CVE-2017-5715
Description
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- CVSS Version 3.1
- CVSS Version 2.0
CVE ID: CVE-2017-5715
Base Score: 5.6
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Impact Score: 4.0
Exploitability Score: 1.1
CVE ID: CVE-2017-5715
Base Score: 1.9
Base Severity: LOW
Vector String:AV:L/AC:M/Au:N/C:P/I:N/A:N
Proof Of Concept
opsxcq
Spectre exploit
Refrence: GitHub
mathse
a list of BIOS/Firmware fixes adressing CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Refrence: GitHub
GregAskew
Assesses a system for the "speculative execution" vulnerabilities described in CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Refrence: GitHub
dmo2118
A quick-and-dirty tool to verify that userspace executables are immune to Spectre variant 2 (CVE-2017-5715).
Refrence: GitHub
GalloLuigi
Refrence: GitHub
Content on GitHub
Eugnis | watchers:756
spectre-attack
Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)
Refrence: GitHub
ionescu007 | watchers:568
SpecuCheck
SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)
Refrence: GitHub
00052 | watchers:11
spectre-attack-example
2018年1月2日 (CVE-2017-5753 和 CVE-2017-5715) "幽灵" Spectre 漏洞利用
Refrence: GitHub
EdwardOwusuAdjei | watchers:4
Spectre-PoC
Spectre (CVE-2017-5753) (CVE-2017-5715). Not By Me. Collected from Book.
Refrence: GitHub
Viralmaniar | watchers:93
In-Spectre-Meltdown
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
Refrence: GitHub
GarnetSunset | watchers:6
CiscoSpectreTakeover
A POC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715)
Refrence: GitHub
ixtal23 | watchers:8
spectreScope
The demo of the speculative execution attack Spectre (CVE-2017-5753, CVE-2017-5715).
Refrence: GitHub
speed47 | watchers:3859
spectre-meltdown-checker
Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
Refrence: GitHub
nsacyber | watchers:769
Hardware-and-Firmware-Security-Guidance
Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber
Refrence: GitHub
pedrolucasoliva | watchers:1
spectre-attack-demo
Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)
Refrence: GitHub
gonoph | watchers:4
ansible-meltdown-spectre
Ansible Playbook to run the Red Hat spectre-meltdown check script
Refrence: GitHub
jarmouz | watchers:7
spectre_meltdown
Meltdown and Spectre : CPU vulnerabilities — Explained and Exploited
Refrence: GitHub
neuhalje | watchers:10
presentation_meltdown_spectre
Meltdown and spectre explained -- for normal people
Refrence: GitHub
miglen | watchers:2
Awesome-Meltdown-Spectre
A curated list of awesome Meltdown & Spectre repos, guides, pocs, blogs, and other resources. Featuring the Fiery Meter of AWSome.
Refrence: GitHub
kevincoakley | watchers:0
puppet-spectre_meltdown
Refrence: GitHub
Refrence: NVD