Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

UBUNTU-CVE-2017-5754 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceUBUNTU-CVE-2017-5754

UBUNTU-CVE-2017-5754

CRITICAL9.5

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel an

Published Jan 3, 2018

Modified 5 months ago

Fix available

Details

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Affected Packages(25 packages)

firefox

Ubuntu 14.04 LTS

Fixed in:

57.0.4+build1-0ubuntu0.14.04.1

linux

Ubuntu 14.04 LTS

Fixed in:

3.13.0-139.188

linux-aws

Ubuntu 14.04 LTS

Fixed in:

4.4.0-1009.9

linux-lts-xenial

Ubuntu 14.04 LTS

Fixed in:

4.4.0-108.131~14.04.1

firefox

Ubuntu 16.04 LTS

Fixed in:

57.0.4+build1-0ubuntu0.16.04.1

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-108.131

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1047.56

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.13.0-1005.7

linux-euclid

Ubuntu 16.04 LTS

Fixed in:

4.4.0-9021.22

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.13.0-1006.9

References(26)

http://www.amd.com/en/corporate/speculative-execution

https://developer.arm.com/support/security-update

https://github.com/IAIK/KAISER

https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

https://gruss.cc/files/kaiser.pdf

https://meltdownattack.com/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

https://ubuntu.com/security/CVE-2017-5754

https://ubuntu.com/security/notices/USN-3516-1

https://ubuntu.com/security/notices/USN-3522-1

https://ubuntu.com/security/notices/USN-3522-2

https://ubuntu.com/security/notices/USN-3523-1

https://ubuntu.com/security/notices/USN-3523-2

https://ubuntu.com/security/notices/USN-3524-1

https://ubuntu.com/security/notices/USN-3524-2

https://ubuntu.com/security/notices/USN-3525-1

https://ubuntu.com/security/notices/USN-3540-1

https://ubuntu.com/security/notices/USN-3540-2

https://ubuntu.com/security/notices/USN-3541-1

https://ubuntu.com/security/notices/USN-3541-2

https://ubuntu.com/security/notices/USN-3583-1

https://ubuntu.com/security/notices/USN-3597-1

https://ubuntu.com/security/notices/USN-3597-2

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

CVSS Analysis

CVSS v3.0

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Upstream

Related

USN-3516-1 USN-3522-1 USN-3522-2 USN-3523-1 USN-3523-2 USN-3524-1 USN-3524-2 USN-3525-1 USN-3540-1 USN-3540-2 USN-3541-1 USN-3541-2 USN-3583-1 USN-3597-1 USN-3597-2

Ecosystems(7)

Ubuntu 14.04 LTS Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS

Timeline

PublishedJan 3, 2018

ModifiedOct 24, 2025