Vulnerability & Exploit Database

Back to search

Microsoft CVE-2017-5754: Vulnerability in CPU Microcode Could Allow Information Disclosure ("Meltdown" / Rogue Data Cache Load)

Severity CVSS Published Added Modified
5 (AV:L/AC:M/Au:N/C:C/I:N/A:N) August 10, 2018 August 10, 2018 September 11, 2018

Description

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. At the time of publishing, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors. One such side-channel attack is the "Rogue Data Cache Load" attack (CVE-2017-5754). Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVE-2017-5754 is known as Meltdown. Please review Microsoft Security Advisory ADV180002 for more details.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution Reference

Microsoft Security Update Guide

Solution

msft-kb4056888-c0708f93-30a8-47ad-9892-f807c6f83014-adv180002-cve-2017-5754

Related Vulnerabilities