4.7
CVSSv2

CVE-2017-5715

Published: 04/01/2018 Updated: 30/11/2018
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 491
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Vulnerability Trend

Affected Products

Vendor Product Versions
ArmCortex-a9, 15, 17, 57, 72, 73, 75
IntelAtom CC2308, C2316, C2338, C2350, C2358, C2508, C2516, C2518, C2530, C2538, C2550, C2558, C2718, C2730, C2738, C2750, C2758, C3308, C3338, C3508, C3538, C3558, C3708, C3750, C3758, C3808, C3830, C3850, C3858, C3950, C3955, C3958
IntelAtom EE3805, E3815, E3825, E3826, E3827, E3845
IntelAtom X3C3130, C3200rk, C3205rk, C3230rk, C3235rk, C3265rk, C3295rk, C3405, C3445
IntelAtom ZZ2420, Z2460, Z2480, Z2520, Z2560, Z2580, Z2760, Z3460, Z3480, Z3530, Z3560, Z3570, Z3580, Z3590, Z3735d, Z3735e, Z3735f, Z3735g, Z3736f, Z3736g, Z3740, Z3740d, Z3745, Z3745d, Z3770, Z3770d, Z3775, Z3775d, Z3785, Z3795
IntelCeleron JJ1750, J1800, J1850, J1900, J3060, J3160, J3355, J3455, J4005, J4105
IntelCeleron NN2805, N2806, N2807, N2808, N2810, N2815, N2820, N2830, N2840, N2910, N2920, N2930, N2940, N3000, N3010, N3050, N3060, N3150, N3160, N3350, N3450, N4000, N4100
IntelCore I3330e, 330m, 330um, 350m, 370m, 380m, 380um, 390m, 530, 540, 550, 560, 2100, 2100t, 2102, 2105, 2115c, 2120, 2120t, 2125, 2130, 2310e, 2310m, 2312m, 2328m, 2330e, 2330m, 2340ue, 2348m, 2350m, 2357m, 2365m, 2367m, 2370m, 2375m, 2377m, 3110m, 3115c, 3120m, 3120me, 3130m, 3210, 3217u, 3217ue, 3220, 3220t, 3225, 3227u, 3229y, 3240, 3240t, 3245, 3250, 3250t, 4000m, 4005u, 4010u, 4010y, 4012y, 4020y, 4025u, 4030u, 4030y, 4100e, 4100m, 4100u, 4102e, 4110e, 4110m, 4112e, 4120u, 4130, 4130t, 4150, 4150t, 4158u, 4160, 4160t, 4170, 4170t, 4330, 4330t, 4330te, 4340, 4340te, 4350, 4350t, 4360, 4360t, 4370, 4370t, 5005u, 5010u, 5015u, 5020u, 5157u, 6006u, 6098p, 6100, 6100e, 6100h, 6100t, 6100te, 6100u, 6102e, 6157u, 6167u, 6300, 6300t, 6320, 8100, 8350k
IntelCore I5430m, 430um, 450m, 460m, 470um, 480m, 520e, 520m, 520um, 540m, 540um, 560m, 560um, 580m, 650, 655k, 660, 661, 670, 680, 750, 750s, 760, 2300, 2310, 2320, 2380p, 2390t, 2400, 2400s, 2405s, 2410m, 2430m, 2435m, 2450m, 2450p, 2467m, 2500, 2500k, 2500s, 2500t, 2510e, 2515e, 2520m, 2537m, 2540m, 2550k, 2557m, 3210m, 3230m, 3317u, 3320m, 3330, 3330s, 3337u, 3339y, 3340, 3340m, 3340s, 3350p, 3360m, 3380m, 3427u, 3437u, 3439y, 3450, 3450s, 3470, 3470s, 3470t, 3475s, 3550, 3550s, 3570, 3570k, 3570s, 3570t, 3610me, 4200h, 4200m, 4200u, 4200y, 4202y, 4210h, 4210m, 4210u, 4210y, 4220y, 4250u, 4258u, 4260u, 4278u, 4288u, 4300m, 4300u, 4300y, 4302y, 4308u, 4310m, 4310u, 4330m, 4340m, 4350u, 4360u, 4400e, 4402e, 4402ec, 4410e, 4422e, 4430, 4430s, 4440, 4440s, 4460, 4460s, 4460t, 4570, 4570r, 4570s, 4570t, 4570te, 4590, 4590s, 4590t, 4670, 4670k, 4670r, 4670s, 4670t, 4690, 4690k, 4690s, 4690t, 5200u, 5250u, 5257u, 5287u, 5300u, 5350h, 5350u, 5575r, 5675c, 5675r, 6200u, 6260u, 6267u, 6287u, 6300hq, 6300u, 6350hq, 6360u, 6400, 6400t, 6402p, 6440eq, 6440hq, 6442eq, 6500, 6500t, 6500te, 6585r, 6600, 6600k, 6600t, 6685r, 8250u, 8350u, 8400, 8600k
IntelCore I77y75, 610e, 620le, 620lm, 620m, 620ue, 620um, 640lm, 640m, 640um, 660lm, 660ue, 660um, 680um, 720qm, 740qm, 820qm, 840qm, 860, 860s, 870, 870s, 875k, 880, 920, 920xm, 930, 940, 940xm, 950, 960, 965, 970, 975, 980, 980x, 990x, 2600, 2600k, 2600s, 2610ue, 2617m, 2620m, 2629m, 2630qm, 2635qm, 2637m, 2640m, 2649m, 2655le, 2657m, 2670qm, 2675qm, 2677m, 2700k, 2710qe, 2715qe, 2720qm, 2760qm, 2820qm, 2860qm, 2920xm, 2960xm, 3517u, 3517ue, 3520m, 3537u, 3540m, 3555le, 3610qe, 3610qm, 3612qe, 3612qm, 3615qe, 3615qm, 3630qm, 3632qm, 3635qm, 3667u, 3687u, 3689y, 3720qm, 3740qm, 3770, 3770k, 3770s, 3770t, 3820qm, 3840qm, 4500u, 4510u, 4550u, 4558u, 4578u, 4600m, 4600u, 4610m, 4610y, 4650u, 4700ec, 4700eq, 4700hq, 4700mq, 4702ec, 4702hq, 4702mq, 4710hq, 4710mq, 4712hq, 4712mq, 4720hq, 4722hq, 4750hq, 4760hq, 4765t, 4770, 4770hq, 4770k, 4770r, 4770s, 4770t, 4770te, 4771, 4785t, 4790, 4790k, 4790s, 4790t, 4800mq, 4810mq, 4850hq, 4860hq, 4870hq, 4900mq, 4910mq, 4950hq, 4960hq, 4980hq, 5500u, 5550u, 5557u, 5600u, 5650u, 5700eq, 5700hq, 5750hq, 5775c, 5775r, 5850eq, 5850hq, 5950hq, 7500u, 7560u, 7567u, 7600u, 7660u, 7700, 7700hq, 7700k, 7700t, 7820eq, 7820hk, 7820hq, 7920hq, 8550u, 8650u, 8700, 8700k
IntelCore M5y10, 5y10a, 5y10c, 5y31, 5y51, 5y70, 5y71
IntelCore M36y30, 7y30, 7y32
IntelCore M56y54, 6y57
IntelCore M76y75
IntelPentium JJ2850, J2900, J3710, J4205
IntelPentium NN3510, N3520, N3530, N3540, N3700, N3710, N4200
IntelXeonE5502, E5503, E5504, E5506, E5507, E5520, E5530, E5540, E5603, E5606, E5607, E5620, E5630, E5640, E5645, E5649, E6510, E6540, E7520, E7530, E7540, Ec5509, Ec5539, Ec5549, L3406, L3426, L5506, L5508, L5518, L5520, L5530, L5609, L5618, L5630, L5638, L5640, L7545, L7555, Lc5518, Lc5528, W3670, W3680, W3690, W5580, W5590, X3430, X3440, X3450, X3460, X3470, X3480, X5550, X5560, X5570, X5647, X5650, X5660, X5667, X5670, X5672, X5675, X5677, X5680, X5687, X5690, X6550, X7542, X7550, X7560
IntelXeon Bronze3104, 3106
IntelXeon E31105c, 1105c V2, 1125c, 1125c V2, 1220, 1220 V2, 1220 V3, 1220 V5, 1220 V6, 1220l, 1220l V2, 1220l V3, 1225, 1225 V2, 1225 V3, 1225 V5, 1225 V6, 1226 V3, 1230, 1230 V2, 1230 V3, 1230 V5, 1230 V6, 1230l V3, 1231 V3, 1235, 1235l V5, 1240, 1240 V2, 1240 V3, 1240 V5, 1240 V6, 1240l V3, 1240l V5, 1241 V3, 1245, 1245 V2, 1245 V3, 1245 V5, 1245 V6, 1246 V3, 1258l V4, 1260l, 1260l V5, 1265l V2, 1265l V3, 1265l V4, 1268l V3, 1268l V5, 1270, 1270 V2, 1270 V3, 1270 V5, 1270 V6, 1271 V3, 1275, 1275 V2, 1275 V3, 1275 V5, 1275 V6, 1275l V3, 1276 V3, 1278l V4, 1280, 1280 V2, 1280 V3, 1280 V5, 1280 V6, 1281 V3, 1285 V3, 1285 V4, 1285 V6, 1285l V3, 1285l V4, 1286 V3, 1286l V3, 1290, 1290 V2, 1501l V6, 1501m V6, 1505l V5, 1505l V6, 1505m V5, 1505m V6, 1515m V5, 1535m V5, 1535m V6, 1545m V5, 1558l V5, 1565l V5, 1575m V5, 1578l V5, 1585 V5, 1585l V5
IntelXeon E51428l, 1428l V2, 1428l V3, 1620, 1620 V2, 1620 V3, 1620 V4, 1630 V3, 1630 V4, 1650, 1650 V2, 1650 V3, 1650 V4, 1660, 1660 V2, 1660 V3, 1660 V4, 1680 V3, 1680 V4, 2403, 2403 V2, 2407, 2407 V2, 2408l V3, 2418l, 2418l V2, 2418l V3, 2420, 2420 V2, 2428l, 2428l V2, 2428l V3, 2430, 2430 V2, 2430l, 2430l V2, 2438l V3, 2440, 2440 V2, 2448l, 2448l V2, 2450, 2450 V2, 2450l, 2450l V2, 2470, 2470 V2, 2603, 2603 V2, 2603 V3, 2603 V4, 2608l V3, 2608l V4, 2609, 2609 V2, 2609 V3, 2609 V4, 2618l V2, 2618l V3, 2618l V4, 2620, 2620 V2, 2620 V3, 2620 V4, 2623 V3, 2623 V4, 2628l V2, 2628l V3, 2628l V4, 2630, 2630 V2, 2630 V3, 2630 V4, 2630l, 2630l V2, 2630l V3, 2630l V4, 2637, 2637 V2, 2637 V3, 2637 V4, 2640, 2640 V2, 2640 V3, 2640 V4, 2643, 2643 V2, 2643 V3, 2643 V4, 2648l, 2648l V2, 2648l V3, 2648l V4, 2650, 2650 V2, 2650 V3, 2650 V4, 2650l, 2650l V2, 2650l V3, 2650l V4, 2658, 2658 V2, 2658 V3, 2658 V4, 2658a V3, 2660, 2660 V2, 2660 V3, 2660 V4, 2665, 2667, 2667 V2, 2667 V3, 2667 V4, 2670, 2670 V2, 2670 V3, 2680, 2680 V2, 2680 V3, 2680 V4, 2683 V3, 2683 V4, 2687w, 2687w V2, 2687w V3, 2687w V4, 2690, 2690 V2, 2690 V3, 2690 V4, 2695 V2, 2695 V3, 2695 V4, 2697 V2, 2697 V3, 2697 V4, 2697a V4, 2698 V3, 2698 V4, 2699 V3, 2699 V4, 2699a V4, 2699r V4, 4603, 4603 V2, 4607, 4607 V2, 4610, 4610 V2, 4610 V3, 4610 V4, 4617, 4620, 4620 V2, 4620 V3, 4620 V4, 4624l V2, 4627 V2, 4627 V3, 4627 V4, 4628l V4, 4640, 4640 V2, 4640 V3, 4640 V4, 4648 V3, 4650, 4650 V2, 4650 V3, 4650 V4, 4650l, 4655 V3, 4655 V4, 4657l V2, 4660 V3, 4660 V4, 4667 V3, 4667 V4, 4669 V3, 4669 V4
IntelXeon E72803, 2820, 2830, 2850, 2850 V2, 2860, 2870, 2870 V2, 2880 V2, 2890 V2, 4807, 4809 V2, 4809 V3, 4809 V4, 4820, 4820 V2, 4820 V3, 4820 V4, 4830, 4830 V2, 4830 V3, 4830 V4, 4850, 4850 V2, 4850 V3, 4850 V4, 4860, 4860 V2, 4870, 4870 V2, 4880 V2, 4890 V2, 8830, 8837, 8850, 8850 V2, 8857 V2, 8860, 8860 V3, 8860 V4, 8867 V3, 8867 V4, 8867l, 8870, 8870 V2, 8870 V3, 8870 V4, 8880 V2, 8880 V3, 8880 V4, 8880l V2, 8880l V3, 8890 V2, 8890 V3, 8890 V4, 8891 V2, 8891 V3, 8891 V4, 8893 V2, 8893 V3, 8893 V4, 8894 V4
IntelXeon Gold5115, 5118, 5119t, 5120, 5120t, 5122, 6126, 6126f, 6126t, 6128, 6130, 6130f, 6130t, 6132, 6134, 6134m, 6136, 6138, 6138f, 6138t, 6140, 6140m, 6142, 6142f, 6142m, 6144, 6146, 6148, 6148f, 6150, 6152, 6154
IntelXeon Phi7210, 7210f, 7230, 7230f, 7235, 7250, 7250f, 7285, 7290, 7290f, 7295
IntelXeon Platinum8153, 8156, 8158, 8160, 8160f, 8160m, 8160t, 8164, 8168, 8170, 8170m, 8176, 8176f, 8176m, 8180
IntelXeon Silver4108, 4109t, 4110, 4112, 4114, 4114t, 4116, 4116t

