4.7
CVSSv2

CVE-2017-5753

Published: 04/01/2018 Updated: 05/06/2020
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 488
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Vulnerability Trend

Vendor Advisories

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 59 Long LifeRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
The system could be made to expose sensitive information ...
Synopsis Important: Red Hat CloudForms 45 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat CloudForms 45Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for RHEV 4X, RHEV-H, and Agents for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for RHEV 3X Hypervisor and Agents for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A C ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Sol ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for RHEV 4X, RHEV-H, and Agents for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis Important: rhev-hypervisor7 security update Type/Severity Security Advisory: Important Topic An update for rhev-hypervisor7 is now available for RHEV 3X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELSRed Hat Product Securi ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were addressed in the Linux kernel ...
Synopsis Important: Red Hat CloudForms 42 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat CloudForms 42Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: Red Hat CloudForms 41 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat CloudForms 41Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: Red Hat CloudForms 40 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat CloudForms 40Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Several security issues were fixed in the Linux kernel ...
WebKitGTK+ could be made to expose sensitive information ...
Several security issues were addressed in the Linux kernel ...
Firefox could be made to expose sensitive information ...
Several security issues were addressed in the Linux kernel ...
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) There are three primary variants of the issue which differ in the way the speculative execution can be exploited Variant CVE-2017-5753 triggers the speculative execution b ...
Several security issues were addressed in the Linux kernel ...
Several security issues were addressed in the Linux kernel ...
Several security issues were addressed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
a VMware Virtual Appliance Mitigations for Bounds-Check bypass (Spectre-1), and Rogue data cache load issues (Meltdown)   CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...

Exploits

/* EDB Note: - spectreattackcom/ - spectreattackcom/spectrepdf - googleprojectzeroblogspotcoat/2018/01/reading-privileged-memory-with-sidehtml */ #include <stdioh> #include <stdlibh> #include <stdinth> #ifdef _MSC_VER #include <intrinh> /* for rdtscp and clflush */ #pragma optimize("gt",on ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4469-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 22, 2019 wwwdebianorg/security/faq ...

Github Repositories

Spectre-Vulnerability-CVE-2017-5753- This repository contains a report on Specre vulnerability and details on exploiting vulnerability The Proof of Concept used for this was reffered from ( githubcom/Eugnis/spectre-attack ) GitHub repository Originally, the code was from a report by Graz University of technology ( spectreattackcom/spectrepdf ) When complin

OSX 10.13.2, CVE-2017-5753, Spectre, PoC, C, ASM for OSX, MAC, Intel Arch, Proof of Concept, Hopper.App Output

CVE-2017-5753 CVE-2017-5753, Spectre, PoC, C, ASM for OSX, MAC, Intel Arch Compile: gcc -o aout spectrec Output: 0x41414141 Also added Control Flow output from Hopperapp for Visual Learners You can Adjust the junk size and get more reliable Reads Depending on CPU activity, Hits are lower when Activity is High on older Devices with small Cache

My starred repositories

Awesome Stars A curated list of my GitHub stars! Generated by stargazed Contents ANTLR (1) ActionScript (1) Assembly (7) AutoHotkey (1) AutoIt (1) Awk (1) Batchfile (5) C (132) C# (40) C++ (144) CMake (2) CSS (108) Clojure (5) CoffeeScript (9) Common Lisp (1) Crystal (1) Dart (81) Dockerfile (3) Elixir (4) Elm (1) Emacs Lisp (9) Erlang (2) Go (247) Groff (1) Groovy (4) H

linux kernel exploits

linux-exploit Exploits CVE-2018-3639 (as known as Speculative store bypass, Spectre Variant4) CVE-2017-5753 (as known as Bound check bypass, Spectre Variant1) Exploit remaining spectre gadget Find remaining spectre gadget, and exploit them Notes In the case of CVE-2018-3639, CVE-2017-5753, These are slightly updated version of Google's exploit code for eliminating ad

Windows Spectre Meltdown Mitigations Note, these are not final, they are waiting on verification and review NOTE: VARIANT 2 CHART IS NOT ACCURATE, WORKING ON UPDATES This information was gleaned from many sources: googleprojectzeroblogspotcouk/2018/01/reading-privileged-memory-with-sidehtml securitygoogleblogcom/2018/01/more-details-about-mitigations-for

