JVNDB-2018-001001
|
CPU �ɑ���T�C�h�`���l���U��
|
|
���@�I���s�@�\��A�E�g�I�u�I�[�_�[���s�@�\������ CPU �ɑ��ăT�C�h�`���l���U�����s����@�������̌����҂ɂ���ĕ���Ă��܂��B
���@�I���s�@�\��A�E�g�I�u�I�[�_�[���s�@�\������ CPU �ɑ��ăT�C�h�`���l���U�����s����@ (Spectre ����� Meltdown) ������Ă��܂��B
�ڍׂɂ��ẮAGoogle Project Zero �̃u���O�L��("Reading privileged memory with a side-channel")�� Graz University of Technology (TU Graz) �̌����҂ɂ����("Meltdown and Spectre")���Q�Ƃ��Ă��������B
"Reading privileged memory with a side-channel"
https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html
"Meltdown and Spectre"
https://meltdownattack.com/
|
|
CVSS v3 �ɂ��[���x
��{�l: 4.7 (�x��) [IPA�l]
- �U�����敪: ���[�J��
- �U�������̕��G��: ��
- �U���ɕK�v�ȓ������x��: ��
- ���p�҂̊֗^: �s�v
- �e���̑z��͈�: �ύX�Ȃ�
- �@�����ւ̉e��(C): ��
- ���S���ւ̉e��(I): �Ȃ�
- �p���ւ̉e��(A): �Ȃ�
CVSS v2 �ɂ��[���x
��{�l: 4.4 (�x��) [IPA�l]
- �U�����敪: ���[�J��
- �U�������̕��G��: ��
- �U���O�̔F�ؗv��: �P��
- �@�����ւ̉e��(C): �S�ʓI
- ���S���ւ̉e��(I): �Ȃ�
- �p���ւ̉e��(A): �Ȃ�
|
|
|
�i�����̃x���_�j
|
�{�Ǝ㐫�̉e�����鐻�i�̏ڍׂɂ��ẮA�x���_���юQ�l�������m�F���������B
|
|
���[�U�����Ŏ��s���̃v���Z�X����A�@�������擾�����\��������܂��B
Spectre �U���Ɋւ��ẮA�H���ꂽ Javascript �R�[�h�ɂ���āAJavascript ����͎擾�ł��Ȃ��͂��� web �u���E�U�v���Z�X���̃f�[�^���擾�\�ł���ƕ���Ă��܂��B
|
|
[�A�b�v�f�[�g����]
OS �J�[�l����A�v���P�[�V�����ɂ�����i�߂��Ă��܂��B�e OS �x���_��A�v���P�[�V�����J���҂̒���������ƂɁA�ŐV�łփA�b�v�f�[�g���Ă��������B
|
|
Advanced Micro Devices (AMD)
ARM Ltd.
Google
kernel.org
Mozilla Foundation
The Chromium Projects
�A�b�v��
�C���e��
�}�C�N���\�t�g
���͓d�@�������
���{�d�C
����
�x�m��
|
|
- ���R����(CWE-200) [NVD�]��]
|
|
- CVE-2017-5715
- CVE-2017-5753
- CVE-2017-5754
|
|
- JVN : JVNVU#93823979
- JVN : JVNVU#94630516
- JVN : JVNVU#99752892
- JVN : JVNVU#98137233
- National Vulnerability Database (NVD) : CVE-2017-5715
- National Vulnerability Database (NVD) : CVE-2017-5754
- National Vulnerability Database (NVD) : CVE-2017-5753
- CERT Vulnerability Analysis : Vulnerabilities Associated with CPU Speculative Execution
- US-CERT Cyber Security Alerts : TA18-004A
- US-CERT Vulnerability Note : VU#584653
- US-CERT Vulnerability Note : VU#155143
- ICS-CERT ADVISORY : ICSA-23-075-01
- ICS-CERT ADVISORY : ICSA-23-257-04
- ICS-CERT ALERT : ICS-ALERT-18-011-01
- �֘A���� : Meltdown
- �֘A���� : Meltdown and Spectre
- �֘A���� : Project Zero
|
|
- [2018�N01��04��]
�f��
[2018�N01��09��]
�Q�l���FUS-CERT Cyber Security Alerts (TA18-004A) ��lj�
[2018�N01��10��]
�^�C�g���F���e���X�V
�T�v�F���e���X�V
CVSS �ɂ��[���x�F���e���X�V
�z�肳���e���F���e���X�V
��F���e���X�V
�x���_���F�A�b�v�� (HT208394) ��lj�
�x���_���F�x�m�� (JVNVU#93823979(CVE-2017-5715�ACVE-2017-5753�ACVE-2017-5754): �u���@�I���s�@�\������ CPU �ɑ���T�C�h�`���l���U���v�ɂ���) ��lj�
�Q�l���FJVN (JVNVU#94630516) ��lj�
[2018�N01��12��]
�Q�l���FICS-CERT ALERT (ICS-ALERT-18-011-01) ��lj�
[2018�N01��15��]
�x���_���F���� (hitachi-sec-2018-201) ��lj�
[2018�N01��19��]
�x���_���F���{�d�C (AV18-001) ��lj�
�Q�l���FNational Vulnerability Database (NVD) (CVE-2017-5715) ��lj�
�Q�l���FNational Vulnerability Database (NVD) (CVE-2017-5754) ��lj�
�Q�l���FNational Vulnerability Database (NVD) (CVE-2017-5753) ��lj�
- [2018�N02��23��]
�x���_���F���͓d�@������� (�Z�L�����e�B���FCPU�Ǝ㐫 Meltdown / Spectre �ɂ���) ��lj�
�x���_���F���͓d�@������� (Security Information: CPU Vulnerability Meltdown / Spectre) ��lj�
- [2023�N03��20��]
�Q�l���FJVN (JVNVU#99752892) ��lj�
�Q�l���FICS-CERT ADVISORY (ICSA-23-075-01) ��lj�
- [2023�N09��19��]
�Q�l���FJVN (JVNVU#98137233) ��lj�
�Q�l���FICS-CERT ADVISORY (ICSA-23-257-04) ��lj�
- [2024�N04��11��]
�Q�l���FUS-CERT Vulnerability Note (VU#155143) ��lj�
�Q�l���FCERT Vulnerability Analysis (Vulnerabilities Associated with CPU Speculative Execution) ��lj�
|
