This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
74daa370-2797-11e8-95ec-a4badb2f4699 | FreeBSD -- Speculative Execution VulnerabilitiesProblem Description:A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here. CVE-2017-5754 (Meltdown) - ------------------------ This issue relies on an affected CPU speculatively executing instructions beyond a faulting instruction. When this happens, changes to architectural state are not committed, but observable changes may be left in micro- architectural state (for example, cache). This may be used to infer privileged data. CVE-2017-5715 (Spectre V2) - -------------------------- Spectre V2 uses branch target injection to speculatively execute kernel code at an address under the control of an attacker. Impact:An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser). Discovery 2018-03-14 Entry 2018-03-14 FreeBSD-kernel ge 11.1 lt 11.1_8 CVE-2017-5715 CVE-2017-5754 SA-18:03.speculative_execution |