CVE-2017-5754 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Access restriction bypass
Description	An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). This variant ("Rogue Data Load") relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read memory from arbitrary addresses, including privileged (kernel space) and all other processes running on the system by conducting targeted cache side-channel attacks.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-585	nvidia-340xx-dkms	340.104-20	340.106-1	High	Fixed
AVG-584	nvidia-dkms	340.104-20	390.25-1	High	Fixed
AVG-581	nvidia-340xx-lts	340.104-7	340.106-1	High	Fixed
AVG-580	nvidia-340xx	340.104-20	340.106-1	High	Fixed
AVG-579	nvidia-lts	387.34-5	390.25-1	High	Fixed
AVG-578	nvidia	387.34-18	390.25-1	High	Fixed
AVG-577	linux-lts	4.9.74-1	4.9.75-1	High	Fixed
AVG-574	linux-hardened	4.14.7.a-1	4.14.11.a-1	High	Fixed	FS#56832
AVG-571	linux-zen	4.14.7-1	4.14.11-1	High	Fixed	FS#56832
AVG-552	linux	4.14.7-1	4.14.11-1	High	Fixed	FS#56832

Date	Advisory	Group	Package	Severity	Type
08 Jan 2018	ASA-201801-6	AVG-577	linux-lts	High	access restriction bypass
05 Jan 2018	ASA-201801-4	AVG-574	linux-hardened	High	multiple issues
05 Jan 2018	ASA-201801-3	AVG-571	linux-zen	High	multiple issues
05 Jan 2018	ASA-201801-1	AVG-552	linux	High	multiple issues

References
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html https://meltdownattack.com https://www.kb.cert.org/vuls/id/584653 https://xenbits.xen.org/xsa/advisory-254.html http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html https://01.org/security/advisories/intel-oss-10003 https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf https://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf https://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce

References

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://meltdownattack.com
https://www.kb.cert.org/vuls/id/584653
https://xenbits.xen.org/xsa/advisory-254.html
http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
https://01.org/security/advisories/intel-oss-10003
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
https://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf
https://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce

Notes
Affected: Intel x86-64 microprocessors Not affected: AMD x86-64 microprocessors Related issues: CVE-2017-5753 CVE-2017-5715