Vendor Advisories

Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 120 (Pike)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: linux-firmware security update Type/Severity Security Advisory: Important Topic An update for linux-firmware is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Serv ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as havi ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: rhevm-setup-plugins security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rhevm-setup-plugins is now available for RHEV Manager version 36Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: linux-firmware security update Type/Severity Security Advisory: Important Topic An update for linux-firmware is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
The system could be made to expose sensitive information ...
Spectre mitigations were added to QEMU ...
USN-3531-1 introduced regressions in intel-microcode ...
The system could be made to expose sensitive information ...
The system could be made to expose sensitive information ...
The system could be made to expose sensitive information ...
This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the retpoline mitigation for CVE-2017-5715 (Spectre variant 2) This update also includes bug fixes from the upstream Linux 316 stable branch up to and including 31656 For the oldstable distribution (jessie), this problem has been ...
Spectre mitigations were added to libvirt ...
The system could be made to expose sensitive information ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: rhevm-setup-plugins security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rhevm-setup-plugins is now available for RHEV Engine version 41Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis Important: vdsm security update Type/Severity Security Advisory: Important Topic An update for vdsm is now available for RHEV 3X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELSRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for RHEV 4X, RHEV-H, and Agents for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vu ...
Synopsis Important: ovirt-guest-agent-docker security and bug fix update Type/Severity Security Advisory: Important Topic An update for ovirt-guest-agent-docker is now available for RHEV 4X, RHEV-H, and Agents for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securit ...
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) There are three primary variants of the issue which differ in the way the speculative execution can be exploited Variant CVE-2017-5715 triggers the speculative execution ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this upda ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP S ...
Synopsis Important: libvirt security update Type/Severity Security Advisory: Important Topic An update for libvirt is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 110 (Ocata)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: vdsm security update Type/Severity Security Advisory: Important Topic An update for vdsm is now available for RHEV 4X, RHEV-H, and Agents for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for RHEV 3X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELSRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis Important: qemu-kvm-rhev security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a sec ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Servic ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis Important: linux-firmware security update Type/Severity Security Advisory: Important Topic An update for linux-firmware is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis Important: qemu-kvm-rhev security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a sec ...
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: microcode_ctl security update Type/Severity Security Advisory: Important Topic An update for microcode_ctl is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 62 Advanced Update Support, Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux ...
Several security issues were addressed in the Linux kernel ...
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) There are three primary variants of the issue which differ in the way the speculative execution can be exploited Variant CVE-2017-5715 triggers the speculative execution b ...
Several security issues were addressed in the Linux kernel ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 59 Long LifeRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Several security issues were fixed in the Linux kernel ...

Exploits

/* EDB Note: - spectreattackcom/ - spectreattackcom/spectrepdf - googleprojectzeroblogspotcoat/2018/01/reading-privileged-memory-with-sidehtml */ #include <stdioh> #include <stdlibh> #include <stdinth> #ifdef _MSC_VER #include <intrinh> /* for rdtscp and clflush */ #pragma optimize("gt",on ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:26mcu Security Advisory The FreeBSD Project Topic: Intel CPU Microcode Update Category: 3rd pa ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4469-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 22, 2019 wwwdebianorg/security/faq ...

