CNNVD-ID编号 | CNNVD-201801-152 |
CVE编号 | CVE-2017-5715 |
发布时间 | 2018-01-04 |
更新时间 | 2020-08-14 |
漏洞类型 | 信息泄露 |
漏洞来源 | InTeL,Jann Horn (Google Project Zero) and Paul Kocher in collaboration with, and Yuval Yarom (Univer, Daniel Genkin (University of Pennsylvania and University of Maryland), in alphabetical order, Moritz Lipp (Graz University of Technology), Mike Hamburg (Rambus) |
危险等级 | 中危 |
威胁类型 | 本地 |
厂 商 | intel |
ARM Cortex-R7等都是英国ARM公司的CPU(中央处理器)产品。Intel Xeon E5-1650等都是美国英特尔(Intel)公司的CPU(中央处理器)产品。
Intel和ARM CPU芯片中存在信息泄露漏洞,该漏洞源于处理器数据边界机制中存在缺陷。本地攻击者可通过滥用‘错误推测执行’利用该漏洞读取内存信息。以下产品和版本受到影响:ARM Cortex-R7;Cortex-R8;Cortex-A8;Cortex-A9;Cortex-A12;Intel Xeon CPU E5-1650 v3,v2,v4版本;Xeon E3-1265l v2,v3,v4版本;Xeon E3-1245 v2,v3,v5,v6版本;Xeon X7542等。
目前部分厂商已提供了该漏洞的解决方案,详情请关注厂商安全公告:
Intel:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
Microsoft:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Amazon:
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
ARM:
https://developer.arm.com/support/security-update
Google:
https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
https://www.chromium.org/Home/chromium-security/ssca
Red Hat:
https://access.redhat.com/security/vulnerabilities/speculativeexecution
Xen:
http://xenbits.xen.org/xsa/advisory-254.html
Mozilla:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
VMware:
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
AMD:
https://www.amd.com/en/corporate/speculative-execution
Linux Kernel:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html
来源:UBUNTU
来源:UBUNTU
来源:DEBIAN
来源:CONFIRM
来源:CONFIRM
链接:http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
来源:CERT-VN
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
来源:SECTRACK
来源:CONFIRM
链接:https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
来源:CONFIRM
链接:https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html
来源:REDHAT
来源:xenbits.xen.org
来源:developer.arm.com
来源:www.vmware.com
链接:https://www.vmware.com/security/advisories/VMSA-2018-0007.html
来源:www.vmware.com
链接:https://www.vmware.com/security/advisories/VMSA-2018-0004.html
来源:lists.vmware.com
链接:https://lists.vmware.com/pipermail/security-announce/2018/000397.html
来源:chromereleases.googleblog.com
链接:https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-chrome-os_19.html
来源:cert-portal.siemens.com
链接:https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf
来源:www.mozilla.org
链接:https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
来源:www.symantec.com
链接:https://www.symantec.com/security-center/network-protection-security-advisories/SA161
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:access.redhat.com
来源:googleprojectzero.blogspot.in
链接:https://googleprojectzero.blogspot.in/2018/01/reading-privileged-memory-with-side.html
来源:www.bd.com
来源:www.oracle.com
链接:https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2018-4431088.html
来源:www.oracle.com
链接:https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
来源:www.oracle.com
链接:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
来源:www.oracle.com
链接:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
来源:blog.mozilla.org
链接:https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
来源:support.microsoft.com
链接:https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
来源:jvn.jp
来源:securityadvisories.paloaltonetworks.com
链接:https://securityadvisories.paloaltonetworks.com/Home/Detail/120
来源:ics-cert.us-cert.gov
来源:ics-cert.us-cert.gov
来源:aix.software.ibm.com
链接:http://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc
来源:aix.software.ibm.com
链接:http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
来源:support.hpe.com
链接:https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
来源:support.google.com
来源:access.redhat.com
来源:tools.cisco.com
来源:bugzilla.redhat.com
来源:seclists.org
来源:seclists.org
来源:seclists.org
来源:source.android.com
来源:www.amd.com
来源:portal.msrc.microsoft.com
链接:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
来源:www.chromium.org
来源:support.apple.com
来源:kb.juniper.net
链接:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&cat=SIRT_1&actp=LIST
来源:www.kb.cert.org
来源:spectreattack.com
来源:access.redhat.com
链接:https://access.redhat.com/security/vulnerabilities/speculativeexecution
来源:lwn.net
来源:newsroom.intel.com
链接:https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
来源:www.intel.com
来源:www.arm.com
来源:www.amd.com
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
来源:CERT-VN
来源:UBUNTU
来源:CONFIRM
链接:https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
来源:UBUNTU
来源:UBUNTU
来源:CONFIRM
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html
来源:CONFIRM
来源:MISC
链接:https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
来源:CONFIRM
来源:CONFIRM
来源:UBUNTU
来源:UBUNTU
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
来源:FREEBSD
链接:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
来源:UBUNTU
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html
来源:CONFIRM
链接:http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
来源:UBUNTU
来源:UBUNTU
来源:EXPLOIT-DB
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
来源:CONFIRM
来源:DEBIAN
来源:DEBIAN
来源:CONFIRM
来源:CONFIRM
来源:MISC
链接:https://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
来源:CONFIRM
链接:https://www.synology.com/support/security/Synology_SA_18_01
来源:BUGTRAQ
来源:CONFIRM
链接:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
来源:UBUNTU
来源:CONFIRM
链接:https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
来源:UBUNTU
来源:DEBIAN
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html
来源:BUGTRAQ
来源:UBUNTU
来源:CONFIRM
链接:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
来源:CONFIRM
链接:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
来源:CONFIRM
来源:CONFIRM
来源:CONFIRM
来源:UBUNTU
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html
来源:CONFIRM
链接:https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
来源:BID
来源:FREEBSD
链接:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
来源:UBUNTU
来源:CONFIRM
来源:MISC
链接:https://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
来源:UBUNTU
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
来源:UBUNTU
来源:GENTOO
来源:CONFIRM
来源:UBUNTU
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
来源:CONFIRM
链接:https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
来源:UBUNTU
来源:UBUNTU
来源:MISC
链接:https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-201913999-1.html
来源:support.f5.com
来源:fortiguard.com
来源:security.freebsd.org
链接:https://security.freebsd.org/advisories/FreeBSD-SA-19:26.mcu.asc
来源:support.symantec.com
链接:http://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1426.html
来源:www.auscert.org.au
来源:www.securityfocus.com
来源:source.android.com
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.huawei.com
链接:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180106-01-cpu-cn
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html