Microsoft CVE-2017-5754: Vulnerability in CPU Microcode Could Allow Information Disclosure ("Meltdown" / Rogue Data Cache Load)
|5||(AV:L/AC:M/Au:N/C:C/I:N/A:N)||February 26, 2018||February 26, 2018||March 07, 2018|
DescriptionMicrosoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. At the time of publishing, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors. One such side-channel attack is the "Rogue Data Cache Load" attack (CVE-2017-5754). Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVE-2017-5754 is known as Meltdown. Please review Microsoft Security Advisory ADV180002 for more details.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- ISC BIND: A malformed request can trigger an assertion failure in badcache.c (CVE-2017-5754)
- Oracle Solaris 11: CVE-2017-5754: Vulnerability in NVIDIA-GFX Kernel driver
- IBM AIX: spectre_meltdown_advisory (CVE-2017-5754): Speculative execution and indirect branch prediction vulnerabilities
- OS X update for Kernel (CVE-2017-5754)
- Alpine Linux: CVE-2017-5754: xen Multiple vulnerabilities