Proof of Concept - Spectre

Spectre - Proof of Concept What is Spectre and Meltdown? Meltdown and Spectre exploit critical vulnerabilities in modern processors These hardware vulnerabilities allow programs to steal data which is currently processed on the computer While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hol

Deep learning side channel privileged memory reader

Deep Spectre Deep Spectre is a deep learning side channel privileged memory reader heavily based on the PoC found here I've written a Medium post explaining the deep learning code and you can read more about Spectre in CVE-2017-5753 and CVE-2017-5715 or check out the whitepaper and Google Project Zero post Installing The Python 3 C API is used to glue the PoC code to th

Spectre Attack Example Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715) Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surf

The demo of the speculative execution attack Spectre (CVE-2017-5753, CVE-2017-5715).

spectreScope The demo of the speculative execution attack Spectre (CVE-2017-5753, CVE-2017-5715) Tested On macOS Intel - Apple MacBook Pro Retina, 15-inch, Late 2013 - macOS High Sierra 10132 - 1 Intel(R) Core(TM) i7-4750HQ CPU @ 200GHz - git 2143 - cmake 3101 - Xcode 92 Linux Intel - HP ProLiant BL660C GEN8 - VH

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

Spectre Attack Example Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715) Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surf

linux-exploit

linux-exploit Exploits CVE-2018-3639 (as known as Speculative store bypass, Spectre Variant4) CVE-2017-5753 (as known as Bound check bypass, Spectre Variant1) Exploit remaining spectre gadget Find remaining spectre gadget, and exploit them Notes In the case of CVE-2018-3639, CVE-2017-5753, These are slightly updated version of Google's exploit code for eliminating ad

Spectre Attack Example Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715) Spectre breaks the isolation between different applications It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets In fact, the safety checks of said best practices actually increase the attack surf

2018年1月2日 (CVE-2017-5753 和 CVE-2017-5715) "幽灵" Spectre 漏洞利用例子

Spectre 攻击例程 2018年1月2日 (CVE-2017-5753 和 CVE-2017-5715) "幽灵" Spectre 漏洞利用例子 这是什么? 我们把文本 "The Magic Words are Squeamish Ossifrage" 放在内存中, 然后我们试图利用漏洞读取他。如果系统易受到攻击, 那么你将在标准输出中看到相同的文本。 在本代码中, 如果 victim_fun

One selfmodify code, that can affect cache. I haven't figured out how to use it yet.

selfModify One selfmodify code, that can affect cache I haven't figured out how to use it yet Inspired by CVE-2017-5753 and CVE-2017-5715 (as known as Spectre)

Checking tools to detect Spectre or Meltdown vulnerabilities

Spectre-Meltdown-Checker Spectre-Meltdown-Checker is currently a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre) It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and rep

Assesses a system for the "speculative execution" vulnerabilities described in CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

SpeculativeExecutionAssessment Assesses a system for the "speculative execution" vulnerabilities described in: CVE-2017-5715 (branch target injection) CVE-2017-5753 (bounds check bypass) CVE-2017-5754 (rogue data cache load) WARNING: Ensure that "Prefer 32-bit" is not checked in the build options Requires elevated permissions Mitigiation requires: Set the

A POC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715)

CiscoSpectreTakeover A PoC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715) Credits Cisco RCE Exploit submodule by artkond: githubcom/artkond/cisco-snmp-rce JS Spectre Chrome POC by ascendr: githubcom/ascendr/spectre-chrome Tested on a Cisco 1841+2600 Router After running the RCE exploit

Summary of the patch status for Meltdown / Spectre

meltdownspectre-patches Summary of the patch status for Meltdown / Spectre What? Meltdown and Spectre are hardware design vulnerabilities in all modern CPUs based on speculative execution Background infos: spectreattackcom/ or meltdownattackcom/ (both pages serve identical content) googleprojectzeroblogspotdk/2018/01/reading-privileged-memory-with-

ansible-role-server-update-reboot Ansible role to update server to latest packages, reboot server, and wait for the server to start up Add more roles after this to continue installing/configuring server Can also exclude packages from being updated, only update specified packages, or install specified packages Works with Redhat/CentOS and Ubuntu Can be used to update package

yum update for centos

ansible-role-server-update-reboot Ansible role to update server to latest packages, reboot server, and wait for the server to start up Add more roles after this to continue installing/configuring server Can also exclude packages from being updated, only update specified packages, or install specified packages Works with Redhat/CentOS and Ubuntu Can be used to update package

Query mitigation status of Meltdown and Spectre against one or multiple Windows computers. It uses parallelization for fast data collection.

