vRanger virtual appliance Meltdown and Spectre Side Channel Vulnerabilities
説明
The following CVE's have been disclosed:
Meltdown - CVE-2017-5754 is the most severe of the three. This exploit uses speculative cache loading to enable a local attacker to read the contents of memory. This issue is corrected with kernel patches.
Spectre - CVE-2017-5753 is a Bounds-checking exploit during branching. This issue is corrected with a kernel patch.
Spectre - CVE-2017-5715 is an indirect branching poisoning attack that can lead to data leakage. This attack allows for a virtualized guest to read memory from the host system. This issue is corrected with microcode, along with kernel and virtualization updates to both guest and host virtualization software.