Github Repositories

Spectre attack Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre This exploit check your Linux (x64 only) for the spe

retpoline-audit A quick-and-dirty utility to verify that an executable or shared object is using retpolines to mitigate the Spectre vulnerability (Variant 2: branch target injection, CVE-2017-5715) Specifically, retpoline-audit searches for indirect branches in a binary and its shared object dependencies This is currently known to compile on and work with userspace binaries f

Hardening Playbook Abstract An opinionated minimal-compromises guide to configuring a maximally secure server for high stakes use cases where privacy and security are favored over compatibility, cost, or effeciency This intends to be largely a showcase of the work of others and act as a starting point for researching this space Threat Profile Target protects: Automated air/

spectreScope The demo of the speculative execution attack Spectre (CVE-2017-5753, CVE-2017-5715) Tested On macOS Intel - Apple MacBook Pro Retina, 15-inch, Late 2013 - macOS High Sierra 10132 - 1 Intel(R) Core(TM) i7-4750HQ CPU @ 200GHz - git 2143 - cmake 3101 - Xcode 92 Linux Intel - HP ProLiant BL660C GEN8 - VH

In-Spectre-Meltdown This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes These attacks present 3 different ways of attacking data protection measures on CPUs enabling atta

Spectre 攻击例程 2018年1月2日 (CVE-2017-5753 和 CVE-2017-5715) "幽灵" Spectre 漏洞利用例子 这是什么? 我们把文本 "The Magic Words are Squeamish Ossifrage" 放在内存中, 然后我们试图利用漏洞读取他。如果系统易受到攻击, 那么你将在标准输出中看到相同的文本。 在本代码中, 如果 victim_fun

insights_reports Scripting to pull reports from the Red Hat Insights API Usage: insights_report {credential file} [{account_num}] account_num: Optional account number to report on (defaults to user's primary account) credential_file: YAML file containing attributes RHN_USER and RHN_PASSWORD with the user's customer portal credentials Contents of a sample credentia

Meltdown/Spectre BIOS/Firmware Updates list This is a list of all products an manufacturers which patched BIOS/Firmware addressing the Meltdown and Spectre vulnerabilities If you have better info please send pull requests Why I did this? to have a parseable list for all my hardware Check your mainboard linux curl -s rawgithubusercontentcom/mathse/meltdown-spectre-bio

Spectre Attack Example Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715) Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surf

Spectre Attack Example Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715) Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surf

spectre_meltdown Description Disable Spectre And Meltdown kernel patches (CVE-2017-5754, CVE-2017-5715, CVE-2018-3639) by adding "nopti", "spectre_v2=off" and "spec_store_bypass_disable=off" to kernel command line for grub Adds facts: meltdown spectre_v1 spectre_v2 ibpb_enabled ibrs_enabled pti_enabled cpu_microcode l1tf retp_enabled spec_store_

Spectre Attack Example Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715) Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surf

Deep Spectre Deep Spectre is a deep learning side channel privileged memory reader heavily based on the PoC found here I've written a Medium post explaining the deep learning code and you can read more about Spectre in CVE-2017-5753 and CVE-2017-5715 or check out the whitepaper and Google Project Zero post Installing The Python 3 C API is used to glue the PoC code to th

selfModify One selfmodify code, that can affect cache I haven't figured out how to use it yet Inspired by CVE-2017-5753 and CVE-2017-5715 (as known as Spectre)

Spectre-PoC Not By Me Collected from Book Spectre Attacks: Exploiting Speculative Execution

Spectre Attack Example Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715) Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surf

Meltdown_Spectre_check A little ps1 script to check if the patches are installed This Powershell is for a status check of CVE-2017-5715 (Spectre) & CVE-2017-5754 (Meltdown) on your Windows System You can simply change the output to a nagios plugin or something like that The both module files have to be in the same directory as the ps1 script I have purchased the modu

SpeculativeExecutionAssessment Assesses a system for the "speculative execution" vulnerabilities described in: CVE-2017-5715 (branch target injection) CVE-2017-5753 (bounds check bypass) CVE-2017-5754 (rogue data cache load) WARNING: Ensure that "Prefer 32-bit" is not checked in the build options Requires elevated permissions Mitigiation requires: Set the

CiscoSpectreTakeover A PoC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715) Credits Cisco RCE Exploit submodule by artkond: githubcom/artkond/cisco-snmp-rce JS Spectre Chrome POC by ascendr: githubcom/ascendr/spectre-chrome Tested on a Cisco 1841+2600 Router After running the RCE exploit

ansible-role-server-update-reboot Ansible role to update server to latest packages, reboot server, and wait for the server to start up Add more roles after this to continue installing/configuring server Can also exclude packages from being updated, only update specified packages, or install specified packages Works with Redhat/CentOS and Ubuntu Can be used to update package

Efficient_computering_in_safe_environments Research where we try to achieve the most energy savings and run-time performance by turning off unnecessary protection mechanisms of the modern computer systems The idea is that in a protected controlled environment (eg on a non-cloud data center or a single tenant machine) one can get a measurable performance boost by dispensing wi

splunk-spectre-meltdown-uf-script A script modified from speed47's work to provide KV-pair results into Splunk, via a Universal Forwarder-driven scripted input This is likely to only work on Linux hosts! Original can be found here: githubcom/speed47/spectre-meltdown-checker I added a date/time string to the output, processor details, arch details, and then strip

*Note: This project is currently not maintained Mitigation status for CVE-2017-5753 in IE or Edge is not properly displayed, if you installed the recent Windows updates MeltdownSpectreReport lacks also of report of newer speculative execution vulnerabilities like L1TF Microsoft updated their SpeculationControl module, which I recommend to use * MeltdownSpectreReport Query m

CPU security bugs caused by speculative execution This repo is an attempt to collect information on the class of information disclosure vulnerabilities caused by CPU speculative execution that were disclosed on January 3rd, 2018 Existing nomenclature is inconsistent and there is no agreed-upon name for the entire class of bugs, but the names Spectre and Meltdown have been used

EC2 Police (weeeoooeee weeeoooeee) Look for instances (in all regions) that might not be patched for Meltdown/Spectre vulnerabilities NOTE: This mostly considers the AMI creation date, and the dates for the fixes have been figured out by launching instances and checking whether the kernel was exposed So far, this has only been done for Amazon Linux (1 and 2), Ubuntu and Cor

Spectre-Meltdown-Checker Spectre-Meltdown-Checker is currently a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre) It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and rep

