Meltdown and Spectre
Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has not occurred. We have observed publicly available proof of concept exploit code being developed to exploit these vulnerabilities.
These issues have been assigned the following CVE entries:
Meltdown: An attacker can access kernel memory from user space
- Rogue data cache load (CVE-2017-5754)
Spectre: An attacker can read memory contents from other users’ running programs