Multiple vulnerabilities in HPE firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-5754 CVE-2017-5715 CVE-2017-5753 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Vulnerability #3 is being exploited in the wild. |
| Vulnerable software |
HPE Cloudline CL2200 G3 1211R 12 LFF Configure Hardware solutions / Firmware HPE Cloudline CL2100 G3 806R 8SFF Configure Hardware solutions / Firmware HPE Cloudline CL2100 G3 407S 4 LFF Configure Hardware solutions / Firmware HPE Cloudline CL2100 G3 807S 8 SFF Configure Hardware solutions / Firmware HPE Cloudline CL3100 G3 Server Hardware solutions / Firmware HPE Cloudline CL5200 G3 Server Hardware solutions / Firmware HPE Cloudline CL3150 G4 Server Hardware solutions / Firmware HPE Cloudline CL2200 Gen10 Server Hardware solutions / Firmware HPE Cloudline CL2100 Gen10 Server Hardware solutions / Firmware HP ProLiant DL580 Gen8 Server Hardware solutions / Firmware HPE Converged Architecture 700 Hardware solutions / Firmware HP ConvergedSystem 700 Hardware solutions / Firmware HPE StoreEasy 1850 Storage Hardware solutions / Firmware HPE StoreEasy 3850 Gateway Storage Hardware solutions / Firmware HPE StoreEasy 1650 Storage Hardware solutions / Firmware HPE StoreEasy 1550 Storage Hardware solutions / Firmware HPE StoreEasy 1450 Storage Hardware solutions / Firmware HPE StoreVirtual 3000 File Controller Hardware solutions / Firmware HP 3PAR StoreServ File Controller Hardware solutions / Firmware Superdome Flex Server Hardware solutions / Firmware HPE ProLiant ML310e Gen8 v2 Server Hardware solutions / Firmware HPE ProLiant MicroServer Gen8 Hardware solutions / Firmware HPE ProLiant m300 Server Cartridge Hardware solutions / Firmware HPE ProLiant m350 Server Cartridge Hardware solutions / Firmware HPE ProLiant ML10 v2 Server Hardware solutions / Firmware HPE ProLiant Thin Micro TM200 Server Hardware solutions / Firmware HPE Synergy Composer Hardware solutions / Firmware HP ProLiant DL980 G7 Server Hardware solutions / Firmware HP ProLiant m710 Server Cartridge Hardware solutions / Firmware HPE ProLiant m710x Server Cartridge Hardware solutions / Firmware HPE ProLiant m710p Server Cartridge Hardware solutions / Firmware HPE ProLiant m510 Server Cartridge Hardware solutions / Firmware HPE Synergy 680 Gen9 Compute Module Hardware solutions / Firmware HP ProLiant XL220a Gen8 v2 Server Hardware solutions / Firmware HPE ProLiant DL580 Gen9 Server Hardware solutions / Firmware HPE Synergy 620 Gen9 Compute Module Hardware solutions / Firmware HPE ProLiant XL260a Gen9 Server Hardware solutions / Firmware HPE ProLiant WS460c Gen9 Workstation Hardware solutions / Firmware HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure Hardware solutions / Firmware HPE ProLiant DL180 Gen9 Server Hardware solutions / Firmware HP ProLiant DL80 Gen9 Server Hardware solutions / Firmware HPE ProLiant XL190r Gen9 Server Hardware solutions / Firmware HPE ProLiant XL250a Gen9 Server Hardware solutions / Firmware HPE Synergy 480 Gen9 Compute Module Hardware solutions / Firmware HPE Synergy 660 Gen9 Compute Module Hardware solutions / Firmware HPE ProLiant DL20 Gen9 Server Hardware solutions / Firmware HPE ProLiant ML30 Gen9 Server Hardware solutions / Firmware HP ProLiant BL660c Gen9 Server Hardware solutions / Firmware HPE ProLiant DL560 Gen9 Server Hardware solutions / Firmware HP ProLiant DL120 Gen9 Server Hardware solutions / Firmware HPE ProLiant ML350 Gen9 Server Hardware solutions / Firmware HP ProLiant ML150 Gen9 Server Hardware solutions / Firmware HP ProLiant ML110 Gen9 Server Hardware solutions / Firmware HP ProLiant BL460c Gen9 Server Blade Hardware solutions / Firmware HPE Apollo 4200 Gen9 Server Hardware solutions / Firmware HPE ProLiant XL450 Gen9 Server Hardware solutions / Firmware HP ProLiant DL380 Gen9 Server Hardware solutions / Firmware HPE ProLiant DL360 Gen9 Server Hardware solutions / Firmware HP ProLiant DL160 Gen9 Server Hardware solutions / Firmware HP ProLiant DL60 Gen9 Server Hardware solutions / Firmware HPE ProLiant XL170r Gen9 Server Hardware solutions / Firmware HPE ProLiant XL750f Gen9 Server Hardware solutions / Firmware HPE ProLiant XL740f Gen9 Server Hardware solutions / Firmware HPE ProLiant XL230a Gen9 Server Hardware solutions / Firmware HPE ProLiant XL730f Gen9 Server Hardware solutions / Firmware HPE Synergy 480 Gen10 Compute Module Hardware solutions / Firmware HPE ProLiant XL230k Gen10 Server Hardware solutions / Firmware HPE ProLiant XL190r Gen10 Server Hardware solutions / Firmware HPE ProLiant BL460c Gen10 Server Blade Hardware solutions / Firmware HPE ProLiant XL170r Gen10 Server Hardware solutions / Firmware HPE ProLiant DL385 Gen10 Server Hardware solutions / Firmware HPE Synergy 660 Gen10 Compute Module Hardware solutions / Firmware HPE ProLiant XL450 Gen10 Server Hardware solutions / Firmware HPE ProLiant ML350 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL120 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL560 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL580 Gen10 Server Hardware solutions / Firmware HPE ProLiant ML110 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL360 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL160 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL180 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL380 Gen10 Server Hardware solutions / Firmware |