Cyber A repository for teaching material and notes for teaching CyberSecurity Contents Cyber Contents Cyber Tools Blockchain JRAT Remote Access Trojan Mimikatz net user net groups shares sharepoint wireshark responder hashcat Wordscrape - go through whole intranet Targeted Spray Sysvol Cyber Tools Blockchain Blockchain has many features which are desirable such as Immu

meltdownspectre-patches Summary of the patch status for Meltdown / Spectre What? Meltdown and Spectre are hardware design vulnerabilities in all modern CPUs based on speculative execution Background infos: spectreattackcom/ or meltdownattackcom/ (both pages serve identical content) googleprojectzeroblogspotdk/2018/01/reading-privileged-memory-with-

docker-spectre A dockerized spectre test environment This image tests for the spectre vulnerability, also known as CVE-2017-5753, CVE-2017-5715 and also on Exploit-DB:43427 Also CVE-2017-5754 aka MeltDown is included here Introductionary reading / TL;DR Original POC used here: Eriks GIST spectre_multiarch: Architecture independent version Deep learning side channel privil

prometheus-node-exporter Deploys the Node Exporter for Prometheus Requirements None Role Variables Variable Required Default Choices Comments PROMETHEUS_NODE_EXPORTER_MONITOR_RAID_STORCLI no false true, false Monitor RAID with StorCLI PROMETHEUS_NODE_EXPORTER_CHECK_SPECTRE_MELTDOWN no false true, false Check Spectre/Meltdown mitigation status PROMETHEUS_NODE_EXPOR

Spectre and Meltdown security patch management This repository uses Ansible playbooks to view and enable or disable flags that address security vulnerabilities CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 in specific Red Hat Linux versions Red Hat has created updated kernels available to address these security vulnerabilities These patches are enabled by default, to provide

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Ada Agda AppleScript Arc Arduino Assembly Awk Batchfile Brainfuck C C# C++ CMake CSS Chapel Clojure CoffeeScript Common Lisp Coq Crystal D Dart Dockerfile Elixir Elm Emacs Lisp Erlang F# F* Forth Frege Gherkin Go Groovy HTML Haskell Haxe Java JavaScript Jsonnet Julia Jupyter Notebook Kotlin LLVM

ansible-role-server-update-reboot Ansible role to update server to latest packages, reboot server, and wait for the server to start up Add more roles after this to continue installing/configuring server Can also exclude packages from being updated, only update specified packages, or install specified packages Works with Redhat/CentOS and Ubuntu Can be used to update package

CSIRT *Please contribute through pull requests- ;) Another great list: awesome-incident-response Books Nice list here by CertBR Practical Cryptography for Developers, github The Book of Secret Knowledge Links FIRST CertBR - useful links 7º Fórum Brasileiro de CSIRTs SANS Pen-Testing Resources: Downloads Some list of security projects APT & CyberCrim

Overview SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown) For an explanation on how to interpret the output of this tool, please see Understanding Get-SpeculationControlSettings PowerShell

Overview SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown) For an explanation on how to interpret the output of this tool, please see Understanding Get-SpeculationControlSettings PowerShell

SpecuCheck SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4) It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 a

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ActionScript AppleScript Arduino Assembly AutoHotkey Batchfile Brainfuck C C# C++ CMake CSS Clojure CoffeeScript Common Lisp Crystal Cuda D DIGITAL Command Language Dart Dockerfile Elixir Elm Emacs Lisp Erlang F# GAP Gherkin Go Gosu Groff HTML Haskell Java JavaScript Julia Jupyter Notebook Kotli

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 aka Spectre Variant 1 CVE-2017-5715 aka Spectre Variant 2 CVE-2017-5754 aka Meltdown or Variant 3 CVE-2018-3640 aka Variant 3a CVE-2018-3639 aka Variant 4 Supported operating systems: Li

Spectre and Meltdown Guidance Table of Contents About this Repository General Guidance Affected Processors Additional Processor Flaw Guidance SpectrePrime and MeltdownPrime SgxPectre Total Meltdown BranchScope Ryzenfall, Chimera, Fallout, and Masterkey License Contributing Disclaimer About This Repository This repository provides content for aiding DoD administrators in ve

meltdown Table of Contents Description Setup - The basics of getting started with meltdown Reference - An under-the-hood peek at what the module is doing and how Limitations - OS compatibility, etc Development - Guide for contributing to the module Description This module detects whether your system is vulnerable for Meltdown (CVE-2017-5754) or Spectre (CVE-2017-5753, CVE-20

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Temporarily Disable Intel Hyper-Threading 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

awesome-c A curated list of awesome C frameworks, libraries and software git/git - Git Source Code Mirror - This is a publish-only repository and all pull requests are ignored Please follow Documentation/SubmittingPatches procedure for any of your improvements ggreer/the_silver_searcher - A code-searching tool similar to ack, but faster SamyPesse/How-to-Make-a-Computer-Ope

Kaosagnt's Ansible Everyday Utils This project contains many of the Ansible playbooks that I use daily as a Systems Administrator in the pursuit of easy server task automation Installation You will need to setup and install Ansible like you normally would before using what is presented here Hint: it uses ansible wwwansiblecom Optional: Create an ansible-everyd

SMR-MAY-2018 Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process This SMR package includes patches from Google and Samsung Google patches include patches up to Android Security Bulletin - May 2018 package; and Android security patch level (SPL) of May 1, 2018 includes all of these patches T

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Too bad, so sad, exploit devs: Google patches possibly several million dollars' worth of security flaws in Android
The Register • Shaun Nichols in San Francisco • 05 Sep 2019

Except one – a 'your phone is now my phone' bug reported months ago and still not fixed

Google this week emitted the September edition of its monthly Android security updates – and has left at least one known vulnerability unpatched. Also, in case you missed it, the web giant started rolling out Android 10 a few days ago.
The September 2019 bundle of security fixes will be pushed out automatically to Google-branded devices, while those with other Android gear will be fed the fixes by their device manufacturer or mobile carrier. Some of the holes can be patched remotely by t...

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn
Threatpost • Lindsey O'Donnell • 04 Sep 2019

Researchers are warning of a high-severity zero-day vulnerability in Google’s Android operating system, which if exploited could give a local attacker escalated privileges on a target’s device.
The specific flaw exists within the v4l2 (Video4Linux 2) driver in Android. When exploited, a component within the v4l2 “does not validate the existence of an object prior to performing operations on the object,” according to researchers with Zero Day Initiative (ZDI). Researchers said an at...