*Note: This project is currently not maintained Mitigation status for CVE-2017-5753 in IE or Edge is not properly displayed, if you installed the recent Windows updates MeltdownSpectreReport lacks also of report of newer speculative execution vulnerabilities like L1TF Microsoft updated their SpeculationControl module, which I recommend to use * MeltdownSpectreReport Query m

Spectre and Meltdown security patch management

Spectre and Meltdown security patch management This repository uses Ansible playbooks to view and enable or disable flags that address security vulnerabilities CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 in specific Red Hat Linux versions Red Hat has created updated kernels available to address these security vulnerabilities These patches are enabled by default, to provide

Installs the Node Exporter for Prometheus

prometheus-node-exporter Deploys the Node Exporter for Prometheus Requirements None Role Variables Variable Required Default Choices Comments PROMETHEUS_NODE_EXPORTER_MONITOR_RAID_STORCLI no false true, false Monitor RAID with StorCLI PROMETHEUS_NODE_EXPORTER_CHECK_SPECTRE_MELTDOWN no false true, false Check Spectre/Meltdown mitigation status PROMETHEUS_NODE_EXPOR

Spectre and Meltdown in a docker containerized test

docker-spectre A dockerized spectre test environment This image tests for the spectre vulnerability, also known as CVE-2017-5753, CVE-2017-5715 and also on Exploit-DB:43427 Also CVE-2017-5754 aka MeltDown is included here Introductionary reading / TL;DR Original POC used here: Eriks GIST spectre_multiarch: Architecture independent version Deep learning side channel privil

a list of BIOS/Firmware fixes adressing CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Meltdown/Spectre BIOS/Firmware Updates list This is a list of all products an manufacturers which patched BIOS/Firmware addressing the Meltdown and Spectre vulnerabilities If you have better info please send pull requests Why I did this? to have a parseable list for all my hardware Check your mainboard linux curl -s rawgithubusercontentcom/mathse/meltdown-spectre-bio

Spectre and Meltdown Guidance Table of Contents About this Repository General Guidance Affected Processors Additional Processor Flaw Guidance SpectrePrime and MeltdownPrime SgxPectre Total Meltdown BranchScope Ryzenfall, Chimera, Fallout, and Masterkey License Contributing Disclaimer About This Repository This repository provides content for aiding DoD administrators in ve

Mirror of the Spectre / Meltdown tool for work use

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 aka Spectre Variant 1 CVE-2017-5715 aka Spectre Variant 2 CVE-2017-5754 aka Meltdown or Variant 3 CVE-2018-3640 aka Variant 3a CVE-2018-3639 aka Variant 4 Supported operating systems: Li

SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)

SpecuCheck SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4) It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 a

TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre. My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite.

Transient Execution Attack Pot TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite This project is mainly based on project Transient Fail developed by IAIK More information will be found on their paper A Sy

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

A curated list of awesome C frameworks, libraries and software.

awesome-c A curated list of awesome C frameworks, libraries and software Genymobile/scrcpy - Display and control your Android device git/git - Git Source Code Mirror - This is a publish-only repository and all pull requests are ignored Please follow Documentation/SubmittingPatches procedure for any of your improvements obsproject/obs-studio - OBS Studio - Free and open sour

Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

Generates Deep Security CSV reports

Setup Instructions Download & install the Deep Security SDK Create Deep Security API keys Set the API key as a DS_KEY environment variable Usage Instructions Help Menu $ python3 reporterpy -h usage: reporterpy [-h] [--report-filename REPORT_FILENAME] [--summary-filename SUMMARY_FILENAME] [--app-names [APP_NAMES [APP_NAMES