| Vendor | HPE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU9882
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-5754
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
MitigationInstall update from vendor's website.
HPE Cloudline CL2200 G3 1211R 12 LFF Configure: All versions
HPE Cloudline CL2100 G3 806R 8SFF Configure: All versions
HPE Cloudline CL2100 G3 407S 4 LFF Configure: All versions
HPE Cloudline CL2100 G3 807S 8 SFF Configure: All versions
HPE Cloudline CL3100 G3 Server: All versions
HPE Cloudline CL5200 G3 Server: All versions
HPE Cloudline CL3150 G4 Server: All versions
HPE Cloudline CL2200 Gen10 Server: All versions
HPE Cloudline CL2100 Gen10 Server: All versions
HP ProLiant DL580 Gen8 Server: All versions
HPE Converged Architecture 700: All versions
HP ConvergedSystem 700: All versions
HPE StoreEasy 1850 Storage: All versions
HPE StoreEasy 3850 Gateway Storage: All versions
HPE StoreEasy 1650 Storage: All versions
HPE StoreEasy 1550 Storage: All versions
HPE StoreEasy 1450 Storage: All versions
HPE StoreVirtual 3000 File Controller: All versions
HP 3PAR StoreServ File Controller: All versions
Superdome Flex Server: All versions
HPE ProLiant ML310e Gen8 v2 Server: All versions
HPE ProLiant MicroServer Gen8: All versions
HPE ProLiant m300 Server Cartridge: All versions
HPE ProLiant m350 Server Cartridge: All versions
HPE ProLiant ML10 v2 Server: All versions
HPE ProLiant Thin Micro TM200 Server: All versions
HPE Synergy Composer: All versions
HP ProLiant DL980 G7 Server: All versions
HP ProLiant m710 Server Cartridge: All versions
HPE ProLiant m710x Server Cartridge: All versions
HPE ProLiant m710p Server Cartridge: All versions
HPE ProLiant m510 Server Cartridge: All versions
HPE Synergy 680 Gen9 Compute Module: All versions
HP ProLiant XL220a Gen8 v2 Server: All versions
HPE ProLiant DL580 Gen9 Server: All versions
HPE Synergy 620 Gen9 Compute Module: All versions
HPE ProLiant XL260a Gen9 Server: All versions
HPE ProLiant WS460c Gen9 Workstation: All versions
HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure: All versions
HPE ProLiant DL180 Gen9 Server: All versions
HP ProLiant DL80 Gen9 Server: All versions
HPE ProLiant XL190r Gen9 Server: All versions
HPE ProLiant XL250a Gen9 Server: All versions
HPE Synergy 480 Gen9 Compute Module: All versions
HPE Synergy 660 Gen9 Compute Module: All versions
HPE ProLiant DL20 Gen9 Server: All versions
HPE ProLiant ML30 Gen9 Server: All versions
HP ProLiant BL660c Gen9 Server: All versions
HPE ProLiant DL560 Gen9 Server: All versions
HP ProLiant DL120 Gen9 Server: All versions
HPE ProLiant ML350 Gen9 Server: All versions
HP ProLiant ML150 Gen9 Server: All versions
HP ProLiant ML110 Gen9 Server: All versions
HP ProLiant BL460c Gen9 Server Blade: All versions
HPE Apollo 4200 Gen9 Server: All versions
HPE ProLiant XL450 Gen9 Server: All versions
HP ProLiant DL380 Gen9 Server: All versions
HPE ProLiant DL360 Gen9 Server: All versions
HP ProLiant DL160 Gen9 Server: All versions
HP ProLiant DL60 Gen9 Server: All versions
HPE ProLiant XL170r Gen9 Server: All versions
HPE ProLiant XL750f Gen9 Server: All versions
HPE ProLiant XL740f Gen9 Server: All versions
HPE ProLiant XL230a Gen9 Server: All versions
HPE ProLiant XL730f Gen9 Server: All versions
HPE Synergy 480 Gen10 Compute Module: All versions
HPE ProLiant XL230k Gen10 Server: All versions
HPE ProLiant XL190r Gen10 Server: All versions
HPE ProLiant BL460c Gen10 Server Blade: All versions
HPE ProLiant XL170r Gen10 Server: All versions
HPE ProLiant DL385 Gen10 Server: All versions
HPE Synergy 660 Gen10 Compute Module: All versions
HPE ProLiant XL450 Gen10 Server: All versions
HPE ProLiant ML350 Gen10 Server: All versions
HPE ProLiant DL120 Gen10 Server: All versions
HPE ProLiant DL560 Gen10 Server: All versions
HPE ProLiant DL580 Gen10 Server: All versions
HPE ProLiant ML110 Gen10 Server: All versions
HPE ProLiant DL360 Gen10 Server: All versions
HPE ProLiant DL160 Gen10 Server: All versions
HPE ProLiant DL180 Gen10 Server: All versions
HPE ProLiant DL380 Gen10 Server: All versions
