CVE-2017-5715

Name: CVE-2017-5715
Creator: NVD / NIST
Published: 2018-01-04T13:29:00.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.6/10EPSS 74.04%

Last modified Jun 17, 2026

CVE-2017-5715 is a medium-severity vulnerability rated 5.6/10 on the CVSS scale. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.. EPSS estimates a 74.04% chance of exploitation in the next 30 days.

Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Metrics

CVSS 3.1

5.6/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

74.04%

99.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Intel	Atom C	c2308
Intel	Atom C	c2316
Intel	Atom C	c2338
Intel	Atom C	c2350
Intel	Atom C	c2358
Intel	Atom C	c2508
Intel	Atom C	c2516
Intel	Atom C	c2518
Intel	Atom C	c2530
Intel	Atom C	c2538
Intel	Atom C	c2550
Intel	Atom C	c2558
Intel	Atom C	c2718
Intel	Atom C	c2730
Intel	Atom C	c2738
Intel	Atom C	c2750
Intel	Atom C	c2758
Intel	Atom C	c3308
Intel	Atom C	c3338
Intel	Atom C	c3508
Intel	Atom C	c3538
Intel	Atom C	c3558
Intel	Atom C	c3708
Intel	Atom C	c3750
Intel	Atom C	c3758
Intel	Atom C	c3808
Intel	Atom C	c3830
Intel	Atom C	c3850
Intel	Atom C	c3858
Intel	Atom C	c3950
Intel	Atom C	c3955
Intel	Atom C	c3958
Intel	Atom E	e3805
Intel	Atom E	e3815
Intel	Atom E	e3825
Intel	Atom E	e3826
Intel	Atom E	e3827
Intel	Atom E	e3845
Intel	Atom X3	c3130
Intel	Atom X3	c3200rk
Intel	Atom X3	c3205rk
Intel	Atom X3	c3230rk
Intel	Atom X3	c3235rk
Intel	Atom X3	c3265rk
Intel	Atom X3	c3295rk
Intel	Atom X3	c3405
Intel	Atom X3	c3445
Intel	Atom X5-E3930	All versions
Intel	Atom X5-E3940	All versions
Intel	Atom X7-E3950	All versions

Showing 50 of 1087 affected configurations. See NVD for the full list.

