Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) are two individual security vulnerabilities discovered and reported by the Project Zero Team at Google. Both Meltdown and Spectre exploit critical vulnerabilities in modern processors and therefore affect a wide range of devices that includes personal computers, mobile devices and server hardware in datacenters.
There is an isolation between user applications and the underlying operating system that runs it. Meltdown exploits this isolation by allowing a program to access the memory, and therefore also access stored information of other applications and the operating system.
Spectre, on the other hand attacks the isolation between different applications and can allow an attacker to manipulate software applications into leaking information that is otherwise protected.
There are software patches available to correct software design for protection from future exploits for Meltdown and Spectre.
Manufacturers and operating system vendors have also released software and firmware patches to mitigate the issue. Please see the below list for official guidance and security advisories:
- Intel: Security Advisory, Newsroom, Whitepaper
- ARM: Security Update
- AMD: Security Information
- RISC-V: Blog
- NVIDIA: Security Bulletin, Product Security
- Microsoft: Security Guidance, Information regarding anti-virus software, Azure Blog, Windows (Client), Windows (Server)
- Amazon: Security Bulletin
- Google: Project Zero Blog, Need to know
- Android: Security Bulletin
- Apple: Apple Support
- Lenovo: Security Advisory
- IBM: Blog
- Dell: Knowledge Base, Knowledge Base (Server)
- Hewlett Packard Enterprise: Vulnerability Alert
- HP Inc: Security Bulletin
- Huawei: Security Notice
- Synology: Security Advisory
- Cisco: Security Advisory
- F5: Security Advisory
- Mozilla: Security Blog
- Red Hat: Vulnerability Response, Performance Impacts
- Debian: Security Tracker
- Ubuntu: Knowledge Base
- SUSE: Vulnerability Response
- Fedora: Kernel update
- Qubes: Announcement
- Fortinet: Advisory
- NetApp: Advisory
- LLVM: Spectre (Variant #2) Patch, Review__builtin_load_no_speculate, Review llvm.nospeculateload
- CERT: Vulnerability Note
- MITRE: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
- VMWare: Security Advisory, Blog
- Citrix: Security Bulletin, Security Bulletin (XenServer)
- Xen: Security Advisory (XSA-254), FAQ
Should you have any further questions or concerns, please do not hesitate to reach out to your Dynamic Computer Corporation account manager or other contact.
