Details about the vulnerabilities are as follows.



Modern CPU Process Prediction Information Disclosure Vulnerability



A vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.



The vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by utilizing branch target injection. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on a targeted system. A successful exploit could allow the attacker to read sensitive memory information.



This vulnerability has been assigned the following CVE ID: CVE-2017-5715



Modern CPU Process Branch Prediction Information Disclosure Vulnerability



A vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.



The vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by performing a bounds check bypass. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on a targeted system. A successful exploit could allow the attacker to read sensitive memory information.



This vulnerability has been assigned the following CVE ID: CVE-2017-5753



Intel CPU Indirect Branch Prediction Information Disclosure Vulnerability



A vulnerability in Intel CPU hardware could allow a local attacker to gain access to sensitive information on a targeted system.



The vulnerability is due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker could exploit this vulnerability by executing arbitrary code on the affected system. A successful exploit could allow the attacker to gain access to sensitive information on the targeted system, including accessing memory from the CPU cache.



This vulnerability has been assigned the following CVE ID: CVE-2017-5754