PowerShell DSC for enabling the Speculation Control (Meltdown/Spectre) on Windows

cSpeculationControlFixes Description PowerShell DSC for enabling Speculation Control fixes on Windows Authored by Kieran Jacobsen The Microsoft KB Windows Server guidance to protect against speculative execution side-channel vulnerabilities provides a number of options on what speculative controls you can implement, use the table below to map the titles of each mitgation in t

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Disable Intel Hyper-Threading (Updated!) 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

meltdown Table of Contents Description Setup - The basics of getting started with meltdown Reference - An under-the-hood peek at what the module is doing and how Limitations - OS compatibility, etc Development - Guide for contributing to the module Description This module detects whether your system is vulnerable for Meltdown and Spectre Detection on Linux On Linux, the mod

Microarchitectural exploitation and other hardware attacks.

Hardware attacks / State of the art Microarchitectural exploitation and other hardware attacks Contributing: Contributions, comments and corrections are welcome, please do PR Flaws: TPM-FAIL / TPM meets Timing and Lattice Attacks [CVE-2019-11090] For Intel fTPM [CVE-2019-16863] For STMicroelectronics TPM [CVE-2015-0565] Rowhammer based: [CVE-2016-6728] DRAMMER [CV

python-poc

poc--exp 个人常用渗透poc收集 CVE-2014-4113 Win64bit本地提权漏洞 CVE-2014-4878 海康RCE漏洞 CVE-2017-0143 永恒之蓝漏洞 CVE-2017-0474 安卓MediaserverRCE CVE-2017-0641 Google Android Media framework远程代码执行漏洞 CVE-2017-11882 office远程执行漏洞 CVE-2017-13156 安卓janus漏洞 CVE-2017-5753 intel侧信道攻击漏洞 CVE-2017-7269

常用渗透poc收集

poc--exp 个人常用渗透poc收集 CVE-2014-4113 Win64bit本地提权漏洞 CVE-2014-4878 海康RCE漏洞 CVE-2017-0143 永恒之蓝漏洞 CVE-2017-0474 安卓MediaserverRCE CVE-2017-0641 Google Android Media framework远程代码执行漏洞 CVE-2017-11882 office远程执行漏洞 CVE-2017-13156 安卓janus漏洞 CVE-2017-5753 intel侧信道攻击漏洞 CVE-2017-7269

Kaosagnt's Ansible Everyday Utils

Kaosagnt's Ansible Everyday Utils This project contains many of the Ansible playbooks that I use daily as a Systems Administrator in the pursuit of easy server task automation Installation You will need to setup and install Ansible like you normally would before using what is presented here Hint: it uses ansible wwwansiblecom Optional: Create an ansible-everyd

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Kaspersky Security Bulletin 2018. Top security stories
Securelist • David Emm Victor Chebyshev • 03 Dec 2018

The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of data, disruption, damage, reputational damage or simply ‘for the lulz’. The result is a threat landscape that ranges from highly sophisticated targeted...

New NetSpectre Attack Can Steal CPU Secrets via Network Connections
BleepingComputer • Catalin Cimpanu • 27 Jul 2018

Scientists have published a paper today detailing a new Spectre-class CPU attack that can be carried out via network connections and does not require the attacker to host code on a targeted machine.
This new attack —codenamed NetSpectre— is a major evolution for Spectre attacks, which until now have required the attacker to trick a victim into downloading and running malicious code on his machine, or at least accessing a website that runs malicious JavaScript in the user's browser.

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned
The Register • Thomas Claburn in San Francisco • 26 Jul 2018

Billions of devices potentially at risk – but Intel isn't worried

Computer security researchers have devised a way to exploit the speculative-execution design flaws in modern processor chips over a network connection – a possibility that sounds rather more serious but may be something less than that.
Until now, Spectre attacks have required malicious code to be running on a vulnerable machine to potentially extract passwords, keys, and other secrets, from the memory of other software on the computer.
Now, here comes NetSpectre: a technique for po...

Academics Announce New Protections Against Spectre and Rowhammer Attacks
BleepingComputer • Catalin Cimpanu • 23 Jul 2018

Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer.
Both these fixes are at the software level, meaning they don't require CPU or RAM vendors to alter products, and could, in theory, be applied as basic software patches.
The first of these new mitigation mechanisms was announces on Thursday, last week. A research team from Dartmouth College in New Hampshire says it created a fix for Spectre Variant 1 (CVE-2017-5753),...

Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole
The Register • Chris Williams, Editor in Chief • 21 May 2018

Design blunder exists in Intel, AMD, Arm, Power processors

A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers.
These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, depending on the circumstances.
Variants 1 and 2 are known as Spectre (CVE-20...

Google and Microsoft Reveal New Spectre Attack
BleepingComputer • Catalin Cimpanu • 21 May 2018

Security researchers from Google and Microsoft have found two new variants of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel.
Rumors about this new flaw leaked online at the start of the month in a German magazine, but actual details were published today.
AMD, ARM, IBM, Intel, Microsoft, Red Hat and Ubuntu have published security advisories at the time of writing, containing explanations of how the bugs work, along with mitigation advice.
The bugs ...

New Spectre Attack Recovers Data From a CPU's Protected SMM Mode
BleepingComputer • Catalin Cimpanu • 18 May 2018

Security researchers from Eclypsium have detailed yesterday a new variation of the Spectre attack that can recover data stored inside a secure CPU area named the System Management Mode (SMM).
For those unfamiliar with CPU design, the SMM is a special x86 processor mode that not even highly-privileged software such as kernels or hypervisors cannot access or interrupt.
Every time code is sent to the SMM, the operating system is suspended and the CPU uses parts of the UEFI/BIOS firmware...

IT threat evolution Q1 2018
Securelist • David Emm • 14 May 2018

In January, we uncovered a sophisticated mobile implant that provides attackers with remote control of infected Android devices.  The malware, called Skygofree (after one of the domains it uses), is a targeted cyber-surveillance tool that has been in development since 2014.  The malware is spread by means of spoofed web pages that mimic leading mobile providers.  The campaign is ongoing and our telemetry indicates that there have been several victims, all in Italy.  We feel confident that th...

Oracle whips out the swatter, squishes 254 security bugs in its gear
The Register • Shaun Nichols in San Francisco • 19 Apr 2018

Java fixes lobbed out, Spectre Solaris patches issued

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products.
Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its products back in January. This update applies further fixes for Solaris versions 10 and 11.3.
Java was on...

New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown
Threatpost • Lindsey O'Donnell • 16 Mar 2018

In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities.
The limited time program is open until December  31, and offers up to $250,000 for identifying new categories of speculative execution attacks that Microsoft and other industry partners are not yet aware of.
Speculative execution side channels are a hardware vulnerability class that affects CPUs from multiple manufacturers. T...

Here We Go Again: Intel Releases Updated Spectre Patches
BleepingComputer • Catalin Cimpanu • 22 Feb 2018

In a press release published on Tuesday, Intel announced it resumed the deployment of CPU microcode firmware updates. These updates are meant to mitigate the Spectre Variant 2 vulnerability —CVE-2017-5715.
The Meltdown (CVE-2017-5754) and Spectre variant 1 (CVE-2017-5753) vulnerabilities —which became public at the start of the year— were fixed through software updates at the OS level.
Intel paused the deployment of Spectre v2 CPU microcode updates on January 22 after receiving...

Post-Meltdown Intel Tries to Save Face with $250,000 Bug Bounty Program
BleepingComputer • Catalin Cimpanu • 14 Feb 2018

Intel has launched a public bug bounty program with individual rewards going as far as $250,000, the company said today in a press release.
Intel had previously run a bug bounty program, but that one was limited to submissions from a few selected security researchers only.
The new bug bounty program will be hosted on the HackerOne platform, and Intel has opened up its hardware, firmware, and software products for the occasion.
Any security researcher with a HackerOne account ca...

We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities
BleepingComputer • Catalin Cimpanu • 01 Feb 2018

Security researchers are seeing an ever-increasing number of suspicious file samples that are experimenting with the Meltdown and Spectre vulnerabilities.
According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities.
Researchers from AV-TEST have detected 139 suspicious file samples that are related to the...

