ISC BIND: A malformed request can trigger an assertion failure in badcache.c (CVE-2017-5754)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:C/I:N/A:N) | January 04, 2018 | March 08, 2018 | December 10, 2018 |
Description
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
upgrade-isc-bind-latestRelated Vulnerabilities
- Debian: CVE-2017-5754: linux -- security update
- Amazon Linux AMI: CVE-2017-5754: Security patch for kernel (ALAS-2018-939)
- Oracle Solaris 11: CVE-2017-5754: Vulnerability in Kernel, NVIDIA-GFX Kernel driver
- IBM AIX: spectre_meltdown_advisory (CVE-2017-5754): Speculative execution and indirect branch prediction vulnerabilities
- Ubuntu: (Multiple Advisories) (CVE-2017-5754): Linux kernel (HWE) vulnerabilities
- CentOS: (CVE-2017-5754) (Multiple Advisories): kernel
- Oracle Linux: (CVE-2017-5754) (Multiple Advisories): kernel security and bug fix update
- Gentoo Linux: CVE-2017-5754: Xen: Multiple vulnerabilities
- SUSE: CVE-2017-5754: SUSE Linux Security Advisory
- Cisco NX-OS: CPU Side-Channel Information Disclosure Vulnerabilities (Multiple CVEs)
- Red Hat: CVE-2017-5754: Important: kernel security update (Multiple Advisories)
- OS X update for Kernel (CVE-2017-5754)
- Microsoft CVE-2017-5754: Vulnerability in CPU Microcode Could Allow Information Disclosure ("Meltdown" / Rogue Data Cache Load)
- F5 Networks: K91229003 (CVE-2017-5754): Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
- FreeBSD: VID-74DAA370-2797-11E8-95EC-A4BADB2F4699 (CVE-2017-5754): FreeBSD -- Speculative Execution Vulnerabilities
- Alpine Linux: CVE-2017-5754: xen Multiple vulnerabilities