Twenty Year Anniversary
Showing 1 - 25 of 28 RSS Feed

CVE-2017-5753

Status Candidate

Overview

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Related Files

HP Security Bulletin MFSBGN03802 1
Posted Apr 13, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 1e97454b4f308933230d0c0de9745194
Ubuntu Security Notice USN-3597-2
Posted Mar 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3597-2 - USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | fd7462c0473a39758790170c8a75e177
Ubuntu Security Notice USN-3597-1
Posted Mar 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3597-1 - USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | e93918164a75a0ef395ad162f045c54e
Ubuntu Security Notice USN-3580-1
Posted Feb 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3580-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 5cd5f937c9a4f68d07be05dca40f5d41
Red Hat Security Advisory 2018-0292-01
Posted Feb 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 45f9b9030ba7dd1e43a55cdeb2d12c06
VMware Security Advisory 2018-0007
Posted Feb 8, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0007 - VMware Virtual Appliance updates address side-channel analysis due to speculative execution.

tags | advisory
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 8ef7e64adb8f4d4ff7d94be1d0f4763d
Ubuntu Security Notice USN-3549-1
Posted Jan 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3549-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | e351d3919427f019b452313752353804
HP Security Bulletin HPESBHF03805 7
Posted Jan 24, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03805 7 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 7 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 102bdd503fc29999f1823fcb159366d3
Ubuntu Security Notice USN-3541-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3541-2 - USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 291d28710246bff8a81bbd02f296fde8
Ubuntu Security Notice USN-3542-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3542-2 - USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 346bb8be0070ef6410771167a6a887b1
Ubuntu Security Notice USN-3540-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3540-2 - USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 5604062afa06e52a2f671c515ed00022
Ubuntu Security Notice USN-3542-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3542-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 41674a2062e24cf04eb13a57feda1988
Ubuntu Security Notice USN-3541-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3541-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3523-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 17.10. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 69072e250aabea00e31d00651148ced7
Ubuntu Security Notice USN-3540-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3540-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3522-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 7e06ecbb56d7da89a0084ba43fb89939
HP Security Bulletin HPESBHF03805 5
Posted Jan 18, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03805 5 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 5 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | c7797b6d7641f2bbf214b3a82ed4ffd8
Ubuntu Security Notice USN-3530-1
Posted Jan 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3530-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 3bf2820a2ba39d395b37c51cb752e3d9
HP Security Bulletin HPESBHF03805 4
Posted Jan 11, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03805 4 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 4 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 95b3ba52a943b1a611731bf594847f0d
WebKitGTK+ Speculative Execution Issues
Posted Jan 11, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ versions before 2.18.5 suffer from various CPU issues. Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis.

tags | advisory
advisories | CVE-2017-5753
MD5 | 68501296cc6c4fbbd6059470e33af0be
VMware Security Advisory 2018-0002.1
Posted Jan 10, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0002.1 - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

tags | advisory
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 98039a0f8ea7a3f15db5f2c25f082c3e
Ubuntu Security Notice USN-3521-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3521-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5753
MD5 | 6c4c45c1f8232e2146815d1ab1679e4a
Apple Security Advisory 2018-1-8-3
Posted Jan 9, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-8-3 - Safari 11.0.2 is now available and and addresses security issues relating to Spectre.

tags | advisory
systems | apple
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 001b239b509af336b4a8935b9cca8ea2
Apple Security Advisory 2018-1-8-2
Posted Jan 9, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-8-2 - macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.

tags | advisory
systems | apple
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 1535d2e43c6e0e6ddf253231d7952449
Apple Security Advisory 2018-1-8-1
Posted Jan 9, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-8-1 - iOS 11.2.2 is now available and and addresses Spectre issues with Safari and WebKit.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 6b30978ce2ffea24b7346008751663ee
FreeBSD Update On Spectre / Meltdown Patching
Posted Jan 9, 2018
Authored by Gordon Tetlow

This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 3d8597163525c9232966500bae696d26
Ubuntu Security Notice USN-3516-1
Posted Jan 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3516-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5753, CVE-2017-5754
MD5 | 7515f6660d050f517b1107818beb00d4
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    2 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close