Apple Backports Meltdown Patch to Older macOS Versions
BleepingComputer • Catalin Cimpanu • 24 Jan 2018

On January 23, 2018, Apple released a third set of updates for macOS that backported previous Meltdown patches to older versions of the macOS operating system.
Apple first patched the Meltdown flaw (CVE-2017-5753) on December 6, 2017, with the release of iOS 11.2, macOS 10.13.2, and tvOS 11.2.
The company then patched the Spectre flaws (CVE-2017-5753 and CVE-2017-5715) in a separate security update released on January 8, 2018, for macOS High Sierra 10.13.2, iOS 11.2.2, and Safari 11....

HP Reissuing BIOS Updates After Buggy Intel Meltdown and Spectre Updates
BleepingComputer • Catalin Cimpanu • 23 Jan 2018

HP announced today it was stopping the deployment of BIOS updates containing Meltdown and Spectre patches and reissuing older BIOS versions.
HP's announcement comes after Intel issued an update to its Meltdown and Spectre advisory yesterday, Monday, January 22.
The CPU maker said it finished investigating previous reports of increased system reboot rates and found problems with the CPU microcode (firmware) updates that tried to mitigate the Spectre Variant 2 bug (CVE-2017-5715).

Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues
BleepingComputer • Catalin Cimpanu • 19 Jan 2018

Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.
"Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday.
"The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes...

Now Meltdown patches are making industrial control systems lurch
The Register • John Leyden • 15 Jan 2018

Automation and SCADA-flingers admit fix has affected products

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.
SCADA vendor Wonderware admitted that Redmond's Meltdown patch made its Historian product wobble. "Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," an advisory on Wonderware's support site explains.
Rockwell Automation revealed that the same patch had caused...

Apple Releases Spectre Patches for Safari, macOS and iOS
Threatpost • Tom Spring • 08 Jan 2018

Apple released iOS 11.2.2 software Monday for iPhones, iPads and iPod touch models that patch for the Spectre vulnerabilities. A macOS High Sierra 10.13.2 supplemental update was also released to bolster Spectre defenses in Apple’s Safari browser and WebKit, the web browser engine used by Safari, Mail, and App Store.
This is the second update for Apple since last week’s revelation of the massive processor vulnerabilities, Meltdown and Spectre, impacting CPU’s worldwide. Apple previo...

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns
The Register • John Leyden • 08 Jan 2018

This is going to take a while

More examples have emerged of security fixes for the Meltdown vulnerability breaking things.
Patching against CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) borks both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.
PulseSecure has come up with a workaround for affected platforms, which include Windows 10 and Windows 8.1 but not Windows 7.
Sandboxie has released an updated client to solve compatibility i...

Apple Releases Security Updates for Spectre CPU Flaw
BleepingComputer • Catalin Cimpanu • 08 Jan 2018

Apple has released today security updates to mitigate the effects of the Spectre vulnerability that affects processors deployed with Apple devices such as smartphones, tablets, and desktop computers.
The patches mitigate two security bugs (CVE-2017-5753 and CVE-2017-5715) collectively referred to as Spectre.
Apple released macOS High Sierra 10.13.2, iOS 11.2.2, and Safari 11.0.2, all which include mitigations for Spectre.
The company previously patched the Meltdown flaw (CVE-20...

Experts Weigh In On Spectre Patch Challenges
Threatpost • Tom Spring • 07 Jan 2018

The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices.
Currently, vendors are focused on three main mitigation efforts. Patches that address the Meltdown flaws are KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed). On Thursday, Google unveiled a Retpoline coding technique for m...

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too
The Register • Shaun Nichols in San Francisco • 06 Jan 2018

Just in time for Friday night

Qualcomm has confirmed its processors have the same security vulnerabilities disclosed this week in Intel, Arm, AMD and IBM CPU cores.
The California tech giant picked the favored Friday US West Coast afternoon "news dump" slot to admit at least some of its billions of Arm-compatible Snapdragon system-on-chips and newly released Centriq server-grade processors are subject to the Meltdown and/or Spectre data-theft bugs.
"Qualcomm Technologies, Inc is aware of the security research on ...

Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks
BleepingComputer • Catalin Cimpanu • 05 Jan 2018

Google has published details about a new coding technique created by the company's engineers that any developer can deploy and prevent Spectre attacks.
The company claims this new technique, called Retpoline, has a "negligible impact on performance" compared to other patches rolled out in the past few days that in some cases caused big CPU performance dips.
Authored by Paul Turner, Senior Staff Engineer for Google's Technical Infrastructure, the technique is described as a binary mod...