Windows 10 Spectre 2 Mitigation Now Uses Retpoline By Default
BleepingComputer • Lawrence Abrams • 15 May 2019

If you currently have mitigations enabled for the Spectre Variant 2 (CVE-2017-5715) vulnerability, Microsoft has now enabled the Retpoline Spectre mitigation feature by default in Windows 10 version 1809 (October 2018 Update) for better performance.
When Microsoft released mitigations for the Spectre vulnerabilities they caused a performance hit on older computers. To provide a better solution, Microsoft had been testing a new mitigation called Retpoline in Windows 10 Insider builds tha...

Kaspersky Security Bulletin 2018. Top security stories
Securelist • David Emm Victor Chebyshev • 03 Dec 2018

The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of data, disruption, damage, reputational damage or simply ‘for the lulz’. The result is a threat landscape that ranges from highly sophisticated targeted...

Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole
The Register • Chris Williams, Editor in Chief • 21 May 2018

Design blunder exists in Intel, AMD, Arm, Power processors

A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers.
These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, depending on the circumstances.
Variants 1 and 2 are known as Spectre (CVE-20...

Google and Microsoft Reveal New Spectre Attack
BleepingComputer • Catalin Cimpanu • 21 May 2018

Security researchers from Google and Microsoft have found two new variants of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel.
Rumors about this new flaw leaked online at the start of the month in a German magazine, but actual details were published today.
AMD, ARM, IBM, Intel, Microsoft, Red Hat and Ubuntu have published security advisories at the time of writing, containing explanations of how the bugs work, along with mitigation advice.
The bugs ...

New Spectre Attack Recovers Data From a CPU's Protected SMM Mode
BleepingComputer • Catalin Cimpanu • 18 May 2018

Security researchers from Eclypsium have detailed yesterday a new variation of the Spectre attack that can recover data stored inside a secure CPU area named the System Management Mode (SMM).
For those unfamiliar with CPU design, the SMM is a special x86 processor mode that not even highly-privileged software such as kernels or hypervisors cannot access or interrupt.
Every time code is sent to the SMM, the operating system is suspended and the CPU uses parts of the UEFI/BIOS firmware...

IT threat evolution Q1 2018
Securelist • David Emm • 14 May 2018

In January, we uncovered a sophisticated mobile implant that provides attackers with remote control of infected Android devices.  The malware, called Skygofree (after one of the domains it uses), is a targeted cyber-surveillance tool that has been in development since 2014.  The malware is spread by means of spoofed web pages that mimic leading mobile providers.  The campaign is ongoing and our telemetry indicates that there have been several victims, all in Italy.  We feel confident that th...

Microsoft Releases Two New Windows Updates Containing New Spectre 2 Mitigations
BleepingComputer • Catalin Cimpanu • 25 Apr 2018

As the saying goes —if at first, you don't succeed, then try, try again.
This is the mantra that Microsoft seems to have taken up for dealing with the patching process meant to mitigate the effects of the Spectre v2 (CVE-2017-5715) vulnerability.
The OS maker released yesterday two new Windows updates meant to fix the Spectre v2 vulnerability.
The first of these two is KB4078407. This is a Windows Update package that is available via the Microsoft Update Catalog as a manual u...

AMD Releases Spectre v2 Microcode Updates for CPUs Going Back to 2011
BleepingComputer • Catalin Cimpanu • 11 Apr 2018

AMD has released CPU microcode updates for processors affected by the Spectre variant 2 (CVE-2017-5715) vulnerability. The company has forwarded these microcode updates to PC and motherboard makers to include them in BIOS updates.
Updates are available for products released as far as 2011, for the first processors of the Bulldozer line.
Microsoft has released KB4093112, an update that also includes special OS-level patches for AMD users in regards to the Spectre v2 vulnerability. Sim...

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
Threatpost • Lindsey O'Donnell • 04 Apr 2018

Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update.
The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR, and Yorkfield – will no longer receive patches.
“We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required prote...

Intel Reveals Some CPU Models Will Never Receive Microcode Updates
BleepingComputer • Catalin Cimpanu • 04 Apr 2018

Intel released an update to the Meltdown and Spectre mitigation guide, revealing that it stopped working on mitigations for some processor series.
The Meltdown and Spectre mitigation guide is a PDF document that Intel published in February. The file contains information on the status of microcode updates for each of Intel's CPU models released in the past years.
The file is meant for both end users and OEMs alike, and is intended to help affected users understand what microcode patch...

Academics Discover New CPU Side-Channel Attack Named BranchScope
BleepingComputer • Catalin Cimpanu • 27 Mar 2018

A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users' CPUs.
Speculative execution is the same CPU function exploited by the Meltdown and Spectre flaws disclosed at the start of the year, but the attack researchers found is different from previous flaws, as it attacks a new section of the speculative execution process.
Researchers named this new ...

New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown
Threatpost • Lindsey O'Donnell • 16 Mar 2018

In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities.
The limited time program is open until December  31, and offers up to $250,000 for identifying new categories of speculative execution attacks that Microsoft and other industry partners are not yet aware of.
Speculative execution side channels are a hardware vulnerability class that affects CPUs from multiple manufacturers. T...

Intel Announces CPU Hardware Protections to Prevent Future Spectre-Like Flaws
BleepingComputer • Catalin Cimpanu • 15 Mar 2018

Intel announced today that upcoming CPU models would include brand new hardware-level protections to prevent any future Meltdown and Spectre-like vulnerabilities.
Intel processors featuring these hardware-level protections will start shipping out in the second half of 2018.
The company said that these protections are currently being added to 8th Generation Intel Core processors and Intel Xeon Scalable processors (codenamed Cascade Lake).
Intel describes the new hardware protect...

A Bunch of Intel Microcode Patches Have Arrived on the Microsoft Update Catalog
BleepingComputer • Catalin Cimpanu • 14 Mar 2018

Earlier this month, Microsoft announced it would be bundling Intel microcode (BIOS) updates meant to fix the graver version of the Spectre vulnerability as Windows Update packages made available via the Microsoft Update Catalog portal.
Yesterday, Microsoft greatly expanded the number of such packages, extending support from the initial Skylake 6th gen processor family to many more CPU series.
This means that many Windows users who utilize Intel CPUs but have not received BIOS updates...

