My Oracle Support Banner

Addendum to the January 2018 CPU Advisory for Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754) vulnerabilities (Doc ID 2347948.1)

Last updated on DECEMBER 19, 2018

Applies to:

Exalogic Elastic Cloud X6-2 Hardware - Version X6 to X6 [Release X6]
Oracle Coherence - Version 12.1.2.0.5 to 12.1.2.0.5 [Release 12c]
Information in this document applies to any platform.

Purpose

This document lists the status of Oracle products with respect to the publicly-disclosed Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) vulnerabilities. Related Spectre vulnerabilities CVE-2018-3639 and CVE-2018-3640 are addressed in "Information about processor vulnerabilities CVE-2018-3640 ("Spectre v3a") and CVE-2018-3639 ("Spectre v4")" (Doc ID 2399123.1).

Scope

Oracle has assessed the impact of these vulnerabilities only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. Oracle has not assessed the impact of this vulnerability against product versions that are no longer supported by Oracle.

GENERAL RECOMMENDATIONS

Oracle recommends that customers keep up with security patches for operating systems, virtualization technologies, and hardware when updated security patches are released by their respective vendors or maintainers.

Customers of Oracle’s engineered systems should solely rely on the specific patches produced for these engineered systems.

Oracle recommends that you prevent as much as possible the execution of untrusted code, which is a condition for the exploitation of vulnerabilities CVE-2017-5753 (Spectre v1), CVE-2017-5715 (Spectre v2), and CVE-2017-5754 (Meltdown). Oracle recommends that you review the privileges associated with your systems, and periodically review your security logs in light of these vulnerabilities.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 1. Products with Patches or Instructions Available
 2. Products with Patches or Instructions Pending
 3. Products under Investigation
 4. Products Not Affected

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.