References

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.htmlBroken Link
http://nvidia.custhelp.com/app/answers/detail/a_id/4609Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4611Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4613Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4614Third Party Advisory
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.htmlThird Party Advisory, VDB Entry
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txtThird Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txtThird Party Advisory
http://www.kb.cert.org/vuls/id/584653Third Party Advisory, US Government Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlThird Party Advisory
http://www.securityfocus.com/bid/102376Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040071Third Party Advisory, VDB Entry
http://xenbits.xen.org/xsa/advisory-254.htmlThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:0292Third Party Advisory
https://access.redhat.com/security/vulnerabilities/speculativeexecutionThird Party Advisory
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/Third Party Advisory
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfThird Party Advisory
https://cert.vde.com/en-us/advisories/vde-2018-002Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2018-003Third Party Advisory
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityThird Party Advisory
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlThird Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+FixesThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00025.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002Patch, Third Party Advisory, Vendor Advisory
https://seclists.org/bugtraq/2019/Jun/36Issue Tracking, Mailing List, Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/16Issue Tracking, Mailing List, Third Party Advisory
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-frVendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.ascThird Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.ascThird Party Advisory
https://security.gentoo.org/glsa/201810-06Third Party Advisory
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlThird Party Advisory
https://security.netapp.com/advisory/ntap-20180104-0001/Third Party Advisory
https://security.paloaltonetworks.com/CVE-2017-5715Third Party Advisory
https://spectreattack.com/Third Party Advisory
https://support.citrix.com/article/CTX231399Third Party Advisory
https://support.f5.com/csp/article/K91229003Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_usThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_usThird Party Advisory
https://support.lenovo.com/us/en/solutions/LEN-18282Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannelThird Party Advisory
https://usn.ubuntu.com/3531-1/Third Party Advisory
https://usn.ubuntu.com/3531-3/Third Party Advisory
https://usn.ubuntu.com/3540-2/Third Party Advisory
https://usn.ubuntu.com/3541-2/Third Party Advisory
https://usn.ubuntu.com/3542-2/Third Party Advisory
https://usn.ubuntu.com/3549-1/Third Party Advisory
https://usn.ubuntu.com/3560-1/Third Party Advisory
https://usn.ubuntu.com/3561-1/Third Party Advisory
https://usn.ubuntu.com/3580-1/Third Party Advisory
https://usn.ubuntu.com/3581-1/Third Party Advisory
https://usn.ubuntu.com/3581-2/Third Party Advisory
https://usn.ubuntu.com/3582-1/Third Party Advisory
https://usn.ubuntu.com/3582-2/Third Party Advisory
https://usn.ubuntu.com/3594-1/Third Party Advisory
https://usn.ubuntu.com/3597-1/Third Party Advisory
https://usn.ubuntu.com/3597-2/Third Party Advisory
https://usn.ubuntu.com/3620-2/Third Party Advisory
https://usn.ubuntu.com/3690-1/Third Party Advisory
https://usn.ubuntu.com/3777-3/Third Party Advisory
https://usn.ubuntu.com/usn/usn-3516-1/Third Party Advisory
https://www.debian.org/security/2018/dsa-4120Third Party Advisory
https://www.debian.org/security/2018/dsa-4187Third Party Advisory
https://www.debian.org/security/2018/dsa-4188Third Party Advisory
https://www.debian.org/security/2018/dsa-4213Third Party Advisory
https://www.exploit-db.com/exploits/43427/Exploit, Third Party Advisory, VDB Entry
https://www.kb.cert.org/vuls/id/180049Third Party Advisory, US Government Resource
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_01Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0007.htmlThird Party Advisory
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.htmlThird Party Advisory
https://www.vmware.com/us/security/advisories/VMSA-2018-0004.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.htmlBroken Link
http://nvidia.custhelp.com/app/answers/detail/a_id/4609Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4611Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4613Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4614Third Party Advisory
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.htmlThird Party Advisory, VDB Entry
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txtThird Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txtThird Party Advisory
http://www.kb.cert.org/vuls/id/584653Third Party Advisory, US Government Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlThird Party Advisory
http://www.securityfocus.com/bid/102376Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040071Third Party Advisory, VDB Entry
http://xenbits.xen.org/xsa/advisory-254.htmlThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:0292Third Party Advisory
https://access.redhat.com/security/vulnerabilities/speculativeexecutionThird Party Advisory
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/Third Party Advisory
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfThird Party Advisory
https://cert.vde.com/en-us/advisories/vde-2018-002Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2018-003Third Party Advisory
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityThird Party Advisory
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlThird Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+FixesThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00025.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002Patch, Third Party Advisory, Vendor Advisory
https://seclists.org/bugtraq/2019/Jun/36Issue Tracking, Mailing List, Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/16Issue Tracking, Mailing List, Third Party Advisory
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-frVendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.ascThird Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.ascThird Party Advisory
https://security.gentoo.org/glsa/201810-06Third Party Advisory
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlThird Party Advisory
https://security.netapp.com/advisory/ntap-20180104-0001/Third Party Advisory
https://security.paloaltonetworks.com/CVE-2017-5715Third Party Advisory
https://spectreattack.com/Third Party Advisory
https://support.citrix.com/article/CTX231399Third Party Advisory
https://support.f5.com/csp/article/K91229003Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_usThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_usThird Party Advisory
https://support.lenovo.com/us/en/solutions/LEN-18282Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannelThird Party Advisory
https://usn.ubuntu.com/3531-1/Third Party Advisory
https://usn.ubuntu.com/3531-3/Third Party Advisory
https://usn.ubuntu.com/3540-2/Third Party Advisory
https://usn.ubuntu.com/3541-2/Third Party Advisory
https://usn.ubuntu.com/3542-2/Third Party Advisory
https://usn.ubuntu.com/3549-1/Third Party Advisory
https://usn.ubuntu.com/3560-1/Third Party Advisory
https://usn.ubuntu.com/3561-1/Third Party Advisory
https://usn.ubuntu.com/3580-1/Third Party Advisory
https://usn.ubuntu.com/3581-1/Third Party Advisory
https://usn.ubuntu.com/3581-2/Third Party Advisory
https://usn.ubuntu.com/3582-1/Third Party Advisory
https://usn.ubuntu.com/3582-2/Third Party Advisory
https://usn.ubuntu.com/3594-1/Third Party Advisory
https://usn.ubuntu.com/3597-1/Third Party Advisory
https://usn.ubuntu.com/3597-2/Third Party Advisory
https://usn.ubuntu.com/3620-2/Third Party Advisory
https://usn.ubuntu.com/3690-1/Third Party Advisory
https://usn.ubuntu.com/3777-3/Third Party Advisory
https://usn.ubuntu.com/usn/usn-3516-1/Third Party Advisory
https://www.debian.org/security/2018/dsa-4120Third Party Advisory
https://www.debian.org/security/2018/dsa-4187Third Party Advisory
https://www.debian.org/security/2018/dsa-4188Third Party Advisory
https://www.debian.org/security/2018/dsa-4213Third Party Advisory
https://www.exploit-db.com/exploits/43427/Exploit, Third Party Advisory, VDB Entry
https://www.kb.cert.org/vuls/id/180049Third Party Advisory, US Government Resource
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_01Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0007.htmlThird Party Advisory
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.htmlThird Party Advisory
https://www.vmware.com/us/security/advisories/VMSA-2018-0004.htmlThird Party Advisory

Timeline

Published: Jan 4, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-5715?

How severe is CVE-2017-5715?

CVE-2017-5715 has a CVSS score of 5.6/10 (MEDIUM severity). The EPSS model estimates a 74.04% probability of exploitation in the next 30 days.

How do I fix CVE-2017-5715?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5715?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST