Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability



Multiple CPU Hardwares are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Information

Bugtraq ID: 102378
Class: Design Error
CVE: CVE-2017-5754

Remote: No
Local: Yes
Published: Jan 03 2018 12:00AM
Updated: Jan 03 2018 12:00AM
Credit: Jann Horn (Google Project Zero), Werner Haas, Thomas Prescher (Cyberus Technology), Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology)
Vulnerable: VMWare Workstation 12.5.7
VMWare Workstation 12.5.5
VMWare Workstation 12.5.3
VMWare Workstation 12.0
VMWare Fusion 8.5.8
VMWare Fusion 8.5.6
VMWare Fusion 8.5.4
VMWare Fusion 8.5.2
VMWare Fusion 8.1.1
VMWare Fusion 8.1
VMWare Fusion 8.0.2
VMWare Fusion 8.0.1
VMWare Fusion 8.5.5
VMWare Fusion 8.5
VMWare Fusion 8.0
VMWare Esxi 6.5
VMWare Esxi 6.0
VMWare ESXi 5.5
Redhat Virtualization Host 4
Redhat Enterprise Mrg 2
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server - TUS 7.4
Redhat Enterprise Linux Server - TUS 7.3
Redhat Enterprise Linux Server - TUS 7.2
Redhat Enterprise Linux Server - TUS 6.6
Redhat Enterprise Linux Server - Extended Update Support 7.4
Redhat Enterprise Linux Server - Extended Update Support 7.3
Redhat Enterprise Linux Server - Extended Update Support 6.7
Redhat Enterprise Linux Server - AUS 7.4
Redhat Enterprise Linux Server - AUS 7.3
Redhat Enterprise Linux Server - AUS 7.2
Redhat Enterprise Linux Server - AUS 6.6
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.3
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.2
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Upd 7.3
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux for Scientific Computing 7
Redhat Enterprise Linux for Scientific Computing 6
Redhat Enterprise Linux for Real Time 7
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3
Redhat Enterprise Linux for Power, little endian 7
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3
Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7
Redhat Enterprise Linux for Power, big endian 7
Redhat Enterprise Linux for Power, big endian 6
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7
Redhat Enterprise Linux for IBM z Systems 7
Redhat Enterprise Linux for IBM z Systems 6
Redhat Enterprise Linux EUS Compute Node 7.4
Redhat Enterprise Linux EUS Compute Node 7.3
Redhat Enterprise Linux EUS Compute Node 6.7
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5
Microsoft Windows Server 2016 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 version 1709 for 32-bit Systems 0
Microsoft Windows 10 version 1703 for x64-based Systems 0
Microsoft Windows 10 version 1703 for 32-bit Systems 0
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 version 1511 for x64-based Systems 0
Microsoft Windows 10 version 1511 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0
Microsoft Internet Explorer 11
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows 10 version 1703 for 32-bit Systems 0
+ Microsoft Windows 10 version 1703 for 32-bit Systems 0
+ Microsoft Windows 10 version 1703 for x64-based Systems 0
+ Microsoft Windows 10 version 1703 for x64-based Systems 0
+ Microsoft Windows 10 version 1709 for 32-bit Systems 0
+ Microsoft Windows 10 version 1709 for x64-based Systems 0
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Server 2016
+ Microsoft Windows Server 2016
+ Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
+ Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
+ Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2012 R2 0
+ Microsoft Windows Server 2012 R2 0
+ Microsoft Windows Server 2012 R2 0
+ Microsoft Windows Server 2012 R2 0
Microsoft Edge 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows 10 version 1703 for 32-bit Systems 0
+ Microsoft Windows 10 version 1703 for 32-bit Systems 0
+ Microsoft Windows 10 version 1703 for x64-based Systems 0
+ Microsoft Windows 10 version 1703 for x64-based Systems 0
+ Microsoft Windows 10 version 1709 for 32-bit Systems 0
+ Microsoft Windows 10 version 1709 for 32-bit Systems 0
+ Microsoft Windows 10 version 1709 for x64-based Systems 0
+ Microsoft Windows 10 version 1709 for x64-based Systems 0
+ Microsoft Windows Server 2016 0
+ Microsoft Windows Server 2016 for x64-based Systems 0
+ Microsoft Windows Server 2016 for x64-based Systems 0
+ Microsoft Windows Server 2016 for x64-based Systems 0
Intel Xeon CPU E5-1650 v3 0
Google V8 0


Not Vulnerable: VMWare Workstation 12.5.8
VMWare Fusion 8.5.9


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts

Comments