CVE-2017-5754 · threatengine.sh

Home/CVE/Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized discl

CVE

CVE-2017-5754

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized discl

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

MEDIUM · CVSS 5.6 EPSS 0.89689

Act now

EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 0% of all CVEs by exploitation likelihood

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-200Exposure of Sensitive Information to an Unauthorized Actor

▤

Affected Products & Versions

4

intel atom call versions
intel atom eall versions
intel atom x3all versions
intel atom zall versions

◈

Detection Rules (IDS/IPS)

1

et-openET EXPLOIT Possible MeltDown PoC Download In Progressattempted-admin

Open rulesets (ET Open, Snort Community, abuse.ch) link to source. Commercial rulesets are reference-only.

▣

Scoring & Timeline

5.6

MEDIUM · CVSS v3.1 · secure@intel.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD04 Jan 2018 · 01:29 PM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

⚑

Vendor Advisories

30

suse-csafopenSUSE-SU-2024:10728-1
suse-csafopenSUSE-SU-2024:11520-1
suse-csafopenSUSE-SU-2024:13704-1
suse-csafSUSE-SU-2023:0634-1
suse-csafSUSE-SU-2020:0388-1
Show all 30 vendor advisoriessuse-csafSUSE-SU-2019:14011-1
suse-csafSUSE-SU-2019:0827-1
suse-csafSUSE-SU-2019:0020-1
suse-csafSUSE-SU-2019:0003-1
suse-csafSUSE-SU-2019:13921-1
suse-csafSUSE-SU-2018:4300-1
suse-csafSUSE-SU-2018:4070-1
android-securityANDROID-2018-12-01High
suse-csafSUSE-SU-2018:1699-2
suse-csafSUSE-SU-2018:3230-1
android-securityANDROID-2018-09-01High
suse-csafSUSE-SU-2018:2528-1
suse-csafSUSE-SU-2018:1699-1
suse-csafSUSE-SU-2018:1658-1
suse-csafSUSE-SU-2018:1603-1
rhsaRHSA-2019:1046Important
suse-csafSUSE-SU-2018:1216-1
suse-csafSUSE-SU-2018:1202-1
suse-csafSUSE-SU-2018:1203-1
suse-csafSUSE-SU-2018:1177-1
suse-csafSUSE-SU-2018:1181-1
suse-csafSUSE-SU-2018:1184-1
rhsaRHSA-2018:1319Moderate
rhsaRHSA-2018:1346Moderate
rhsaRHSA-2018:1351Moderate

🔗

References & Sources

66

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html

http://nvidia.custhelp.com/app/answers/detail/a_id/4609Third Party Advisory

Show all 66 references

http://nvidia.custhelp.com/app/answers/detail/a_id/4611

http://nvidia.custhelp.com/app/answers/detail/a_id/4613

http://nvidia.custhelp.com/app/answers/detail/a_id/4614

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt

http://www.kb.cert.org/vuls/id/584653Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/102378

http://www.securityfocus.com/bid/106128

http://www.securitytracker.com/id/1040071Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-254.htmlThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:0292

https://access.redhat.com/security/vulnerabilities/speculativeexecutionThird Party Advisory

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/Third Party Advisory

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/Third Party Advisory

https://cdrdv2.intel.com/v1/dl/getContent/685358

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://cert.vde.com/en-us/advisories/vde-2018-002

https://cert.vde.com/en-us/advisories/vde-2018-003

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlThird Party Advisory

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html

https://meltdownattack.com/Technical DescriptionThird Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002PatchThird Party AdvisoryVendor Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc

https://security.gentoo.org/glsa/201810-06

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlThird Party Advisory

https://security.netapp.com/advisory/ntap-20180104-0001/

https://source.android.com/security/bulletin/2018-04-01

https://support.citrix.com/article/CTX231399

https://support.citrix.com/article/CTX234679

https://support.f5.com/csp/article/K91229003Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us

https://support.lenovo.com/us/en/solutions/LEN-18282Third Party Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

https://usn.ubuntu.com/3522-3/

https://usn.ubuntu.com/3522-4/

https://usn.ubuntu.com/3523-1/

https://usn.ubuntu.com/3540-2/

https://usn.ubuntu.com/3541-2/

https://usn.ubuntu.com/3583-1/

https://usn.ubuntu.com/3597-1/

https://usn.ubuntu.com/3597-2/

https://usn.ubuntu.com/usn/usn-3516-1/

https://usn.ubuntu.com/usn/usn-3522-2/

https://usn.ubuntu.com/usn/usn-3523-2/

https://usn.ubuntu.com/usn/usn-3524-2/

https://usn.ubuntu.com/usn/usn-3525-1/

https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin

https://www.debian.org/security/2018/dsa-4078

https://www.debian.org/security/2018/dsa-4082

https://www.debian.org/security/2018/dsa-4120

https://www.kb.cert.org/vuls/id/180049

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/Third Party Advisory

https://www.synology.com/support/security/Synology_SA_18_01Third Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin