======Security - Vulnerabilities - Meltdown and Spectre======

[[https://spectreattack.com/|Meltdown and Spectre]] Vulnerabilities in modern computers leak passwords and sensitive data. "Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer."


=====CVE=====

  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753|CVE-2017-5753]] Spectre Variant 1
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715|CVE-2017-5715]] Spectre Variant 2
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754|CVE-2017-5754]] Meltdown
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639|CVE-2018-3639]] Speculative Store Bypass (SSB), Variant 4 (requires CPU microcode update).
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640|CVE-2018-3640]] Rogue System Register Read (requires CPU microcode update).
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646|CVE-2018-3646]] L1 Terminal Fault - VMM (requires CPU microcode update).


=====Advisories from affected companies=====

|AMD| [[https://www.amd.com/en/corporate/security-updates|AMD Processor Security Updates]] |
|HP|[[https://support.hp.com/us-en/document/c05869091|HPSBHF03573 rev. 8 - Side-Channel Analysis Method]]|
|HPE|[[http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html|Side Channel Analysis Method allows information disclosure in Microprocessors (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)]] \\ \\ [[https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us|Bulletin: (Revision) HPE ProLiant, Moonshot and Synergy Servers - Side Channel Analysis Method Allows Improper Information Disclosure in Microprocessors (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) (Document ID: a00039267en_us)]] \\ [[http://h22208.www2.hpe.com/eginfolib/securityalerts/SCFM/Side_Channel_Downloads.html|Side Channel Analysis Method (Spectre & Meltdown) Downloads]]|
|Intel|[[https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr|INTEL-SA-00088 - Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method]] \\ [[https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html|Facts About the New Security Research Findings and Intel® Products]] \\ [[https://newsroom.intel.com/press-kits/security-exploits-intel-products/|Security Exploits and Intel Products]] \\ [[https://newsroom.intel.com/microcode|Microcode Revision Guidance (PDF)]] lists the CPU microcode versions with Spectre Variant 2 (CVE-2017-5715) mitigations. |

=====Operating Systems=====

|Arch Linux|https://security.archlinux.org/CVE-2017-5715 \\ https://security.archlinux.org/CVE-2017-5753 \\ https://security.archlinux.org/CVE-2017-5754|
|Debian Linux|https://security-tracker.debian.org/tracker/CVE-2017-5715 \\ https://security-tracker.debian.org/tracker/CVE-2017-5753 \\ https://security-tracker.debian.org/tracker/CVE-2017-5754 \\ https://security-tracker.debian.org/tracker/source-package/linux \\ [[https://lists.debian.org/debian-security/2018/02/msg00000.html|debian-security - retpoline-enabled GCC build for jessie]] |
|Devuan Linux|See Debian Linux|
|Gentoo Linux|[[https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre| Project:Security/Vulnerabilities/Meltdown and Spectre]]|
|Linux Kernel| [[https://unix.stackexchange.com/questions/414786/how-to-mitigate-the-spectre-and-meltdown-vulnerabilities-on-linux-systems|Unix & Linux Stack Exchange - How to mitigate the Spectre and Meltdown vulnerabilities on Linux systems?]] \\ [[https://lwn.net/Articles/744287/|LWN.net - 
Meltdown/Spectre mitigation for 4.15 and beyond]] \\ \\ [[http://kroah.com/log/blog/2018/01/19/meltdown-status-2/|Linux Kernel Monkey Log - Meltdown and Spectre Linux Kernel Status - Update]] \\ [[http://kroah.com/log/blog/2018/01/06/meltdown-status/|Linux Kernel Monkey Log - Meltdown and Spectre Linux Kernel Status]] \\ \\ [[http://kroah.com/log/blog/2018/02/05/linux-kernel-release-model/|Linux Kernel Monkey Log - Linux Kernel Release Model]] |
|Slackware Linux|[[http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.684951|[slackware-security] Slackware 14.2 kernel (SSA:2018-057-01)]] includes __user pointer sanitization mitigation for the Spectre (variant 1) speculative side channel attack. \\ [[http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.701978|[slackware-security]  Slackware 14.2 kernel (SSA:2018-037-01)]] includes full retpoline mitigation for the Spectre (variant 2) speculative side channel attack. \\ [[http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.1191628|[slackware-security]  kernel (SSA:2018-016-01)]] includes mitigations for the Spectre (variant 2) and Meltdown speculative side channel attacks. \\ [[http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.325546|[slackware-security] mozilla-firefox (SSA:2018-020-01)]]|
|Ubuntu Linux|[[https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know/|ubuntu insights - Meltdown, Spectre and Ubuntu: What you need to know]] \\ [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown|ubuntu wiki - SpectreAndMeltdown]] |
|VMware ESXi|[[https://kb.vmware.com/s/article/52245|VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) (52245)]] \\ [[https://kb.vmware.com/s/article/54951|VMware Response to Speculative Execution security issues, CVE-2018-3639 and CVE-2018-3640 (54951)]] \\ \\ [[https://kb.vmware.com/s/article/55636|VMware Overview of ‘L1 Terminal Fault’ (L1TF) Speculative-Execution vulnerabilities in Intel processors: CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615 (55636)]] \\ [[https://kb.vmware.com/s/article/55806|VMware response to ‘L1 Terminal Fault - VMM’ (L1TF - VMM) Speculative-Execution vulnerability in Intel processors for vSphere: CVE-2018-3646 (55806)]] \\ [[https://kb.vmware.com/s/article/55767|VMware Performance Impact Statement for ‘L1 Terminal Fault - VMM’ (L1TF - VMM) mitigations: CVE-2018-3646 (55767)]] \\ \\ [[https://www.vmware.com/security/advisories/VMSA-2018-0002.html|VMSA-2018-0002]] - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. \\ [[https://www.vmware.com/security/advisories/VMSA-2018-0004.html|VMSA-2018-0004]] - VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Mitigations for speculative execution issue. \\ [[https://www.vmware.com/security/advisories/VMSA-2018-0007.html|VMSA-2018-0007]] - VMware Virtual Appliance updates address side-channel analysis due to speculative execution \\ [[https://www.vmware.com/security/advisories/VMSA-2018-0012.html|VMSA-2018-0012]] - VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue. \\ [[https://www.vmware.com/security/advisories/VMSA-2018-0020.html|VMSA-2018-0020]] - VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability. \\ [[https://www.vmware.com/security/advisories/VMSA-2018-0021.html|VMSA-2018-0021]] - Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.|
|Windows|[[https://support.microsoft.com/en-us/help/4072698/|Windows Server guidance to protect against speculative execution side-channel vulnerabilities]] \\ [[https://support.microsoft.com/en-us/help/4073119/|Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities]]|