CPE2.3- cpe:2.3:h:hpe:hpe_cloudline_cl2200_g3_1211r_12_lff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_806r_8sff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_407s_4_lff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_807s_8_sff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl3100_g3_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl5200_g3_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl3150_g4_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2200_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl580_gen8_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_converged_architecture_700:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_convergedsystem_700:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1850_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_3850_gateway_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1650_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1550_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1450_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storevirtual_3000_file_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_3par_storeserv_file_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:superdome_flex_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml310e_gen8_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_microserver_gen8:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m300_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m350_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml10_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_thin_micro_tm200_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_composer:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl980_g7_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_m710_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m710x_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m710p_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m510_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_680_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_xl220a_gen8_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl580_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_620_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl260a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ws460c_gen9_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl270d_gen9_accelerator_tray_2u_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl180_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl80_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl190r_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl250a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_480_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_660_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl20_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml30_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_bl660c_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl560_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl120_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml350_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_ml150_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_ml110_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_bl460c_gen9_server_blade:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_apollo_4200_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl450_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl380_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl360_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl160_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl60_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl170r_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl750f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl740f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl230a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl730f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_480_gen10_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl230k_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl190r_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_bl460c_gen10_server_blade:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl170r_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_660_gen10_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl450_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml350_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl120_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl560_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl580_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml110_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl360_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl160_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl180_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl380_gen10_server:*:*:*:*:*:*:*:*
https://01.org/security/advisories/intel-oss-10003
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Information disclosure
EUVDB-ID: #VU9883
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-5715
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationInstall update from vendor's website.
