Skip to main content

CVE-2017-5754

Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

nvd
CVE ID: CVE-2017-5754
Base Score: 5.6
Base Severity: MEDIUM
Vector String:CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Proof Of Concept

ionescu007

SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)

Refrence: GitHub

raphaelsc

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

Refrence: GitHub

Viralmaniar

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Refrence: GitHub

speecyy

Proof-of-concept / Exploit / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a

Refrence: GitHub

zzado

PoC for Meltdown in linux (CVE-2017-5754)

Refrence: GitHub

jdmulloy

Naive shell script to verify Meltdown (CVE-2017-5754) patch status of EC2 instances

Refrence: GitHub

Content on GitHub

mathse | watchers:16

meltdown-spectre-bios-list
a list of BIOS/Firmware fixes adressing CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Refrence: GitHub

speed47 | watchers:3859

spectre-meltdown-checker
Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD

Refrence: GitHub

nsacyber | watchers:769

Hardware-and-Firmware-Security-Guidance
Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Refrence: GitHub

GregAskew | watchers:0

SpeculativeExecutionAssessment
Assesses a system for the "speculative execution" vulnerabilities described in CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Refrence: GitHub

gonoph | watchers:4

ansible-meltdown-spectre
Ansible Playbook to run the Red Hat spectre-meltdown check script

Refrence: GitHub

jarmouz | watchers:7

spectre_meltdown
Meltdown and Spectre : CPU vulnerabilities — Explained and Exploited

Refrence: GitHub

neuhalje | watchers:10

presentation_meltdown_spectre
Meltdown and spectre explained -- for normal people

Refrence: GitHub

miglen | watchers:2

Awesome-Meltdown-Spectre
A curated list of awesome Meltdown & Spectre repos, guides, pocs, blogs, and other resources. Featuring the Fiery Meter of AWSome.

Refrence: GitHub

kevincoakley | watchers:0

puppet-spectre_meltdown

Refrence: GitHub

Refrence: NVD