Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

References

• BID-102378
• BID-106128
• CERT-VN-180049
• CERT-VN-584653
• CVE-2017-5754
• DEBIAN-DSA-4078
• DEBIAN-DSA-4082
• DEBIAN-DSA-4120
• REDHAT-RHSA-2018:0292

Solution

Related Vulnerabilities

• Amazon Linux AMI: CVE-2017-5754: Security patch for kernel (ALAS-2018-939)
• Oracle Solaris 11: CVE-2017-5754: Vulnerability in Kernel, NVIDIA-GFX Kernel driver
• IBM AIX: spectre_meltdown_advisory (CVE-2017-5754): Speculative execution and indirect branch prediction vulnerabilities
• Ubuntu: (Multiple Advisories) (CVE-2017-5754): Linux kernel (HWE) vulnerabilities
• CentOS: (CVE-2017-5754) (Multiple Advisories): kernel
• Debian: CVE-2017-5754: linux, nvidia-graphics-drivers, nvidia-graphics-drivers-legacy-340xx -- security update
• Oracle Linux: (CVE-2017-5754) (Multiple Advisories): kernel security and bug fix update
• Gentoo Linux: CVE-2017-5754: Xen: Multiple vulnerabilities
• SUSE: CVE-2017-5754: SUSE Linux Security Advisory
• Cisco NX-OS: CPU Side-Channel Information Disclosure Vulnerabilities (Multiple CVEs)
• Red Hat: CVE-2017-5754: Important: kernel security update (Multiple Advisories)
• OS X update for Kernel (CVE-2017-5754)
• Microsoft CVE-2017-5754: Vulnerability in CPU Microcode Could Allow Information Disclosure ("Meltdown" / Rogue Data Cache Load)
• F5 Networks: K91229003 (CVE-2017-5754): Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
• FreeBSD: VID-74DAA370-2797-11E8-95EC-A4BADB2F4699 (CVE-2017-5754): FreeBSD -- Speculative Execution Vulnerabilities
• Alpine Linux: CVE-2017-5754: xen Multiple vulnerabilities