Microsoft Partners with Intel to Deliver CPU Microcode Fixes via Windows Updates
BleepingComputer • Catalin Cimpanu • 01 Mar 2018

Microsoft said today that it would take Intel CPU microcode updates meant to fix the Spectre v2 vulnerability and ship these updates to users via a Windows update package.
The announcement is a change of direction in regards to Microsoft's position towards the Meltdown and Spectre patching process.
Meltdown and Spectre (v1 and v2) are three vulnerabilities that affect a large number of modern CPUs.
Microsoft (and other OS makers) have supplied OS-level updates to address the Me...

Here We Go Again: Intel Releases Updated Spectre Patches
BleepingComputer • Catalin Cimpanu • 22 Feb 2018

In a press release published on Tuesday, Intel announced it resumed the deployment of CPU microcode firmware updates. These updates are meant to mitigate the Spectre Variant 2 vulnerability —CVE-2017-5715.
The Meltdown (CVE-2017-5754) and Spectre variant 1 (CVE-2017-5753) vulnerabilities —which became public at the start of the year— were fixed through software updates at the OS level.
Intel paused the deployment of Spectre v2 CPU microcode updates on January 22 after receiving...

Post-Meltdown Intel Tries to Save Face with $250,000 Bug Bounty Program
BleepingComputer • Catalin Cimpanu • 14 Feb 2018

Intel has launched a public bug bounty program with individual rewards going as far as $250,000, the company said today in a press release.
Intel had previously run a bug bounty program, but that one was limited to submissions from a few selected security researchers only.
The new bug bounty program will be hosted on the HackerOne platform, and Intel has opened up its hardware, firmware, and software products for the occasion.
Any security researcher with a HackerOne account ca...

We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities
BleepingComputer • Catalin Cimpanu • 01 Feb 2018

Security researchers are seeing an ever-increasing number of suspicious file samples that are experimenting with the Meltdown and Spectre vulnerabilities.
According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities.
Researchers from AV-TEST have detected 139 suspicious file samples that are related to the...

Microsoft works weekends to kill Intel's shoddy Spectre patch
The Register • Richard Chirgwin • 29 Jan 2018

Out-of-band patch may assuage user anger over Intel crudware, closed-club disclosure process

Microsoft has implemented Intel's advice to reverse the chipmaker's Spectre variant 2 microcode patches.
Redmond issued a rare weekend out-of-cycle advisory on Saturday here, to make the unwind possible.
Intel's first patch was so bad, it made many computers less stable, sending Linux kernel supremo Linus Torvalds into a justifiable meltdown last week.
Chipzilla later withdrew the patch, but it had made its way into a Microsoft fix, which the Windows giant pulled on Saturday.

Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations
BleepingComputer • Catalin Cimpanu • 28 Jan 2018

Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715).
The update —KB4078130— targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions.
Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3.
The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the m...

Apple Backports Meltdown Patch to Older macOS Versions
BleepingComputer • Catalin Cimpanu • 24 Jan 2018

On January 23, 2018, Apple released a third set of updates for macOS that backported previous Meltdown patches to older versions of the macOS operating system.
Apple first patched the Meltdown flaw (CVE-2017-5753) on December 6, 2017, with the release of iOS 11.2, macOS 10.13.2, and tvOS 11.2.
The company then patched the Spectre flaws (CVE-2017-5753 and CVE-2017-5715) in a separate security update released on January 8, 2018, for macOS High Sierra 10.13.2, iOS 11.2.2, and Safari 11....

HP Reissuing BIOS Updates After Buggy Intel Meltdown and Spectre Updates
BleepingComputer • Catalin Cimpanu • 23 Jan 2018

HP announced today it was stopping the deployment of BIOS updates containing Meltdown and Spectre patches and reissuing older BIOS versions.
HP's announcement comes after Intel issued an update to its Meltdown and Spectre advisory yesterday, Monday, January 22.
The CPU maker said it finished investigating previous reports of increased system reboot rates and found problems with the CPU microcode (firmware) updates that tried to mitigate the Spectre Variant 2 bug (CVE-2017-5715).

Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues
BleepingComputer • Catalin Cimpanu • 19 Jan 2018

Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.
"Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday.
"The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes...

Now Meltdown patches are making industrial control systems lurch
The Register • John Leyden • 15 Jan 2018

Automation and SCADA-flingers admit fix has affected products

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.
SCADA vendor Wonderware admitted that Redmond's Meltdown patch made its Historian product wobble. "Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," an advisory on Wonderware's support site explains.
Rockwell Automation revealed that the same patch had caused...

Apple Releases Spectre Patches for Safari, macOS and iOS
Threatpost • Tom Spring • 08 Jan 2018

Apple released iOS 11.2.2 software Monday for iPhones, iPads and iPod touch models that patch for the Spectre vulnerabilities. A macOS High Sierra 10.13.2 supplemental update was also released to bolster Spectre defenses in Apple’s Safari browser and WebKit, the web browser engine used by Safari, Mail, and App Store.
This is the second update for Apple since last week’s revelation of the massive processor vulnerabilities, Meltdown and Spectre, impacting CPU’s worldwide. Apple previo...

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns
The Register • John Leyden • 08 Jan 2018

This is going to take a while

More examples have emerged of security fixes for the Meltdown vulnerability breaking things.
Patching against CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) borks both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.
PulseSecure has come up with a workaround for affected platforms, which include Windows 10 and Windows 8.1 but not Windows 7.
Sandboxie has released an updated client to solve compatibility i...

Apple Releases Security Updates for Spectre CPU Flaw
BleepingComputer • Catalin Cimpanu • 08 Jan 2018

Apple has released today security updates to mitigate the effects of the Spectre vulnerability that affects processors deployed with Apple devices such as smartphones, tablets, and desktop computers.
The patches mitigate two security bugs (CVE-2017-5753 and CVE-2017-5715) collectively referred to as Spectre.
Apple released macOS High Sierra 10.13.2, iOS 11.2.2, and Safari 11.0.2, all which include mitigations for Spectre.
The company previously patched the Meltdown flaw (CVE-20...

Experts Weigh In On Spectre Patch Challenges
Threatpost • Tom Spring • 07 Jan 2018

The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices.
Currently, vendors are focused on three main mitigation efforts. Patches that address the Meltdown flaws are KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed). On Thursday, Google unveiled a Retpoline coding technique for m...