HPE Cloudline CL2200 G3 1211R 12 LFF Configure: All versions
HPE Cloudline CL2100 G3 806R 8SFF Configure: All versions
HPE Cloudline CL2100 G3 407S 4 LFF Configure: All versions
HPE Cloudline CL2100 G3 807S 8 SFF Configure: All versions
HPE Cloudline CL3100 G3 Server: All versions
HPE Cloudline CL5200 G3 Server: All versions
HPE Cloudline CL3150 G4 Server: All versions
HPE Cloudline CL2200 Gen10 Server: All versions
HPE Cloudline CL2100 Gen10 Server: All versions
HP ProLiant DL580 Gen8 Server: All versions
HPE Converged Architecture 700: All versions
HP ConvergedSystem 700: All versions
HPE StoreEasy 1850 Storage: All versions
HPE StoreEasy 3850 Gateway Storage: All versions
HPE StoreEasy 1650 Storage: All versions
HPE StoreEasy 1550 Storage: All versions
HPE StoreEasy 1450 Storage: All versions
HPE StoreVirtual 3000 File Controller: All versions
HP 3PAR StoreServ File Controller: All versions
Superdome Flex Server: All versions
HPE ProLiant ML310e Gen8 v2 Server: All versions
HPE ProLiant MicroServer Gen8: All versions
HPE ProLiant m300 Server Cartridge: All versions
HPE ProLiant m350 Server Cartridge: All versions
HPE ProLiant ML10 v2 Server: All versions
HPE ProLiant Thin Micro TM200 Server: All versions
HPE Synergy Composer: All versions
HP ProLiant DL980 G7 Server: All versions
HP ProLiant m710 Server Cartridge: All versions
HPE ProLiant m710x Server Cartridge: All versions
HPE ProLiant m710p Server Cartridge: All versions
HPE ProLiant m510 Server Cartridge: All versions
HPE Synergy 680 Gen9 Compute Module: All versions
HP ProLiant XL220a Gen8 v2 Server: All versions
HPE ProLiant DL580 Gen9 Server: All versions
HPE Synergy 620 Gen9 Compute Module: All versions
HPE ProLiant XL260a Gen9 Server: All versions
HPE ProLiant WS460c Gen9 Workstation: All versions
HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure: All versions
HPE ProLiant DL180 Gen9 Server: All versions
HP ProLiant DL80 Gen9 Server: All versions
HPE ProLiant XL190r Gen9 Server: All versions
HPE ProLiant XL250a Gen9 Server: All versions
HPE Synergy 480 Gen9 Compute Module: All versions
HPE Synergy 660 Gen9 Compute Module: All versions
HPE ProLiant DL20 Gen9 Server: All versions
HPE ProLiant ML30 Gen9 Server: All versions
HP ProLiant BL660c Gen9 Server: All versions
HPE ProLiant DL560 Gen9 Server: All versions
HP ProLiant DL120 Gen9 Server: All versions
HPE ProLiant ML350 Gen9 Server: All versions
HP ProLiant ML150 Gen9 Server: All versions
HP ProLiant ML110 Gen9 Server: All versions
HP ProLiant BL460c Gen9 Server Blade: All versions
HPE Apollo 4200 Gen9 Server: All versions
HPE ProLiant XL450 Gen9 Server: All versions
HP ProLiant DL380 Gen9 Server: All versions
HPE ProLiant DL360 Gen9 Server: All versions
HP ProLiant DL160 Gen9 Server: All versions
HP ProLiant DL60 Gen9 Server: All versions
HPE ProLiant XL170r Gen9 Server: All versions
HPE ProLiant XL750f Gen9 Server: All versions
HPE ProLiant XL740f Gen9 Server: All versions
HPE ProLiant XL230a Gen9 Server: All versions
HPE ProLiant XL730f Gen9 Server: All versions
HPE Synergy 480 Gen10 Compute Module: All versions
HPE ProLiant XL230k Gen10 Server: All versions
HPE ProLiant XL190r Gen10 Server: All versions
HPE ProLiant BL460c Gen10 Server Blade: All versions
HPE ProLiant XL170r Gen10 Server: All versions
HPE ProLiant DL385 Gen10 Server: All versions
HPE Synergy 660 Gen10 Compute Module: All versions
HPE ProLiant XL450 Gen10 Server: All versions
HPE ProLiant ML350 Gen10 Server: All versions
HPE ProLiant DL120 Gen10 Server: All versions
HPE ProLiant DL560 Gen10 Server: All versions
HPE ProLiant DL580 Gen10 Server: All versions
HPE ProLiant ML110 Gen10 Server: All versions
HPE ProLiant DL360 Gen10 Server: All versions
HPE ProLiant DL160 Gen10 Server: All versions
HPE ProLiant DL180 Gen10 Server: All versions
HPE ProLiant DL380 Gen10 Server: All versions
CPE2.3- cpe:2.3:h:hpe:hpe_cloudline_cl2200_g3_1211r_12_lff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_806r_8sff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_407s_4_lff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_807s_8_sff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl3100_g3_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl5200_g3_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl3150_g4_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2200_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl580_gen8_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_converged_architecture_700:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_convergedsystem_700:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1850_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_3850_gateway_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1650_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1550_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1450_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storevirtual_3000_file_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_3par_storeserv_file_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:superdome_flex_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml310e_gen8_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_microserver_gen8:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m300_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m350_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml10_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_thin_micro_tm200_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_composer:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl980_g7_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_m710_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m710x_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m710p_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m510_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_680_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_xl220a_gen8_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl580_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