---

CVE-2017-5754 - log back

CVE-2017-5754 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Access restriction bypass
Description	+ An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). + This variant ("Rogue Data Load") relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read memory from arbitrary addresses, including privileged (kernel space) and all other processes running on the system by conducting targeted cache side-channel attacks.
References	+ https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html + https://meltdownattack.com + https://www.kb.cert.org/vuls/id/584653 + https://xenbits.xen.org/xsa/advisory-254.html + http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html + https://01.org/security/advisories/intel-oss-10003 + https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf + https://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf + https://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce
Notes	+ Affected: Intel x86-64 microprocessors + Not affected: AMD x86-64 microprocessors + Related issues: CVE-2017-5753 CVE-2017-5715