Vulnerability & Exploit Database

Back to search

Microsoft CVE-2017-5754: Vulnerability in CPU Microcode Could Allow Information Disclosure ("Meltdown" / Rogue Data Cache Load)

Severity CVSS Published Added Modified
5 (AV:L/AC:M/Au:N/C:C/I:N/A:N) January 03, 2018 February 01, 2018 December 18, 2018


Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. At the time of publishing, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors. One such side-channel attack is the "Rogue Data Cache Load" attack (CVE-2017-5754). Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVE-2017-5754 is known as Meltdown. Please review Microsoft Security Advisory ADV180002 for more details.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial


Solution Reference

Microsoft Security Update Guide



Related Vulnerabilities