071"
},
{
"name": "RHSA-2018:1350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name": "RHSA-2018:1347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1347"
},
{
"name": "44697",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44697/"
},
{
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
},
{
"name": "1040866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040866"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
},
{
"name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/HT208742"
},
{
"name": "RHSA-2018:1346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1346"
},
{
"name": "RHSA-2018:1348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1348"
},
{
"name": "RHSA-2018:1354",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1354"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368"
},
{
"name": "DSA-4196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
},
{
"name": "1040744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
},
{
"name": "RHSA-2018:1351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1351"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-260.html"
},
{
"name": "RHSA-2018:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"name": "DSA-4201",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:1355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
},
{
"name": "RHSA-2018:1345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1345"
},
{
"name": "45024",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45024/"
},
{
"name": "RHSA-2018:1349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
},
{
"name": "RHSA-2018:1352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1352"
},
{
"name": "RHSA-2018:1318",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/10386677/"
},
{
"name": "VU#631579",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/631579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/can1357/CVE-2018-8897/"
},
{
"name": "RHSA-2018:1524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1524"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2018/05/08/1"
},
{
"name": "1040861",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040861"
},
{
"name": "RHSA-2018:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1353"
},
{
"name": "USN-3641-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3641-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_21"
},
{
"name": "1040882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040882"
},
{
"name": "USN-3641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3641-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer\u0027s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL \u003c 3, the debug exception is delivered after the transfer to CPL \u003c 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-21T08:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2018/05/08/4"
},
{
"name": "1040849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040849"
},
{
"name": "104071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104071"
},
{
"name": "RHSA-2018:1350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name": "RHSA-2018:1347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1347"
},
{
"name": "44697",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44697/"
},
{
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
},
{
"name": "1040866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040866"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
},
{
"name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/HT208742"
},
{
"name": "RHSA-2018:1346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1346"
},
{
"name": "RHSA-2018:1348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1348"
},
{
"name": "RHSA-2018:1354",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1354"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368"
},
{
"name": "DSA-4196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
},
{
"name": "1040744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
},
{
"name": "RHSA-2018:1351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1351"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xen.org/xsa/advisory-260.html"
},
{
"name": "RHSA-2018:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"name": "DSA-4201",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:1355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
},
{
"name": "RHSA-2018:1345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1345"
},
{
"name": "45024",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45024/"
},
{
"name": "RHSA-2018:1349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
},
{
"name": "RHSA-2018:1352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1352"
},
{
"name": "RHSA-2018:1318",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://patchwork.kernel.org/patch/10386677/"
},
{
"name": "VU#631579",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/631579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/can1357/CVE-2018-8897/"
},
{
"name": "RHSA-2018:1524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1524"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2018/05/08/1"
},
{
"name": "1040861",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040861"
},
{
"name": "RHSA-2018:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1353"
},
{
"name": "USN-3641-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3641-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_21"
},
{
"name": "1040882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040882"
},
{
"name": "USN-3641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3641-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer\u0027s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL \u003c 3, the debug exception is delivered after the transfer to CPL \u003c 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"name": "http://openwall.com/lists/oss-security/2018/05/08/4",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/05/08/4"
},
{
"name": "1040849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040849"
},
{
"name": "104071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104071"
},
{
"name": "RHSA-2018:1350",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1350"
},
{
"name": "https://support.citrix.com/article/CTX234679",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name": "RHSA-2018:1347",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1347"
},
{
"name": "44697",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44697/"
},
{
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
},
{
"name": "1040866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040866"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
},
{
"name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"name": "https://support.apple.com/HT208742",
"refsource": "MISC",
"url": "https://support.apple.com/HT208742"
},
{
"name": "RHSA-2018:1346",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1346"
},
{
"name": "RHSA-2018:1348",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1348"
},
{
"name": "RHSA-2018:1354",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1354"
},
{
"name": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368",
"refsource": "MISC",
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368"
},
{
"name": "DSA-4196",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4196"
},
{
"name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc",
"refsource": "MISC",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
},
{
"name": "1040744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040744"
},
{
"name": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html",
"refsource": "MISC",
"url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
},
{
"name": "RHSA-2018:1351",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1351"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-260.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-260.html"
},
{
"name": "RHSA-2018:1319",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"name": "DSA-4201",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:1355",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1355"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180927-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
},
{
"name": "RHSA-2018:1345",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1345"
},
{
"name": "45024",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45024/"
},
{
"name": "RHSA-2018:1349",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1349"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
},
{
"name": "RHSA-2018:1352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1352"
