-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Security Advisory : Speculative Table Lookup Vulnerabilities
5 January 2018
AusCERT Security Bulletin Summary
Product: CPU Microcode
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Privileged Data -- Existing Account
CVE Names: CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
Revision History: January 5 2018: Updated information from Intel as well as
links to industry advisories.
January 5 2018: Mozilla confirms that a similar attack is
possible via web browsing.
January 4 2018: Added CVE numbers
January 4 2018: Initial Release
A side-channel attack on the Intel CPU chip allows for kernel memory
to be accessed from user space.
[NEW 2018-01-05] The specifics of the vulnerabilities have been
released by Intel  listing the affected CPU, as well as providing
their assessment of the impact of these vulnerabilities.
Operating systems known to be affected are those relying on the
speculative execution feature for its operation.
OS that are known to be impacted are:
o Microsoft OS
o Linux Based OS
o Mac OS
Mozilla states the following.
"Our internal experiments confirm that it is possible to use similar
techniques from Web content to read private information between
Access to privileged kernel data has been Researched , and proof
of concept has been demonstrated .
This includes data that is not meant to be accessible from user space
such as cached encryption keys, passwords, session keys, and other
Currently an existing user requires to launch a program, as per
proof of concept, but this may be perform by tricking users to click
on code sent via channels such as attachments to emails.
All operating systems that rely on the speculative execution
feature on vulnerable Intel Hardware is expected to be affected.
Cloud Services that are built on top of these affected operating
systems are also expected to be affected as patches are rolled out
as of this Friday for Azure  and, Amazon EC2 
[NEW 2018-01-05] Mozilla states the following.
"Microsoft Vulnerability Research extended this attack to browser
page could read data from other web sites (violating the same-origin
policy) or private data from the browser itself. "
It would be advisable to enact patching procedures and apply the fixes
as soon as they have been released for your impacted Operating
Applying the patch is expected to reduce performance estimated from
Cloud Service Clients
Cloud service clients will need to reboot their virtual machines
after the service provider has patched. The exact timing should be
communicated to clients by the provider.
A patch is stipulated to be released in the next Patch Tuesday. 
Patch code has been made available . Yet, distribution of the
kernel patch, as a normal update, is currently being rolled out.
An unofficial word of the "Double Map" patch is said to be
available since 10.13.2 
Mozilla has released fixes in Firefox 57.0.4. 
[NEW 2018-01-05] Below are links to official information and
security advisories published by affected companies.
Intel Security Advisory 
Intel Newsroom 
ARM Security Update 
AMD Security Information 
Microsoft Security Guidance 
Microsoft Information regarding anti-virus software 
Microsoft Azure Blog 
Amazon Security Bulletin 
Google Project Zero Blog 
Google Need to know 
Mozilla Security Blog 
Red Hat Vulnerability Response 
Debian Security Tracker 
Ubuntu Knowledge Base 
SUSE Vulnerability Response 
LLVM Spectre (Variant #2) Patch 
VMWare Security Advisory 
Citrix Security Bulletin 
 Kernel-memory-leaking Intel processor design flaw forces Linux,
 KASLR is Dead: Long Live KASLR
 Negative Result: Reading Kernel Memory From User Mode
 [Twitter] brainsmoke
 [YouTube] Meltdown attack
 [Twitter] Longhorn
 [Twitter] Jan Schauma
 [patch 00/60] x86/kpti: Kernel Page Table Isolation (was KAISER)
 [Twitter] Alex Ionescu
 Mozilla Security Blog : Mitigations landing for new class of
 Mozilla Foundation Security Advisory 2018-01
 [YouTube] Meltdown Demo - Spying on passwords
 [INTEL-SA-00088] Speculative Execution and Indirect Branch
Prediction Side Channel Analysis Method
 Facts about Side-Channel Analysis and Intel Products
 Intel Security Advisory
 Intel Newsroom
 ARM Security Update
 AMD Security Information
 Microsoft Security Guidance
 Microsoft Information regarding anti-virus software
 Microsoft Azure Blog
 Amazon Security Bulletin
 Google Project Zero Blog
 Google Need to know
 Mozilla Security Blog
 Red Hat Vulnerability Response
 Debian Security Tracker
 Ubuntu Knowledge Base
 SUSE Vulnerability Response
 LLVM Spectre (Variant #2) Patch
 VMWare Security Advisory
 Citrix Security Bulletin
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----