Twenty Year Anniversary
Showing 1 - 25 of 33 RSS Feed

CVE-2017-5754

Status Candidate

Overview

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Related Files

Gentoo Linux Security Advisory 201810-06
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-6 - Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Versions less than 4.10.1-r2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-3620, CVE-2018-3646, CVE-2018-5244, CVE-2018-7540, CVE-2018-7541, CVE-2018-7542
MD5 | 9eda1febf30dabcc3f4d7adedc9b7802
HP Security Bulletin MFSBGN03802 2
Posted May 10, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03802 2 - A potential vulnerability has been identified in 3rd party component used by Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer Virtual Appliance. The vulnerability could be exploited to Local Disclosure of Information. Revision 2 of this advisory.

tags | advisory, local
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | e2f7acf6a06b3ae37b784fd77b42ca28
HP Security Bulletin MFSBGN03802 1
Posted Apr 13, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 1e97454b4f308933230d0c0de9745194
Ubuntu Security Notice USN-3597-2
Posted Mar 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3597-2 - USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | fd7462c0473a39758790170c8a75e177
Ubuntu Security Notice USN-3597-1
Posted Mar 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3597-1 - USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | e93918164a75a0ef395ad162f045c54e
FreeBSD Security Advisory - FreeBSD-SA-18:03.speculative_execution
Posted Mar 14, 2018
Authored by Jann Horn, Yuval Yarom, Michael Schwarz, Mike Hamburg, Moritz Lipp, Paul Kocher, Werner Haas, Thomas Prescher, Stefan Mangard, Daniel Gruss, Daniel Genkin | Site security.freebsd.org

FreeBSD Security Advisory - A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2017-5754
MD5 | a26c0e3e31cfe9f94c14cc22c3de9089
Ubuntu Security Notice USN-3583-1
Posted Feb 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3583-1 - It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0750, CVE-2017-0861, CVE-2017-1000407, CVE-2017-12153, CVE-2017-12190, CVE-2017-12192, CVE-2017-14051, CVE-2017-14140, CVE-2017-14156, CVE-2017-14489, CVE-2017-15102, CVE-2017-15115, CVE-2017-15274, CVE-2017-15868, CVE-2017-16525, CVE-2017-17450, CVE-2017-17806, CVE-2017-18017, CVE-2017-5669, CVE-2017-5754, CVE-2017-7542, CVE-2017-7889, CVE-2017-8824, CVE-2018-5333, CVE-2018-5344
MD5 | 72f5ce45fa98483fb5383129af775873
Debian Security Advisory 4120-1
Posted Feb 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4120-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-13166, CVE-2017-5715, CVE-2017-5754, CVE-2018-5750
MD5 | 87f0dca6b1b225ebfb15055fac6299cf
Red Hat Security Advisory 2018-0292-01
Posted Feb 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 45f9b9030ba7dd1e43a55cdeb2d12c06
VMware Security Advisory 2018-0007
Posted Feb 8, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0007 - VMware Virtual Appliance updates address side-channel analysis due to speculative execution.

tags | advisory
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 8ef7e64adb8f4d4ff7d94be1d0f4763d
Apple Security Advisory 2018-1-23-2
Posted Jan 24, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-23-2 - macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address memory corruption, race condition, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2017-5754, CVE-2017-8817, CVE-2018-4082, CVE-2018-4084, CVE-2018-4085, CVE-2018-4086, CVE-2018-4088, CVE-2018-4089, CVE-2018-4090, CVE-2018-4091, CVE-2018-4092, CVE-2018-4093, CVE-2018-4094, CVE-2018-4096, CVE-2018-4097, CVE-2018-4098, CVE-2018-4100
MD5 | 9ccbdda73f3fa34f9888613d92bf83d9
HP Security Bulletin HPESBHF03805 7
Posted Jan 24, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03805 7 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 7 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 102bdd503fc29999f1823fcb159366d3
Ubuntu Security Notice USN-3541-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3541-2 - USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 291d28710246bff8a81bbd02f296fde8
Ubuntu Security Notice USN-3540-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3540-2 - USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 5604062afa06e52a2f671c515ed00022
Ubuntu Security Notice USN-3541-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3541-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3523-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 17.10. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 69072e250aabea00e31d00651148ced7
Ubuntu Security Notice USN-3540-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3540-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3522-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 7e06ecbb56d7da89a0084ba43fb89939
HP Security Bulletin HPESBHF03805 5
Posted Jan 18, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03805 5 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 5 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | c7797b6d7641f2bbf214b3a82ed4ffd8
Ubuntu Security Notice USN-3522-4
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-4 - USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | d73ea7e2336ce4f12a3f81d3406dd552
Ubuntu Security Notice USN-3522-3
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-3 - USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 4d7b4ced69dbbe793b9334bd984fd703
Ubuntu Security Notice USN-3532-2
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3532-2 - USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-16995, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-5754
MD5 | c5a3f8d746ddf39bee7abb6f9185111e
Ubuntu Security Notice USN-3525-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3525-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | f6d4ea5c2df0b5026fb31f44c27eb62c
Ubuntu Security Notice USN-3524-2
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3524-2 - USN-3524-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 762d3d76967b1badce64abde59d94ec7
HP Security Bulletin HPESBHF03805 4
Posted Jan 11, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03805 4 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 4 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 95b3ba52a943b1a611731bf594847f0d
Kernel Live Patch Security Notice LSN-0034-1
Posted Jan 10, 2018
Authored by Benjamin M. Romer

On January 9, fixes for CVE-2017-5754 were released into the Ubuntu Xenial kernel version 4.4.0-108.131. This CVE, also known as "Meltdown," is a security vulnerability caused by flaws in the design of speculative execution hardware in the computer's CPU.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 4974c888dabe678b81c7dea7955b3a4c
Debian Security Advisory 4082-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4082-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-1000407, CVE-2017-1000410, CVE-2017-15868, CVE-2017-16538, CVE-2017-16939, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-5754, CVE-2017-8824
MD5 | b88b402831cc589e93712fbeed229e93
Page 1 of 2
Back12Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close