VDE-2018-002
Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack vectors against these vulnerabilities have been published and dubbed Meltdown and Spectre. While programs are typically not permitted to read data from the OS kernel or from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in kernel memory or the memory of other programs executed on the same CPU. As a consequence, an exploit could allow attackers to get access to any sensitive data, including passwords or cryptographic keys.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| VisuNet PC all versions | ||
| VisuNet RM all versions | ||
| Box Thin Client BTC all versions |
Exploit Intelligence
- Spectre (CVE-2017-5753) (CVE-2017-5715). Not By Me. Collected from Book. (github-poc-repo)
- 2018年1月2日 (CVE-2017-5753 和 CVE-2017-5715) "幽灵" Spectre 漏洞利用 (github-poc-repo)
- Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715) (github-poc-repo)
- Proof-of-concept / Exploit / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a (github-poc-repo)
- OSX 10.13.2, CVE-2017-5753, Spectre, PoC, C, ASM for OSX, MAC, Intel Arch, Proof of Concept, Hopper.App Output (github-poc-repo)
- Spectre exploit (github-poc-repo)
- Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715) (github-poc-repo)
- The demo of the speculative execution attack Spectre (CVE-2017-5753, CVE-2017-5715). (github-poc-repo)
- Naive shell script to verify Meltdown (CVE-2017-5754) patch status of EC2 instances (github-poc-repo)
- PoC for Meltdown in linux (CVE-2017-5754) (github-poc-repo)
…and 29 more exploits
Timeline
- Feb 14, 2018 CVE Published
- May 14, 2025 CVE Updated