Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability

Multiple CPU Hardware are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Information

Bugtraq ID: 102378
Class: Design Error
CVE:
Remote: No
Local: Yes
Published: Jan 03 2018 12:00AM
Updated: Feb 13 2018 04:00PM
Credit: Jann Horn (Google Project Zero), Werner Haas, Thomas Prescher (Cyberus Technology), Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology)
Vulnerable: Xen Xen 0
VMWare Workstation 12.5.7
VMWare Workstation 12.5.5
VMWare Workstation 12.5.3
VMWare Workstation 12.0
VMWare Fusion 8.5.8
VMWare Fusion 8.5.6
VMWare Fusion 8.5.4
VMWare Fusion 8.5.2
VMWare Fusion 8.1.1
VMWare Fusion 8.1
VMWare Fusion 8.0.2
VMWare Fusion 8.0.1
VMWare Fusion 8.5.5
VMWare Fusion 8.5
VMWare Fusion 8.0
VMWare Esxi 6.5
VMWare Esxi 6.0
VMWare ESXi 5.5
Redhat Virtualization Host 4
Redhat Enterprise Mrg 2
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server - TUS 7.4
Redhat Enterprise Linux Server - TUS 7.3
Redhat Enterprise Linux Server - TUS 7.2
Redhat Enterprise Linux Server - TUS 6.6
Redhat Enterprise Linux Server - Extended Update Support 7.4
Redhat Enterprise Linux Server - Extended Update Support 7.3
Redhat Enterprise Linux Server - Extended Update Support 6.7
Redhat Enterprise Linux Server - AUS 7.4
Redhat Enterprise Linux Server - AUS 7.3
Redhat Enterprise Linux Server - AUS 7.2
Redhat Enterprise Linux Server - AUS 6.6
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.3
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.2
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Upd 7.3
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux for Scientific Computing 7
Redhat Enterprise Linux for Scientific Computing 6
Redhat Enterprise Linux for Real Time 7
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3
Redhat Enterprise Linux for Power, little endian 7
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3
Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7
Redhat Enterprise Linux for Power, big endian 7
Redhat Enterprise Linux for Power, big endian 6
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7
Redhat Enterprise Linux for IBM z Systems 7
Redhat Enterprise Linux for IBM z Systems 6
Redhat Enterprise Linux EUS Compute Node 7.4
Redhat Enterprise Linux EUS Compute Node 7.3
Redhat Enterprise Linux EUS Compute Node 6.7
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
Redhat Enterprise Linux 5
Microsoft Windows Server 2016 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 version 1709 for 32-bit Systems 0
Microsoft Windows 10 version 1703 for x64-based Systems 0
Microsoft Windows 10 version 1703 for 32-bit Systems 0
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 version 1511 for x64-based Systems 0
Microsoft Windows 10 version 1511 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0
Microsoft Internet Explorer 11
Microsoft Edge 0
Linux kernel 4.9.74
Linux kernel 4.14.7
Intel Xeon CPU E5-1650 v3 0
Google V8 0
Google Pixel XL 0
Google Pixel C 0
Google Pixel 2 XL 0
Google Nexus 6P
Google Nexus 5X
Google Chrome 3
Google Chrome 17
Google Android 0

Not Vulnerable: VMWare Workstation 12.5.8
VMWare vSphere Integrated Containers 1.3.1
VMWare Fusion 8.5.9
Oracle VM VirtualBox 5.2.6
Oracle VM VirtualBox 5.1.32
Linux kernel 4.14.11
Apple macOS 10.13.3

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

AMD Home Page (AMD)
ARM Homepage (ARM)
Intel Home Page (Intel)
Intel Responds to Security Research Findings (Intel)
KAISER: hiding the kernel from user space (Eklektix, Inc)
Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 (Redhat)
VU#584653 CPU hardware vulnerable to side-channel attacks (CERT)
2018-01 Out of Cycle Security Bulletin: Meltdown & Spectre: (Juniper)
About speculative execution vulnerabilities in ARM-based and Intel CPUs (Apple)
Actions Required to Mitigate Speculative Side-Channel Attack Techniques (Google Chrome)
ADV180002 | Vulnerability in CPU Microcode Could Allow Information Disclosure (Microsoft)
An Update on AMD Processor Security (AMD)
Android Security Bulletinâ??January 2018 (Google)
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, (Apple)
Bug 1519781 CVE-2017-5754 hw: cpu: speculative permission faults handling (Redhat)
CPU Side-Channel Information Disclosure Vulnerabilities (Cisco)
CVE-2017-5754 (Redhat)
Googleâ??s Mitigations Against CPU Speculative Execution Attack Methods (Google)
HPESBHF03805 rev.7 - Certain HPE products using Microprocessors (HP)
IBM has released AIX and VIOS iFixes (IBM)
ICS-ALERT-18-011-01C Meltdown and Spectre Vulnerabilities (Update C) (CERT)
Information about Meltdown and Spectre findings (PAN-SA-2018-0001) (Palo Alto Networks)
JVNVU # 93823979 Side channel attack on CPU with speculative execution function (JPCERT)
kernel 4.14.11 is out with patches for Intel cpu mem leak (Reddit)
Meltdown and Spectre (Graz University of Technology)
Mitigations landing for new class of timing attack (Firefox)
Oracle Critical Patch Update Advisory - January 2018 (Oracle)
Product security bulletin for Meltdown and Spectre Update 1 (BD)
Reading privileged memory with a side-channel (Google Project Zero)
RHSA-2018:0007 - Security Advisory (Redhat)
RHSA-2018:0008 - Security Advisory (Redhat)
RHSA-2018:0009 - Security Advisory (Redhat)
RHSA-2018:0010 - Security Advisory (Redhat)
RHSA-2018:0011 - Security Advisory (Redhat)
RHSA-2018:0016 - Security Advisory (Redhat)
RHSA-2018:0017 - Security Advisory (Redhat)
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks (Symantec)
VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion (VMware)
VMSA-2018-0007 VMware Virtual Appliance updates address side-channel analysis (VMware)
Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism (ARM)
XSA-254 Information leak via side effects of speculative execution (Xen)

Source: www.securityfocus.com

Exploit Collector

Search Exploit