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too
The Register • Shaun Nichols in San Francisco • 06 Jan 2018

Just in time for Friday night

Qualcomm has confirmed its processors have the same security vulnerabilities disclosed this week in Intel, Arm, AMD and IBM CPU cores.
The California tech giant picked the favored Friday US West Coast afternoon "news dump" slot to admit at least some of its billions of Arm-compatible Snapdragon system-on-chips and newly released Centriq server-grade processors are subject to the Meltdown and/or Spectre data-theft bugs.
"Qualcomm Technologies, Inc is aware of the security research on ...

Meltdown and Spectre CPU Vulnerabilities: What You Need to Know
welivesecurity • Aryeh Goretsky • 05 Jan 2018

UPDATE (14 March – 06:25 CET): On Monday, March 12th, Intel announced the availability of updated firmware for its Sandy Bridge (2nd generation) and Ivy Bridge (3rd generation) Intel Core and Xeon processors. On Wednesday, February 28th, Intel announced the availability of updated firmware for its Broadwell (4th generation) and Haswell (5th generation) Intel Core and Xeon processors. On Tuesday, February 20th, Intel announced the availability of updated firmware for its Skylake (6th generati...

Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks
BleepingComputer • Catalin Cimpanu • 05 Jan 2018

Google has published details about a new coding technique created by the company's engineers that any developer can deploy and prevent Spectre attacks.
The company claims this new technique, called Retpoline, has a "negligible impact on performance" compared to other patches rolled out in the past few days that in some cases caused big CPU performance dips.
Authored by Paul Turner, Senior Staff Engineer for Google's Technical Infrastructure, the technique is described as a binary mod...

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll
The Register • Shaun Nichols in San Francisco • 04 Jan 2018

Check your anti-malware tool unless you like BSoDs

Microsoft has released updates for Windows to block attempts by hackers and malware to exploit the Meltdown vulnerability in Intel x86-64 processors – but you will want to check your antivirus software before applying the fixes.
The Redmond giant issued the out-of-band update late yesterday for Windows 10 version 1709.
While the documentation for the fix does not name Chipzilla's CPU-level vulnerability specifically, a Microsoft spokesman told El Reg it will hopefully protect Windo...

Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
Threatpost • Tom Spring • 04 Jan 2018

Intel, Amazon, Microsoft and others are playing down concerns over the impact of the massive Spectre and Meltdown vulnerabilities affecting computers, servers and mobile devices worldwide.
The two flaws, Spectre and Meltdown, are far reaching and impact a wide range of microprocessors used in the past decade in computers and mobile devices including those running Android, Chrome, iOS, Linux, macOS and Windows. While Meltdown only affects Intel processors, Spectre affects chips from Intel,...

Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
BleepingComputer • Catalin Cimpanu • 03 Jan 2018

Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995."
Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."
Furthermore, Google says that tests on virtual machines us...

List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Two new vulnerabilities called Meltdown and Spectre, or speculative execution side-channel vulnerabilities, have been discovered in modern processors that allow malicious programs to steal information from the memory of other programs. This means that the malicious program can steal passwords, account information, encryption keys, or theoretically anything stored in the memory of a process.
Vendors have started to release information on how customers can protect themselves from Spectre o...

References

CWE-200http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.htmlhttp://nvidia.custhelp.com/app/answers/detail/a_id/4609http://nvidia.custhelp.com/app/answers/detail/a_id/4611http://nvidia.custhelp.com/app/answers/detail/a_id/4613http://nvidia.custhelp.com/app/answers/detail/a_id/4614http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.htmlhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txthttp://www.kb.cert.org/vuls/id/584653http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/102376http://www.securitytracker.com/id/1040071http://xenbits.xen.org/xsa/advisory-254.htmlhttps://access.redhat.com/errata/RHSA-2018:0292https://access.redhat.com/security/vulnerabilities/speculativeexecutionhttps://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/https://cert.vde.com/en-us/advisories/vde-2018-002https://cert.vde.com/en-us/advisories/vde-2018-003https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlhttps://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlhttps://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlhttps://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-frhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.aschttps://security.gentoo.org/glsa/201810-06https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlhttps://security.netapp.com/advisory/ntap-20180104-0001/https://securityadvisories.paloaltonetworks.com/Home/Detail/121https://spectreattack.com/https://support.citrix.com/article/CTX231399https://support.f5.com/csp/article/K91229003https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_ushttps://support.lenovo.com/us/en/solutions/LEN-18282https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannelhttps://usn.ubuntu.com/3531-1/https://usn.ubuntu.com/3531-3/https://usn.ubuntu.com/3540-2/https://usn.ubuntu.com/3541-2/https://usn.ubuntu.com/3542-2/https://usn.ubuntu.com/3549-1/https://usn.ubuntu.com/3560-1/https://usn.ubuntu.com/3561-1/https://usn.ubuntu.com/3580-1/https://usn.ubuntu.com/3581-1/https://usn.ubuntu.com/3581-2/https://usn.ubuntu.com/3582-1/https://usn.ubuntu.com/3582-2/https://usn.ubuntu.com/3594-1/https://usn.ubuntu.com/3597-1/https://usn.ubuntu.com/3597-2/https://usn.ubuntu.com/3620-2/https://usn.ubuntu.com/3690-1/https://usn.ubuntu.com/3777-3/https://usn.ubuntu.com/usn/usn-3516-1/https://www.debian.org/security/2018/dsa-4120https://www.debian.org/security/2018/dsa-4187https://www.debian.org/security/2018/dsa-4188https://www.debian.org/security/2018/dsa-4213https://www.exploit-db.com/exploits/43427/https://www.kb.cert.org/vuls/id/180049https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/https://www.synology.com/support/security/Synology_SA_18_01https://www.vmware.com/security/advisories/VMSA-2018-0007.htmlhttps://www.vmware.com/us/security/advisories/VMSA-2018-0002.htmlhttps://www.vmware.com/us/security/advisories/VMSA-2018-0004.htmlhttps://www.rapid7.com/db/vulnerabilities/redhat_linux-rhsa-2018-0094https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-5715https://nvd.nist.govhttps://usn.ubuntu.com/3594-1/