},
{
"name": "RHSA-2018:1318",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"name": "https://patchwork.kernel.org/patch/10386677/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/10386677/"
},
{
"name": "VU#631579",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/631579"
},
{
"name": "https://github.com/can1357/CVE-2018-8897/",
"refsource": "MISC",
"url": "https://github.com/can1357/CVE-2018-8897/"
},
{
"name": "RHSA-2018:1524",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1524"
},
{
"name": "http://openwall.com/lists/oss-security/2018/05/08/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/05/08/1"
},
{
"name": "1040861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040861"
},
{
"name": "RHSA-2018:1353",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1353"
},
{
"name": "USN-3641-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3641-2/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_21",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_21"
},
{
"name": "1040882",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040882"
},
{
"name": "USN-3641-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3641-1/"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8897",
"datePublished": "2018-05-08T18:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T07:10:46.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5754 (GCVE-0-2017-5754)
Vulnerability from cvelistv5
Published
2018-01-04 13:00
Modified
2024-09-16 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Most Modern Operating Systems |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "USN-3523-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3523-1/"
},
{
"name": "USN-3525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3525-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"name": "GLSA-201810-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "DSA-4082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name": "USN-3540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name": "USN-3522-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3522-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "USN-3597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "SUSE-SU-2018:0012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "DSA-4120",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "USN-3524-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3524-2/"
},
{
"name": "DSA-4078",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "openSUSE-SU-2018:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "RHSA-2018:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#584653",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "USN-3522-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3522-2/"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name": "102378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102378"
},
{
"name": "FreeBSD-SA-18:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "106128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "USN-3597-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3523-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name": "USN-3516-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name": "USN-3541-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://meltdownattack.com/"
},
{
"name": "openSUSE-SU-2018:0023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "USN-3522-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3522-4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Most Modern Operating Systems",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T17:54:02",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "USN-3523-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3523-1/"
},
{
"name": "USN-3525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3525-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"name": "GLSA-201810-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "DSA-4082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name": "USN-3540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name": "USN-3522-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3522-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "USN-3597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "SUSE-SU-2018:0012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "DSA-4120",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "USN-3524-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3524-2/"
},
{
"name": "DSA-4078",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "openSUSE-SU-2018:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "RHSA-2018:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#584653",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "USN-3522-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3522-2/"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name": "102378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102378"
},
{
"name": "FreeBSD-SA-18:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "106128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "USN-3597-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3523-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name": "USN-3516-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name": "USN-3541-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://meltdownattack.com/"
},
{
"name": "openSUSE-SU-2018:0023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "USN-3522-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3522-4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685358"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-5754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "USN-3523-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3523-1/"
},
{
"name": "USN-3525-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3525-1/"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "DSA-4082",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4082"
},
{
"name": "https://support.citrix.com/article/CTX234679",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name": "USN-3540-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name": "USN-3522-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3522-3/"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "USN-3597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "SUSE-SU-2018:0012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "DSA-4120",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"name": "https://support.f5.com/csp/article/K91229003",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "USN-3524-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3524-2/"
},
{
"name": "DSA-4078",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4078"
},
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "openSUSE-SU-2018:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "RHSA-2018:0292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-254.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_01",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#584653",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "USN-3522-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3522-2/"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"name": "https://support.citrix.com/article/CTX231399",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name": "102378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102378"
},
{
"name": "FreeBSD-SA-18:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource": "CONFIRM",
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "106128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106128"
},
{
"name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource": "CONFIRM",
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "USN-3597-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3523-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name": "USN-3516-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name": "USN-3541-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "https://meltdownattack.com/",
"refsource": "MISC",
"url": "https://meltdownattack.com/"
},
{
"name": "openSUSE-SU-2018:0023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "USN-3522-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3522-4/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://cdrdv2.intel.com/v1/dl/getContent/685358",
"refsource": "CONFIRM",
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685358"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2017-5754",
"datePublished": "2018-01-04T13:00:00Z",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-09-16T16:48:54.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…