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll
The Register • Shaun Nichols in San Francisco • 04 Jan 2018

Check your anti-malware tool unless you like BSoDs

Microsoft has released updates for Windows to block attempts by hackers and malware to exploit the Meltdown vulnerability in Intel x86-64 processors – but you will want to check your antivirus software before applying the fixes.
The Redmond giant issued the out-of-band update late yesterday for Windows 10 version 1709.
While the documentation for the fix does not name Chipzilla's CPU-level vulnerability specifically, a Microsoft spokesman told El Reg it will hopefully protect Windo...

Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
Threatpost • Tom Spring • 04 Jan 2018

Intel, Amazon, Microsoft and others are playing down concerns over the impact of the massive Spectre and Meltdown vulnerabilities affecting computers, servers and mobile devices worldwide.
The two flaws, Spectre and Meltdown, are far reaching and impact a wide range of microprocessors used in the past decade in computers and mobile devices including those running Android, Chrome, iOS, Linux, macOS and Windows. While Meltdown only affects Intel processors, Spectre affects chips from Intel,...

Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
BleepingComputer • Catalin Cimpanu • 03 Jan 2018

Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995."
Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."
Furthermore, Google says that tests on virtual machines us...

List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Two new vulnerabilities called Meltdown and Spectre, or speculative execution side-channel vulnerabilities, have been discovered in modern processors that allow malicious programs to steal information from the memory of other programs. This means that the malicious program can steal passwords, account information, encryption keys, or theoretically anything stored in the memory of a process.
Vendors have started to release information on how customers can protect themselves from Spectre o...

References

CWE-200http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.htmlhttp://nvidia.custhelp.com/app/answers/detail/a_id/4609http://nvidia.custhelp.com/app/answers/detail/a_id/4611http://nvidia.custhelp.com/app/answers/detail/a_id/4613http://nvidia.custhelp.com/app/answers/detail/a_id/4614http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.htmlhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txthttp://www.kb.cert.org/vuls/id/584653http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.securityfocus.com/bid/102371http://www.securitytracker.com/id/1040071http://xenbits.xen.org/xsa/advisory-254.htmlhttps://01.org/security/advisories/intel-oss-10002https://access.redhat.com/errata/RHSA-2018:0292https://access.redhat.com/security/vulnerabilities/speculativeexecutionhttps://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/https://cert.vde.com/en-us/advisories/vde-2018-002https://cert.vde.com/en-us/advisories/vde-2018-003https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfhttps://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlhttps://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlhttps://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002https://seclists.org/bugtraq/2019/Jun/36https://security.gentoo.org/glsa/201810-06https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlhttps://security.netapp.com/advisory/ntap-20180104-0001/https://spectreattack.com/https://support.citrix.com/article/CTX231399https://support.f5.com/csp/article/K91229003https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_ushttps://support.lenovo.com/us/en/solutions/LEN-18282https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannelhttps://usn.ubuntu.com/3540-1/https://usn.ubuntu.com/3540-2/https://usn.ubuntu.com/3541-1/https://usn.ubuntu.com/3541-2/https://usn.ubuntu.com/3542-1/https://usn.ubuntu.com/3542-2/https://usn.ubuntu.com/3549-1/https://usn.ubuntu.com/3580-1/https://usn.ubuntu.com/3597-1/https://usn.ubuntu.com/3597-2/https://usn.ubuntu.com/usn/usn-3516-1/https://www.debian.org/security/2018/dsa-4187https://www.debian.org/security/2018/dsa-4188https://www.exploit-db.com/exploits/43427/https://www.kb.cert.org/vuls/id/180049https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/https://www.synology.com/support/security/Synology_SA_18_01https://www.vmware.com/us/security/advisories/VMSA-2018-0002.htmlhttps://access.redhat.com/errata/RHSA-2018:0009https://www.rapid7.com/db/vulnerabilities/vmsa-2018-0002-cve-2017-5715-fusionhttps://nvd.nist.govhttps://usn.ubuntu.com/3521-1/https://www.exploit-db.com/exploits/43427/https://www.securityfocus.com/bid/102371https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-5715