Difference between revisions of "SVG:Meltdown and Spectre Vulnerabilities"
Line 24: | Line 24: | ||
[https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml] | [https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml] | ||
== Intel Information == | == Intel Information == | ||
Line 31: | Line 30: | ||
[https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File] | [https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File] | ||
== RedHat Information == | == RedHat Information == | ||
RedHat description [https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution] | RedHat description [https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution] | ||
RedHat CVE info: | RedHat CVE info: | ||
Line 44: | Line 41: | ||
[https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5715] | [https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5715] | ||
==Scientific Linux == | |||
[https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/] | |||
==Xen== | |||
[https://xenbits.xen.org/xsa/advisory-254.html https://xenbits.xen.org/xsa/advisory-254.html] |
Revision as of 12:11, 11 January 2018
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Meltdown and Spectre Vulnerabilities
This page is under construction. |
Purpose of this page
To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities.
What are they?
These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. However patches are available which mitigate these problems.
Meltdown affects most Intel chips, and has CVE-2017-5754
Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715.
These are described in the register at http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
https://meltdownattack.com/ and https://spectreattack.com/
CERN information
CERN has compiled information which is useful for may EGI sites
https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml
Intel Information
Product patches
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
RedHat Information
RedHat description https://access.redhat.com/security/vulnerabilities/speculativeexecution
RedHat CVE info: https://access.redhat.com/security/cve/CVE-2017-5754
https://access.redhat.com/security/cve/CVE-2017-5753
https://access.redhat.com/security/cve/CVE-2017-5715
Scientific Linux
https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/