Search for vulnerabilities
Vulnerability details: VCID-t7sj-753f-aaak
Vulnerability ID VCID-t7sj-753f-aaak
Aliases CVE-2017-5754
Summary
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-226 Sensitive Information in Resource Not Removed Before Reuse
CWE-385 Covert Timing Channel
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
generic_textual Critical http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html
rhas Important https://access.redhat.com/errata/RHSA-2018:0010
rhas Important https://access.redhat.com/errata/RHSA-2018:0016
rhas Important https://access.redhat.com/errata/RHSA-2018:0017
rhas Important https://access.redhat.com/errata/RHSA-2018:0018
rhas Important https://access.redhat.com/errata/RHSA-2018:0020
rhas Important https://access.redhat.com/errata/RHSA-2018:0021
rhas Important https://access.redhat.com/errata/RHSA-2018:0022
rhas Important https://access.redhat.com/errata/RHSA-2018:0292
rhas Important https://access.redhat.com/errata/RHSA-2018:0464
rhas Important https://access.redhat.com/errata/RHSA-2018:1129
rhas Important https://access.redhat.com/errata/RHSA-2018:1346
rhas Important https://access.redhat.com/errata/RHSA-2018:1374
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5754.json
epss 0.92234 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92286 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92353 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92384 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92394 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92563 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92563 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92563 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92563 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92563 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92563 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92601 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92601 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92601 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92601 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92627 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92627 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92627 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92627 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92627 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92627 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92671 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92671 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92671 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92671 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92671 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92707 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92707 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92707 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92857 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92857 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92857 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.92857 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.97132 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.97132 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.97132 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.97384 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.97384 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.97384 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
epss 0.97384 https://api.first.org/data/v1/epss?cve=CVE-2017-5754
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1519781
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000407
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000410
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13166
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15868
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16538
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16939
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17448
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17449
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17450
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17558
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17741
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17805
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17806
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17807
generic_textual Critical https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5750
generic_textual Critical https://developer.arm.com/support/security-update
cvssv2 4.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual Critical https://github.com/IAIK/KAISER
generic_textual Critical https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
generic_textual Critical https://gruss.cc/files/kaiser.pdf
generic_textual Critical https://meltdownattack.com/
archlinux High https://security.archlinux.org/AVG-552
archlinux High https://security.archlinux.org/AVG-571
archlinux High https://security.archlinux.org/AVG-574
archlinux High https://security.archlinux.org/AVG-577
archlinux High https://security.archlinux.org/AVG-578
archlinux High https://security.archlinux.org/AVG-579
archlinux High https://security.archlinux.org/AVG-584
generic_textual Critical https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
generic_textual Critical https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
generic_textual Critical https://ubuntu.com/security/notices/USN-3516-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3522-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3522-2
generic_textual Critical https://ubuntu.com/security/notices/USN-3523-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3523-2
generic_textual Critical https://ubuntu.com/security/notices/USN-3524-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3524-2
generic_textual Critical https://ubuntu.com/security/notices/USN-3525-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3540-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3540-2
generic_textual Critical https://ubuntu.com/security/notices/USN-3541-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3541-2
generic_textual Medium https://ubuntu.com/security/notices/USN-3583-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3597-1
generic_textual Critical https://ubuntu.com/security/notices/USN-3597-2
generic_textual Critical https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
generic_textual Critical http://www.amd.com/en/corporate/speculative-execution
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5754.json
https://api.first.org/data/v1/epss?cve=CVE-2017-5754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5750
https://developer.arm.com/support/security-update
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/IAIK/KAISER
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
https://gruss.cc/files/kaiser.pdf
https://meltdownattack.com/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://ubuntu.com/security/notices/USN-3516-1
https://ubuntu.com/security/notices/USN-3522-1
https://ubuntu.com/security/notices/USN-3522-2
https://ubuntu.com/security/notices/USN-3523-1
https://ubuntu.com/security/notices/USN-3523-2
https://ubuntu.com/security/notices/USN-3524-1
https://ubuntu.com/security/notices/USN-3524-2
https://ubuntu.com/security/notices/USN-3525-1
https://ubuntu.com/security/notices/USN-3540-1
https://ubuntu.com/security/notices/USN-3540-2
https://ubuntu.com/security/notices/USN-3541-1
https://ubuntu.com/security/notices/USN-3541-2
https://ubuntu.com/security/notices/USN-3583-1
https://ubuntu.com/security/notices/USN-3597-1
https://ubuntu.com/security/notices/USN-3597-2
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
http://www.amd.com/en/corporate/speculative-execution
1519781 https://bugzilla.redhat.com/show_bug.cgi?id=1519781
886852 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886852
ASA-201801-1 https://security.archlinux.org/ASA-201801-1
ASA-201801-3 https://security.archlinux.org/ASA-201801-3
ASA-201801-4 https://security.archlinux.org/ASA-201801-4
ASA-201801-6 https://security.archlinux.org/ASA-201801-6
AVG-552 https://security.archlinux.org/AVG-552
AVG-571 https://security.archlinux.org/AVG-571
AVG-574 https://security.archlinux.org/AVG-574
AVG-577 https://security.archlinux.org/AVG-577
AVG-578 https://security.archlinux.org/AVG-578
AVG-579 https://security.archlinux.org/AVG-579
AVG-584 https://security.archlinux.org/AVG-584
RHSA-2018:0010 https://access.redhat.com/errata/RHSA-2018:0010
RHSA-2018:0016 https://access.redhat.com/errata/RHSA-2018:0016
RHSA-2018:0017 https://access.redhat.com/errata/RHSA-2018:0017
RHSA-2018:0018 https://access.redhat.com/errata/RHSA-2018:0018
RHSA-2018:0020 https://access.redhat.com/errata/RHSA-2018:0020
RHSA-2018:0021 https://access.redhat.com/errata/RHSA-2018:0021
RHSA-2018:0022 https://access.redhat.com/errata/RHSA-2018:0022
RHSA-2018:0292 https://access.redhat.com/errata/RHSA-2018:0292
RHSA-2018:0464 https://access.redhat.com/errata/RHSA-2018:0464
RHSA-2018:1129 https://access.redhat.com/errata/RHSA-2018:1129
RHSA-2018:1346 https://access.redhat.com/errata/RHSA-2018:1346
RHSA-2018:1374 https://access.redhat.com/errata/RHSA-2018:1374
USN-3516-1 https://usn.ubuntu.com/3516-1/
USN-3522-1 https://usn.ubuntu.com/3522-1/
USN-3522-2 https://usn.ubuntu.com/3522-2/
USN-3523-1 https://usn.ubuntu.com/3523-1/
USN-3523-2 https://usn.ubuntu.com/3523-2/
USN-3524-1 https://usn.ubuntu.com/3524-1/
USN-3524-2 https://usn.ubuntu.com/3524-2/
USN-3525-1 https://usn.ubuntu.com/3525-1/
USN-3540-1 https://usn.ubuntu.com/3540-1/
USN-3540-2 https://usn.ubuntu.com/3540-2/
USN-3541-1 https://usn.ubuntu.com/3541-1/
USN-3541-2 https://usn.ubuntu.com/3541-2/
USN-3597-1 https://usn.ubuntu.com/3597-1/
USN-3597-2 https://usn.ubuntu.com/3597-2/
XSA-254 https://xenbits.xen.org/xsa/advisory-254.html
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5754.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99699
EPSS Score 0.92234
Published At June 20, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.