...
| Public | CVE | Alias(es) | CPUs Affected | Speculative Trigger | Impact | Mitigations | References |
|---|---|---|---|---|---|---|---|
| Jan 3, 2018 | CVE-2017-5753 | Spectre V1 NetSpectre ( remote network attack vector) | Intel ARM | Branch prediction bounds check bypass | Cross- and intra-process (including kernel) memory disclosure | OS Compiler Browser | https://www.kb.cert.org/vuls/id/584653 https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability |
| Jan 3, 2018 | CVE-2017-5715 | Spectre V2 | Intel AMD ARM | Branch target injection | Cross- and intra-process (including kernel) memory disclosure | Microcode | https://www.kb.cert.org/vuls/id/584653 https://www.amd.com/en/corporate/security-updates |
| Jan 3, 2018 | CVE-2017-5754 | Spectre V3 Meltdown | Intel | Out-of-order execution | Kernel memory disclosure to userspace | OS | https://www.kb.cert.org/vuls/id/584653 https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html |
| May 21, 2018 | CVE-2018-3640 | Spectre V3a (RSRE) | Intel ARM | System register read | Disclosure of system register values | Microcode | https://www.kb.cert.org/vuls/id/180049 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability |
| May 21, 2018 | CVE-2018-3639 | Spectre V4 (SSB) | Intel AMD ARM | Memory reads before prior memory write addresses known | Cross- and intra-process (including kernel) memory disclosure | Microcode OS | https://www.kb.cert.org/vuls/id/180049 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability |
| Jun 13, 2018 | CVE-2018-3665 | Lazy FP | Intel | Lazy FPU state restore | Leak of FPU state | OS | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html |
| July 10, 2018 | CVE-2018-3693 | Spectre1.1 | Intel | Bounds check bypass store | Speculative buffer overflow Cross- and intra-process (including kernel) memory disclosure | OS | |
| July 10, 2018 | N/A | Spectre1.2 | Intel | Read-only protection bypass | Overwrite read-only data and pointers Cross- and intra-process (including kernel) memory disclosure | OS | |
| August 14, 2018 | CVE-2018-3615 | L1 Terminal Fault: SGX ,Foreshadow-SGX | Intel | Transient out-of-order execution | SGX enclave memory disclosure | Microcode TCB Recovery | https://www.kb.cert.org/vuls/id/982149 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html |
| August 14, 2018 | CVE-2018-3620 | L1 Terminal Fault: OS/SMM ,Foreshadow-OS Foreshadow-NG | Intel | Transient out-of-order execution | OS or SMM memory disclosure | Microcode OS | https://www.kb.cert.org/vuls/id/982149 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html |
| August 14, 2018 | CVE-2018-3646 | L1 Terminal Fault: VMM ,Foreshadow-VMM Foreshadow-NG | Intel | Transient out-of-order execution | Virtual Machine Monitor (VMM) memory disclosure | Microcode OS | https://www.kb.cert.org/vuls/id/982149 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html |
Notes
General
The causes of these vulnerabilities are rooted in CPU hardware design choices intended to optimize performance.
https://lwn.net/Articles/755419/
https://pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf
...