CVE-2017-5753 | AttackerKB

Description

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.6 Medium

Impact Score:

4

Exploitability Score:

1.1

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

Products

References

Canonical

CVE-2017-5753 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753)

BID-102371 (http://www.securityfocus.com/bid/102371)

Advisory

http://nvidia.custhelp.com/app/answers/detail/a_id/4609

[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html)

DSA-4187 (https://www.debian.org/security/2018/dsa-4187)

USN-3542-2 (https://usn.ubuntu.com/3542-2)

GLSA-201810-06 (https://security.gentoo.org/glsa/201810-06)

USN-3540-2 (https://usn.ubuntu.com/3540-2)

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

USN-3597-1 (https://usn.ubuntu.com/3597-1)

[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

http://nvidia.custhelp.com/app/answers/detail/a_id/4611

https://cert.vde.com/en-us/advisories/vde-2018-002

USN-3580-1 (https://usn.ubuntu.com/3580-1)

https://support.f5.com/csp/article/K91229003

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html

DSA-4188 (https://www.debian.org/security/2018/dsa-4188)

https://access.redhat.com/errata/RHSA-2018:0292

http://xenbits.xen.org/xsa/advisory-254.html

https://security.netapp.com/advisory/ntap-20180104-0001

https://www.synology.com/support/security/Synology_SA_18_01

https://01.org/security/advisories/intel-oss-10002

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt

[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html)

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

VU#584653 (http://www.kb.cert.org/vuls/id/584653)

VU#180049 (https://www.kb.cert.org/vuls/id/180049)

https://cert.vde.com/en-us/advisories/vde-2018-003

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001

https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us

USN-3549-1 (https://usn.ubuntu.com/3549-1)

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities

https://support.citrix.com/article/CTX231399

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack

SECTRACK-1040071 (http://www.securitytracker.com/id/1040071)

USN-3597-2 (https://usn.ubuntu.com/3597-2)

http://nvidia.custhelp.com/app/answers/detail/a_id/4614

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html

USN-3540-1 (https://usn.ubuntu.com/3540-1)

20180104 CPU Side-Channel Information Disclosure Vulnerabilities (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel)

USN-3516-1 (https://usn.ubuntu.com/usn/usn-3516-1)

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

EXPLOIT-DB-43427 (https://www.exploit-db.com/exploits/43427)

USN-3541-1 (https://usn.ubuntu.com/3541-1)

USN-3541-2 (https://usn.ubuntu.com/3541-2)

USN-3542-1 (https://usn.ubuntu.com/3542-1)

https://support.lenovo.com/us/en/solutions/LEN-18282

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html

http://nvidia.custhelp.com/app/answers/detail/a_id/4613

[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update (https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html)

[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update (https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html)

20190624 [SECURITY] [DSA 4469-1] libvirt security update (https://seclists.org/bugtraq/2019/Jun/36)

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

USN-3542-2 (https://usn.ubuntu.com/3542-2/)

USN-3540-2 (https://usn.ubuntu.com/3540-2/)

USN-3597-1 (https://usn.ubuntu.com/3597-1/)

USN-3580-1 (https://usn.ubuntu.com/3580-1/)

https://security.netapp.com/advisory/ntap-20180104-0001/

USN-3549-1 (https://usn.ubuntu.com/3549-1/)

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

USN-3597-2 (https://usn.ubuntu.com/3597-2/)

USN-3540-1 (https://usn.ubuntu.com/3540-1/)

USN-3516-1 (https://usn.ubuntu.com/usn/usn-3516-1/)

EXPLOIT-DB-43427 (https://www.exploit-db.com/exploits/43427/)

USN-3541-1 (https://usn.ubuntu.com/3541-1/)

USN-3541-2 (https://usn.ubuntu.com/3541-2/)

USN-3542-1 (https://usn.ubuntu.com/3542-1/)

https://cdrdv2.intel.com/v1/dl/getContent/685359

Miscellaneous

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html

https://spectreattack.com

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://spectreattack.com/

Rapid7

Technical Analysis