Your submission was sent successfully! Close

CVE-2017-5754

Published: 3 January 2018

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

From the Ubuntu security team

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

Priority

Critical

CVSS 3 base score: 5.6

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
artful
Released (57.0.4+build1-0ubuntu0.17.10.1)
bionic
Released (59.0.1+build1-0ubuntu1)
cosmic
Released (59.0.1+build1-0ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was released [57.0.4+build1-0ubuntu0.14.04.1])
upstream
Released (57.0.4)
xenial
Released (57.0.4+build1-0ubuntu0.16.04.1)
zesty
Released (57.0.4+build1-0ubuntu0.17.04.1)
linux
Launchpad, Ubuntu, Debian
artful
Released (4.13.0-25.29)
bionic Not vulnerable
(4.13.0-25.29)
cosmic Not vulnerable
(4.15.0-20.21)
precise
Released (3.2.0-132.178)
trusty
Released (3.13.0-139.188)
upstream
Released (4.15~rc6)
xenial
Released (4.4.0-108.131)
zesty Ignored
(was pending now end-of-life)
linux-armadaxp
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-aws
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Not vulnerable
(4.15.0-1001.1)
cosmic Not vulnerable
(4.15.0-1007.7)
precise Does not exist

trusty
Released (4.4.0-1009.9)
upstream
Released (4.15~rc6)
xenial
Released (4.4.0-1047.56)
zesty Does not exist

linux-azure
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Not vulnerable
(4.15.0-1002.2)
cosmic Not vulnerable
(4.15.0-1009.9)
precise Does not exist

trusty Not vulnerable
(4.15.0-1023.24~14.04.1)
upstream
Released (4.15~rc6)
xenial
Released (4.13.0-1005.7)
zesty Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.18.0-1004.4~18.04.1)
cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Not vulnerable
(4.15.0-1002.2)
linux-euclid
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.4.0-9021.22)
zesty Does not exist

linux-flo
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.15~rc6)
xenial Ignored
(abandoned)
zesty Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Not vulnerable
(4.15.0-1001.1)
cosmic Not vulnerable
(4.15.0-1006.6)
precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.13.0-1006.9)
zesty Does not exist

linux-gke
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Ignored
(was pending now end-of-life)
zesty Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.15~rc6)
xenial Ignored
(was needs-triage now end-of-life)
zesty Ignored
(reached end-of-life)
linux-grouper
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Not vulnerable

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.13.0-26.29~16.04.2)
zesty Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Not vulnerable
(4.18.0-11.12~18.04.1)
cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.13.0-26.29~16.04.2)
zesty Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Not vulnerable
(4.15.0-1002.2)
cosmic Not vulnerable
(4.15.0-1008.8)
precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.4.0-1015.20)
zesty Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Ignored
(end-of-life)
trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Ignored
(end-of-life)
trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Ignored
(end-of-life)
trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise
Released (3.13.0-139.188~precise1)
trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [was pending now end-of-life])
upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty
Released (4.4.0-108.131~14.04.1)
upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-mako
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.15~rc6)
xenial Ignored
(abandoned)
zesty Does not exist

linux-manta
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-oem
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Not vulnerable
(4.15.0-1002.3)
cosmic Not vulnerable
(4.15.0-1004.5)
precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.13.0-1015.16)
zesty Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
artful
Released (4.13.0-1015.16)
bionic Not vulnerable
(4.15.0-1006.7)
cosmic Not vulnerable
(4.15.0-1010.11)
precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.4.0-1082.90)
zesty Ignored
(reached end-of-life)
linux-snapdragon
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial
Released (4.4.0-1084.89)
zesty Ignored
(reached end-of-life)
linux-ti-omap4
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.15~rc6)
xenial Does not exist

zesty Does not exist

Notes

AuthorNote
tyhicks
Variant 3, aka Meltdown
This flaw only affects Intel processors. AMD reports that their
processors are not affected.
The break-fix lines for this CVE are not complete since a large
number of patches are required to mitigate this issue. The commit(s) listed
are chosen as placeholders for automated CVE triage purposes.
ppc64el and s390x kernels were fixed with the following commits:
aa8a5e0062ac940f7659394f4817c948dc8c0667
local-2017-5754-ppc64el
d768bd892fc8f066cd3aa000eb1867bcf32db0ee
local-2017-5754-s390x Unfortunately, the automated CVE triage tooling gets confused since the commits identified by the local-* placeholders were reverted in favor of the upstream commits so they're not included in the break-fix section below.

References

Bugs