CVE-2017-5754

ENISA EUVD: EUVD-2017-14831 ↗

✓ Confirmed 0-Day

Triaged: March 5, 2026 6 articles Published: 2018-01-04

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23

89.59%

probability

This CVE has a 89.59% probability of being exploited in the next 30 days.

0% Top 99.6th percentile of all CVEs 100%

CVSS v3.0

Source: NVD

5.6

MEDIUM

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS v2 (legacy)

4.7

MEDIUM

Access Vector

Local

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

AV:L/AC:M/Au:N/C:C/I:N/A:N

Description

VulnerabilityLookup (CNA)

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Affected Products

Intel Corporation

Most Modern Operating Systems

All

intel

atom c

intel

atom e

intel

atom x3

intel

atom z

intel

celeron j

Intel Corporation

Most Modern Operating Systems

All

Attack Intelligence

CWE-200 · Information Exposure CWE-664 · Improper Control of a Resource Through its Lifetime CWE-668 · Exposure of Resource to Wrong Sphere

Exploits & PoC

ionescu007/SpecuCheck

SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spec

584 2019-11-19

raphaelsc/Am-I-affected-by-Meltdown

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

541 2018-02-27

Viralmaniar/In-Spectre-Meltdown

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (

95 2018-02-19

speecyy/Am-I-affected-by-Meltdown

Proof-of-concept / Exploit / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a

1 2018-01-06

jdmulloy/meltdown-aws-scanner

Naive shell script to verify Meltdown (CVE-2017-5754) patch status of EC2 instances

1 2018-01-26

zzado/Meltdown

PoC for Meltdown in linux (CVE-2017-5754)

0 2018-02-07

6 repos — triés par ⭐ Rechercher sur GitHub ↗

http://nvidia.custhelp.com/app/answers/detail/a_id/4609

x_refsource_CONFIRM

https://usn.ubuntu.com/3523-1/

vendor-advisory x_refsource_UBUNTU

https://usn.ubuntu.com/usn/usn-3525-1/

vendor-advisory x_refsource_UBUNTU

https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201810-06

vendor-advisory x_refsource_GENTOO

https://www.debian.org/security/2018/dsa-4082

vendor-advisory x_refsource_DEBIAN

Signal Intelligence

Confidenceⓘ

95%

EPSS 89.59%

CVSS v3.0 5.6

Mentions 6

Last Seen Feb 25, 2025

CNA Information

CNA Assigner

intel

Analyst Note

CVE-2017-5754 is Meltdown, a critical speculative execution vulnerability discovered by Project Zero researchers and disclosed January 3-4, 2018. Exploitation in the wild occurred simultaneously with patch availability across all major OS vendors on Patch Tuesday 2018-01-09. This is a canonical zero-day case despite the medium CVSS (which reflects local-access-only requirement, not severity).

Triage Info

Decided atMar 05, 2026

Published DateJan 04, 2018