CLD-201 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-5753 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s) Spectre

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2018-01-07 13:45:00
Date Last Modified 2018-08-24 11:37:42

Version Specific Information:

Cucumber 1.0 i686 fixed in linux-4.9.77-i686-1
Cucumber 1.0 x86_64 fixed in linux-4.9.77-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.77-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.77-x86_64-1

Details:

==================================== Edit #7 ===================================

Further mitigated against in Linux 4.9.124. Here are the details from the
relevant changelog entry:

+----------------+
Fri Aug 24 11:27:00 EDT 2018
base/linux upgraded from 4.9.123 to 4.9.124 to mitigate a couple of potential
	spectre v1 exploits. This update also conatins various other bug and
	security fixes. For more information see:
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.124
		https://security.cucumberlinux.com/security/details.php?id=201
kernel/linux-source upgraded from 4.9.123 to 4.9.124
* SECURITY FIX *
+----------------+

==================================== Edit #6 ===================================

Further mitigated against in Linux 4.9.118. Here are the details from the
relevant changelog entry:

+----------------+
Thu Aug 9 10:02:41 EDT 2018
base/linux upgraded from 4.9.117 to 4.9.119. This update fixes a potential
	Spectre v1 (CVE-2017-5753) weakness in socketcall. It also contains
	various other bug fixes, some of which may be security fixes. For more
	information see:
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.118
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.119
		https://security.cucumberlinux.com/security/details.php?id=201
kernel/linux-source upgraded from 4,9.117 to 4.9.119
* SECURITY FIX *
+----------------+

==================================== Edit #5 ===================================

Further mitigated against in Linux 4.9.115. Here are the details from the
relevant changelog entry:

+----------------+
Fri Jul 27 10:23:41 EDT 2018
base/linux upgraded from 4.9.114 to 4.9.115 to remove a Spectre v1
	(CVE-2017-5753) exploitation channel. For more information see:
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.115
kernel/linux-source upgraded from 4.9.114 to 4.9.115
* SECURITY FIX *
+----------------+

==================================== Edit #4 ===================================

Further mitigated against in Linux 4.9.114. Here are the details from the
relevant changelog entry:

+----------------+
Mon Jul 23 12:58:16 EDT 2018
base/linux upgraded from 4.9.113 to 4.9.114 to further mitigate against Spectre
	variants 1 and 2 (CVE-2017-5753 and CVE-2017-5715 respecitvely). For
	more information see:
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.114
kernel/linux-source upgraded from 4.9.113 to 4.9.114
* SECURITY FIX *
+----------------+

==================================== Edit #3 ===================================

Further mitigated against in Linux 4.9.104. Here are the details from the
relevant changelog entry:

+----------------+
Wed May 30 17:03:56 EDT 2018
base/linux upgraded from 4.9.103 to 4.9.104 to fix CVE-2018-6412 and further
	mitigate against Spectre variant 1 (CVE-2017-5753). For more information
	see:
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.104
		https://security.cucumberlinux.com/security/details.php?id=201
		https://security.cucumberlinux.com/security/details.php?id=419
kernel/linux-source upgraded from 4.9.103 to 4.9.104
* SECURITY FIX *
+----------------+

==================================== Edit #2 ===================================

This vulnerability has been even further mitigated against in version 4.9.100 of
the Linux kernel. Here are the details from the relevant changelog entry:

+----------------+
Wed May 16 19:08:30 EDT 2018
base/linux upgraded from 4.9.99 to 4.9.100. This release introduces many new
	mitigations for the Spectre v1 vulnerability (CVE-2017-5753). For more
	information see:
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.100
		https://security.cucumberlinux.com/security/details.php?id=201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
kernel/linux-source upgraded from 4.9.99 to 4.9.100
* SECURITY FIX *
+----------------+

==================================== Edit #1 ===================================
 
This vulnerability has been further mitigated against in version 4.9.81 of the 
Linux kernel. For further details see: 
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.81

================================ Original Post =================================

This is a hardware vulnerability, and as of Sun Jan  7 14:15:45 EST 2018 there
is no known fix for it or known way to mitigate the effects of it.

See https://meltdownattack.com/ for more information about this vulnerability.