Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability

Multiple CPU Hardwares are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Information

Bugtraq ID: 102378
Class: Design Error
CVE: CVE-2017-5754

Remote: No
Local: Yes
Published: Jan 03 2018 12:00AM
Updated: Jan 03 2018 12:00AM
Credit: Jann Horn (Google Project Zero), Werner Haas, Thomas Prescher (Cyberus Technology), Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology)
Vulnerable: VMWare Workstation 12.5.7
VMWare Workstation 12.5.5
VMWare Workstation 12.5.3
VMWare Workstation 12.0
VMWare Fusion 8.5.8
VMWare Fusion 8.5.6
VMWare Fusion 8.5.4
VMWare Fusion 8.5.2
VMWare Fusion 8.1.1
VMWare Fusion 8.1
VMWare Fusion 8.0.2
VMWare Fusion 8.0.1
VMWare Fusion 8.5.5
VMWare Fusion 8.5
VMWare Fusion 8.0
VMWare Esxi 6.5
VMWare Esxi 6.0
VMWare ESXi 5.5
Redhat Virtualization Host 4
Redhat Enterprise Mrg 2
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server - TUS 7.4
Redhat Enterprise Linux Server - TUS 7.3
Redhat Enterprise Linux Server - TUS 7.2
Redhat Enterprise Linux Server - TUS 6.6
Redhat Enterprise Linux Server - Extended Update Support 7.4
Redhat Enterprise Linux Server - Extended Update Support 7.3
Redhat Enterprise Linux Server - Extended Update Support 6.7
Redhat Enterprise Linux Server - AUS 7.4
Redhat Enterprise Linux Server - AUS 7.3
Redhat Enterprise Linux Server - AUS 7.2
Redhat Enterprise Linux Server - AUS 6.6
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.3
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.2
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Upd 7.3
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux for Scientific Computing 7
Redhat Enterprise Linux for Scientific Computing 6
Redhat Enterprise Linux for Real Time 7
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3
Redhat Enterprise Linux for Power, little endian 7
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3
Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7
Redhat Enterprise Linux for Power, big endian 7
Redhat Enterprise Linux for Power, big endian 6
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7
Redhat Enterprise Linux for IBM z Systems 7
Redhat Enterprise Linux for IBM z Systems 6
Redhat Enterprise Linux EUS Compute Node 7.4
Redhat Enterprise Linux EUS Compute Node 7.3
Redhat Enterprise Linux EUS Compute Node 6.7
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
Redhat Enterprise Linux 5
Microsoft Windows Server 2016 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 version 1709 for 32-bit Systems 0
Microsoft Windows 10 version 1703 for x64-based Systems 0
Microsoft Windows 10 version 1703 for 32-bit Systems 0
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 version 1511 for x64-based Systems 0
Microsoft Windows 10 version 1511 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0
Microsoft Internet Explorer 11
Microsoft Edge 0
Intel Xeon CPU E5-1650 v3 0
Google V8 0

Not Vulnerable: VMWare Workstation 12.5.8
VMWare Fusion 8.5.9

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

AMD Home Page (AMD)
ARM Homepage (ARM)
Intel Home Page (Intel)
Intel Responds to Security Research Findings (Intel)
KAISER: hiding the kernel from user space (Eklektix, Inc)
Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 (Redhat)
VU#584653 CPU hardware vulnerable to side-channel attacks (CERT)
Actions Required to Mitigate Speculative Side-Channel Attack Techniques (Google Chrome)
ADV180002 | Vulnerability in CPU Microcode Could Allow Information Disclosure (Microsoft)
An Update on AMD Processor Security (AMD)
Android Security Bulletinâ??January 2018 (Google)
Bug 1519781 CVE-2017-5754 hw: cpu: speculative permission faults handling (Redhat)
CVE-2017-5754 (Redhat)
JVNVU # 93823979 Side channel attack on CPU with speculative execution function (JPCERT)
Meltdown and Spectre (Graz University of Technology)
Mitigations landing for new class of timing attack (Firefox)
Reading privileged memory with a side-channel (Google Project Zero)
RHSA-2018:0007 - Security Advisory (Redhat)
RHSA-2018:0008 - Security Advisory (Redhat)
RHSA-2018:0009 - Security Advisory (Redhat)
RHSA-2018:0010 - Security Advisory (Redhat)
RHSA-2018:0011 - Security Advisory (Redhat)
RHSA-2018:0016 - Security Advisory (Redhat)
RHSA-2018:0017 - Security Advisory (Redhat)
VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion (VMware)
Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism (ARM)

Source: www.securityfocus.com

Exploit Collector

Search Exploit