_620_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl260a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ws460c_gen9_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl270d_gen9_accelerator_tray_2u_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl180_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl80_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl190r_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl250a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_480_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_660_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl20_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml30_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_bl660c_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl560_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl120_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml350_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_ml150_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_ml110_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_bl460c_gen9_server_blade:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_apollo_4200_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl450_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl380_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl360_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl160_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl60_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl170r_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl750f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl740f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl230a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl730f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_480_gen10_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl230k_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl190r_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_bl460c_gen10_server_blade:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl170r_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_660_gen10_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl450_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml350_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl120_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl560_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl580_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml110_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl360_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl160_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl180_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl380_gen10_server:*:*:*:*:*:*:*:*
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Information disclosure
EUVDB-ID: #VU9884
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-5753
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
MitigationInstall update from vendor's website.
HPE Cloudline CL2200 G3 1211R 12 LFF Configure: All versions
HPE Cloudline CL2100 G3 806R 8SFF Configure: All versions
HPE Cloudline CL2100 G3 407S 4 LFF Configure: All versions
HPE Cloudline CL2100 G3 807S 8 SFF Configure: All versions
HPE Cloudline CL3100 G3 Server: All versions
HPE Cloudline CL5200 G3 Server: All versions
HPE Cloudline CL3150 G4 Server: All versions
HPE Cloudline CL2200 Gen10 Server: All versions
HPE Cloudline CL2100 Gen10 Server: All versions
HP ProLiant DL580 Gen8 Server: All versions
HPE Converged Architecture 700: All versions
HP ConvergedSystem 700: All versions
HPE StoreEasy 1850 Storage: All versions
HPE StoreEasy 3850 Gateway Storage: All versions
HPE StoreEasy 1650 Storage: All versions
HPE StoreEasy 1550 Storage: All versions
HPE StoreEasy 1450 Storage: All versions
HPE StoreVirtual 3000 File Controller: All versions
HP 3PAR StoreServ File Controller: All versions
Superdome Flex Server: All versions
HPE ProLiant ML310e Gen8 v2 Server: All versions
HPE ProLiant MicroServer Gen8: All versions
HPE ProLiant m300 Server Cartridge: All versions
HPE ProLiant m350 Server Cartridge: All versions
HPE ProLiant ML10 v2 Server: All versions
HPE ProLiant Thin Micro TM200 Server: All versions
HPE Synergy Composer: All versions
HP ProLiant DL980 G7 Server: All versions
HP ProLiant m710 Server Cartridge: All versions
HPE ProLiant m710x Server Cartridge: All versions
HPE ProLiant m710p Server Cartridge: All versions
HPE ProLiant m510 Server Cartridge: All versions
HPE Synergy 680 Gen9 Compute Module: All versions
HP ProLiant XL220a Gen8 v2 Server: All versions
HPE ProLiant DL580 Gen9 Server: All versions
HPE Synergy 620 Gen9 Compute Module: All versions
HPE ProLiant XL260a Gen9 Server: All versions
HPE ProLiant WS460c Gen9 Workstation: All versions
HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure: All versions
HPE ProLiant DL180 Gen9 Server: All versions
HP ProLiant DL80 Gen9 Server: All versions
HPE ProLiant XL190r Gen9 Server: All versions
HPE ProLiant XL250a Gen9 Server: All versions
HPE Synergy 480 Gen9 Compute Module: All versions
HPE Synergy 660 Gen9 Compute Module: All versions
HPE ProLiant DL20 Gen9 Server: All versions
HPE ProLiant ML30 Gen9 Server: All versions
HP ProLiant BL660c Gen9 Server: All versions
HPE ProLiant DL560 Gen9 Server: All versions
HP ProLiant DL120 Gen9 Server: All versions
HPE ProLiant ML350 Gen9 Server: All versions
HP ProLiant ML150 Gen9 Server: All versions
HP ProLiant ML110 Gen9 Server: All versions
HP ProLiant BL460c Gen9 Server Blade: All versions
HPE Apollo 4200 Gen9 Server: All versions
HPE ProLiant XL450 Gen9 Server: All versions
HP ProLiant DL380 Gen9 Server: All versions
HPE ProLiant DL360 Gen9 Server: All versions
HP ProLiant DL160 Gen9 Server: All versions
HP ProLiant DL60 Gen9 Server: All versions
HPE ProLiant XL170r Gen9 Server: All versions
HPE ProLiant XL750f Gen9 Server: All versions
HPE ProLiant XL740f Gen9 Server: All versions
HPE ProLiant XL230a Gen9 Server: All versions
HPE ProLiant XL730f Gen9 Server: All versions
