Security - Vulnerabilities - Meltdown and Spectre
Meltdown and Spectre Vulnerabilities in modern computers leak passwords and sensitive data. “Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.”
CVE
-
-
-
CVE-2018-3639 Speculative Store Bypass (SSB), Variant 4 (requires CPU microcode update).
CVE-2018-3640 Rogue System Register Read (requires CPU microcode update).
CVE-2018-3646 L1 Terminal Fault - VMM (requires CPU microcode update).
Advisories from affected companies
Operating Systems
| Arch Linux | https://security.archlinux.org/CVE-2017-5715
https://security.archlinux.org/CVE-2017-5753
https://security.archlinux.org/CVE-2017-5754 |
| Debian Linux | https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5753
https://security-tracker.debian.org/tracker/CVE-2017-5754
https://security-tracker.debian.org/tracker/source-package/linux
debian-security - retpoline-enabled GCC build for jessie |
| Devuan Linux | See Debian Linux |
| Gentoo Linux | Project:Security/Vulnerabilities/Meltdown and Spectre |
| Linux Kernel | Unix & Linux Stack Exchange - How to mitigate the Spectre and Meltdown vulnerabilities on Linux systems?
LWN.net -
Meltdown/Spectre mitigation for 4.15 and beyond
Linux Kernel Monkey Log - Meltdown and Spectre Linux Kernel Status - Update
Linux Kernel Monkey Log - Meltdown and Spectre Linux Kernel Status
Linux Kernel Monkey Log - Linux Kernel Release Model |
| Slackware Linux | [slackware-security] Slackware 14.2 kernel (SSA:2018-057-01) includes __user pointer sanitization mitigation for the Spectre (variant 1) speculative side channel attack.
[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) includes full retpoline mitigation for the Spectre (variant 2) speculative side channel attack.
[slackware-security] kernel (SSA:2018-016-01) includes mitigations for the Spectre (variant 2) and Meltdown speculative side channel attacks.
[slackware-security] mozilla-firefox (SSA:2018-020-01) |
| Ubuntu Linux | ubuntu insights - Meltdown, Spectre and Ubuntu: What you need to know
ubuntu wiki - SpectreAndMeltdown |
| VMware ESXi | VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) (52245)
VMware Response to Speculative Execution security issues, CVE-2018-3639 and CVE-2018-3640 (54951)
VMware Overview of ‘L1 Terminal Fault’ (L1TF) Speculative-Execution vulnerabilities in Intel processors: CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615 (55636)
VMware response to ‘L1 Terminal Fault - VMM’ (L1TF - VMM) Speculative-Execution vulnerability in Intel processors for vSphere: CVE-2018-3646 (55806)
VMware Performance Impact Statement for ‘L1 Terminal Fault - VMM’ (L1TF - VMM) mitigations: CVE-2018-3646 (55767)
VMSA-2018-0002 - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
VMSA-2018-0004 - VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Mitigations for speculative execution issue.
VMSA-2018-0007 - VMware Virtual Appliance updates address side-channel analysis due to speculative execution
VMSA-2018-0012 - VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.
VMSA-2018-0020 - VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.
VMSA-2018-0021 - Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances. |
| Windows | Windows Server guidance to protect against speculative execution side-channel vulnerabilities
Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities |
