National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-5754 Detail

Current Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Source:  MITRE
Description Last Modified:  01/04/2018
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 5.6 MEDIUM
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N (V3 legend)
Impact Score: 4.0
Exploitability Score: 1.1


Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): High
Integrity (I): None
Availability (A): None

CVSS v2.0 Severity and Metrics:

Base Score: 4.7 MEDIUM
Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N) (V2 legend)
Impact Subscore: 6.9
Exploitability Subscore: 3.4


Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): None
Availability (A): None
Additional Information:
Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
http://nvidia.custhelp.com/app/answers/detail/a_id/4609 Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4611
http://nvidia.custhelp.com/app/answers/detail/a_id/4613
http://nvidia.custhelp.com/app/answers/detail/a_id/4614
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
http://www.kb.cert.org/vuls/id/584653 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/102378
http://www.securityfocus.com/bid/106128
http://www.securitytracker.com/id/1040071 Third Party Advisory VDB Entry
http://xenbits.xen.org/xsa/advisory-254.html Third Party Advisory
https://01.org/security/advisories/intel-oss-10003 Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0292
https://access.redhat.com/security/vulnerabilities/speculativeexecution Third Party Advisory
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/ Third Party Advisory
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2018-002
https://cert.vde.com/en-us/advisories/vde-2018-003
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
https://meltdownattack.com/ Technical Description Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 Patch Third Party Advisory Vendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
https://security.gentoo.org/glsa/201810-06
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html Third Party Advisory
https://security.netapp.com/advisory/ntap-20180104-0001/
https://source.android.com/security/bulletin/2018-04-01
https://support.citrix.com/article/CTX231399
https://support.citrix.com/article/CTX234679
https://support.f5.com/csp/article/K91229003 Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
https://support.lenovo.com/us/en/solutions/LEN-18282 Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
https://usn.ubuntu.com/3522-3/
https://usn.ubuntu.com/3522-4/
https://usn.ubuntu.com/3523-1/
https://usn.ubuntu.com/3540-2/
https://usn.ubuntu.com/3541-2/
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3597-1/
https://usn.ubuntu.com/3597-2/
https://usn.ubuntu.com/usn/usn-3516-1/
https://usn.ubuntu.com/usn/usn-3522-2/
https://usn.ubuntu.com/usn/usn-3523-2/
https://usn.ubuntu.com/usn/usn-3524-2/
https://usn.ubuntu.com/usn/usn-3525-1/
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
https://www.debian.org/security/2018/dsa-4078
https://www.debian.org/security/2018/dsa-4082
https://www.debian.org/security/2018/dsa-4120
https://www.kb.cert.org/vuls/id/180049
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/ Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_01 Third Party Advisory

Technical Details

Vulnerability Type (View All)

  • Information Leak / Disclosure (CWE-200)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/h:intel:atom_c:c2308
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2316
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2338
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2350
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2358
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2508
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2516
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2518
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2530
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2538
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2550
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2558
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2718
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2730
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2738
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2750
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c2758
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3308
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3338
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3508
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3538
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3558
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3708
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3750
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3758
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3808
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3830
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3850
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3858
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3950
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3955
     Show Matching CPE(s)
 cpe:/h:intel:atom_c:c3958
     Show Matching CPE(s)
 cpe:/h:intel:atom_e:e3805
     Show Matching CPE(s)
 cpe:/h:intel:atom_e:e3815
     Show Matching CPE(s)
 cpe:/h:intel:atom_e:e3825
     Show Matching CPE(s)
 cpe:/h:intel:atom_e:e3826
     Show Matching CPE(s)
 cpe:/h:intel:atom_e:e3827
     Show Matching CPE(s)
 cpe:/h:intel:atom_e:e3845
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3130
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3200rk
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3205rk
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3230rk
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3235rk
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3265rk
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3295rk
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3405
     Show Matching CPE(s)
 cpe:/h:intel:atom_x3:c3445
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z2420
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z2460
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z2480
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z2520
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z2560
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z2580
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z2760
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3460
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3480
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3530
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3560
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3570
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3580
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3590
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3735d
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3735e
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3735f
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3735g
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3736f
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3736g
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3740
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3740d
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3745
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3745d
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3770
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3770d
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3775
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3775d
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3785
     Show Matching CPE(s)
 cpe:/h:intel:atom_z:z3795
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j1750
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j1800
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j1850
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j1900
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j3060
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j3160
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j3355
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j3455
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j4005
     Show Matching CPE(s)
 cpe:/h:intel:celeron_j:j4105
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2805
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2806
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2807
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2808
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2810
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2815
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2820
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2830
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2840
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2910
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2920
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2930
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n2940
     Show Matching CPE(s)
 cpe:/h:intel:celeron_n:n3000
     Show Matching CPE(s)

Configuration 2 ( hide )

Showing 100 of 1059 CPEs, view all CPEs here.

Change History

23 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2017-5754
NVD Published Date:
01/04/2018
NVD Last Modified:
12/07/2018