CVE-2017-5715

high-risk

Published 2018-01-04

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Do I need to act?

89.1% chance of exploitation in next 30 days

EPSS score — higher than 11% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

43427

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Xeon E5 2609 V3

Xeon E5 2609 V4

Xeon E5 2618L V2

Xeon E5 2618L V3

Xeon E5 2618L V4

Xeon E5 2620

Xeon E5 2620 V2

Xeon E5 2620 V3

Xeon E5 2620 V4

Xeon E5 2623 V3

Xeon E5 2623 V4

Xeon E5 2628L V2

Xeon E5 2628L V3

Xeon E5 2628L V4

Xeon E5 2630

Xeon E5 2630 V2

Xeon E5 2630 V3

Xeon E5 2630 V4

Xeon E5 2630L

Xeon E5 2630L V2

Affected Vendors

Debian Oracle Siemens Intel Canonical Netapp Arm

References (188)

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html

Third Party Advisory http://nvidia.custhelp.com/app/answers/detail/a_id/4609

Third Party Advisory http://nvidia.custhelp.com/app/answers/detail/a_id/4611

Third Party Advisory http://nvidia.custhelp.com/app/answers/detail/a_id/4613

Third Party Advisory http://nvidia.custhelp.com/app/answers/detail/a_id/4614

Exploit http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof...

Third Party Advisory http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA...

Third Party Advisory http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt

Third Party Advisory http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt

and 168 more references

/ 100

high-risk

Severity 15/34 · Moderate

Exploitability 20/34 · Moderate

Exposure 33/34 · Critical