HPE Synergy 480 Gen10 Compute Module: All versions
HPE ProLiant XL230k Gen10 Server: All versions
HPE ProLiant XL190r Gen10 Server: All versions
HPE ProLiant BL460c Gen10 Server Blade: All versions
HPE ProLiant XL170r Gen10 Server: All versions
HPE ProLiant DL385 Gen10 Server: All versions
HPE Synergy 660 Gen10 Compute Module: All versions
HPE ProLiant XL450 Gen10 Server: All versions
HPE ProLiant ML350 Gen10 Server: All versions
HPE ProLiant DL120 Gen10 Server: All versions
HPE ProLiant DL560 Gen10 Server: All versions
HPE ProLiant DL580 Gen10 Server: All versions
HPE ProLiant ML110 Gen10 Server: All versions
HPE ProLiant DL360 Gen10 Server: All versions
HPE ProLiant DL160 Gen10 Server: All versions
HPE ProLiant DL180 Gen10 Server: All versions
HPE ProLiant DL380 Gen10 Server: All versions
CPE2.3- cpe:2.3:h:hpe:hpe_cloudline_cl2200_g3_1211r_12_lff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_806r_8sff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_407s_4_lff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_g3_807s_8_sff_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl3100_g3_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl5200_g3_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl3150_g4_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2200_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_cloudline_cl2100_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl580_gen8_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_converged_architecture_700:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_convergedsystem_700:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1850_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_3850_gateway_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1650_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1550_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storeeasy_1450_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_storevirtual_3000_file_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_3par_storeserv_file_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:superdome_flex_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml310e_gen8_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_microserver_gen8:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m300_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m350_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml10_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_thin_micro_tm200_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_composer:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl980_g7_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_m710_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m710x_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m710p_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_m510_server_cartridge:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_680_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_xl220a_gen8_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl580_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_620_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl260a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ws460c_gen9_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl270d_gen9_accelerator_tray_2u_configure:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl180_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl80_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl190r_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl250a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_480_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_660_gen9_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl20_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml30_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_bl660c_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl560_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl120_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml350_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_ml150_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_ml110_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_bl460c_gen9_server_blade:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_apollo_4200_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl450_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl380_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl360_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl160_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hp_proliant_dl60_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl170r_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl750f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl740f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl230a_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl730f_gen9_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_480_gen10_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl230k_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl190r_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_bl460c_gen10_server_blade:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl170r_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_synergy_660_gen10_compute_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_xl450_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml350_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl120_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl560_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl580_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_ml110_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl360_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl160_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl180_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl380_gen10_server:*:*:*:*:*:*:*:*
https://01.org/security/advisories/intel-oss-10002
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
