CVE | Group | GPZ number | GPZ naming |
---|---|---|---|
CVE-2017-5715 | Spectre | variant 2 | branch target injection |
CVE-2017-5753 | Spectre | variant 1 | bounds check bypass |
CVE-2017-5754 | Meltdown | variant 3 | rogue data cache load |
Exploit homepages are spectreattack.com and meltdownattack.com, although both are the same.
Summaries so far
- @Noenken has a summary in his OP of this thread.
- I @torpcoms have a summary post in this thread that I still edit.
- @Freaksmacker was impressed by the summary from Carnegie Mellon’s SEI CERT (not US-CERT).
- Google has a quick summary, and a post on Project Zero’s blog.
- @catsay recommended Hector Martin’s summary/repo of helpful links on github.
- Bruce Schneier also has a link repository
- @noenken recommended the Raspberry Pi Blog’s post, which is pretty much Speculative Execution for Dummies. Not a summary, but really useful for explaining to others or yourself.
Here are some official pages from US Gov CERT or UK Gov CERT if that is more your thing. CERT-EU is just a glorified RSS/Atom reader, and doesn’t have a page.
@catsay also started a thread for trying to list CPUs that are not vulnerable at all, and I am trying to figure out what the situation is for POWER/PowerPC here.