CLD-202 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-5715 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s) Spectre

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2018-01-07 13:45:12
Date Last Modified 2018-04-20 16:22:25

Version Specific Information:

Cucumber 1.0 i686 fixed in linux-4.9.77-i686-1
Cucumber 1.0 x86_64 fixed in linux-4.9.77-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.77-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.77-x86_64-1

Details:

==================================== Edit #4 ===================================

Fri Apr 20 16:51:06 EDT 2018:
This has been even further mitigated against in version 4.9.95 of the Linux
kernel. For more information see:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.95

==================================== Edit #3 ===================================

This vulnerability has been further mitigated against in version 4.9.81 of the
Linux kernel. For further details see:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.81

==================================== Edit #2 ===================================

While this vulnerability was originally addressed in version 4.9.77 of the
Linux kernel, it has been further addressed in version 4.9.79 where BPF was
disabled. Here are some more details from the relevant changelog entry:

Thu Feb 1 16:29:37 EST 2018
base/linux upgraded from 4.9.78 to 4.9.79 to further address the Spectre 2
	attack (CVE-2017-5715). This update enables the new BPF_JIT_ALWAYS_ON
	feature of the Linux kernel, which removes the kernel's BPF interpreter.
	This interpreter was used in the Spectre 2 attack that Google published.
	It should be noted that this change does not completely prevent this
	attack, it just makes it more difficult to exploit. For more information
	see:
		https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.79
		http://security.cucumberlinux.com/security/details.php?id=202
* SECURITY FIX *

==================================== Edit #1 ===================================

In version 4.9.77 of the Linux kernel, patches were introduced attempting to
mitigate against this vulnerability.

================================= Original Post ================================

This is a hardware vulnerability, and as of Sun Jan  7 14:15:45 EST 2018 there 
is no known fix for it or known way to mitigate the effects of it.

See https://meltdownattack.com/ for more information about this vulnerability.