CVE-2017-5715
MEDIUMIntel Atom C/E/X3 - Information Disclosure via Speculative Execution Side-Channel
Title source: llmExploitation Summary
EIP tracks 10 public exploits for CVE-2017-5715. PoCs published by Multiple, qazbnm456, opsxcq.
AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2027-5753 (Spectre Variant 1), demonstrating a bounds-check bypass vulnerability via speculative execution. It reads privileged memory by leveraging side-channel timing attacks on CPU cache behavior.
Description
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Exploits (10)
exploitdb
WORKING POC
by Multiple · clocalmultiple
https://www.exploit-db.com/exploits/43427
This is a proof-of-concept exploit for CVE-2027-5753 (Spectre Variant 1), demonstrating a bounds-check bypass vulnerability via speculative execution. It reads privileged memory by leveraging side-channel timing attacks on CPU cache behavior.
Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target:
CPU architectures vulnerable to Spectre (e.g., Intel, AMD, ARM)
No auth needed
Prerequisites:
Vulnerable CPU with speculative execution · Local code execution on the target system
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
github
WRITEUP
3,480 stars
by qazbnm456 · poc
https://github.com/qazbnm456/awesome-cve-poc/tree/master/CVE-2017-5715.md
This repository provides a detailed writeup and references for CVE-2017-5715 (Spectre variant 2), including links to external PoCs and technical papers. It does not contain direct exploit code but offers comprehensive background and external resources.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Complex
Reliability
Theoretical
Target:
CPUs with speculative execution (e.g., Intel, AMD, ARM)
No auth needed
Prerequisites:
Vulnerable CPU architecture · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 27, 2026
Full analysis →
nomisec
WORKING POC
55 stars
by opsxcq · poc
https://github.com/opsxcq/exploit-cve-2017-5715
This is a proof-of-concept exploit for CVE-2017-5715 (Spectre Variant 2), demonstrating a side-channel attack that leaks memory contents by exploiting speculative execution in modern CPUs. The code includes cache timing techniques to infer data from protected memory regions.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target:
Intel/AMD x86-64 CPUs (microarchitectural vulnerability)
No auth needed
Prerequisites:
x86-64 Linux system · CPU vulnerable to Spectre (unpatched or mitigations disabled)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
nomisec
WRITEUP
17 stars
by mathse · poc
https://github.com/mathse/meltdown-spectre-bios-list
This repository provides a curated list of BIOS/firmware updates for various hardware models to mitigate Meltdown and Spectre vulnerabilities. It includes scripts to check if a system's BIOS is listed as patched.
Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Various BIOS/firmware versions from multiple manufacturers (ASUS, Acer, etc.)
No auth needed
Prerequisites:
Access to the system's BIOS model information
devstral-2 · analyzed Feb 16, 2026
Full analysis →
github
WRITEUP
14 stars
by xbl3 · poc
https://github.com/xbl3/awesome-cve-poc_qazbnm456/tree/master/CVE-2017-5715.md
This repository provides a detailed writeup and references for CVE-2017-5715 (Spectre variant 2), including links to external PoCs and technical papers. It does not contain direct exploit code but offers in-depth analysis and context.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Complex
Reliability
Theoretical
Target:
CPUs with speculative execution (e.g., Intel, AMD, ARM)
No auth needed
Prerequisites:
Vulnerable CPU architecture · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 27, 2026
Full analysis →
gitlab
WORKING POC
by Eugnis · poc
https://gitlab.com/Eugnis/spectre-attack
This repository contains a functional proof-of-concept exploit for CVE-2017-5715 (Spectre Variant 2), demonstrating how speculative execution can leak memory contents via side-channel attacks. The code includes a victim function and an analysis function that measures cache timing to infer secret data.
Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target:
CPUs vulnerable to Spectre (e.g., Intel, AMD, ARM)
No auth needed
Prerequisites:
CPU vulnerable to Spectre · ability to execute untrusted code on the target system
devstral-2 · analyzed Feb 23, 2026
Full analysis →
gitlab
WORKING POC
by The-Real-TechLord · poc
https://gitlab.com/The-Real-TechLord/spectre-attack
This repository contains a functional proof-of-concept exploit for CVE-2017-5715 (Spectre Variant 2). The code demonstrates a branch target injection attack to leak memory contents by exploiting speculative execution side channels.
Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target:
CPUs vulnerable to Spectre (e.g., Intel, AMD, ARM)
No auth needed
Prerequisites:
Vulnerable CPU with speculative execution · Local code execution on the target system
devstral-2 · analyzed Feb 23, 2026
Full analysis →
nomisec
WRITEUP
by dmo2118 · poc
https://github.com/dmo2118/retpoline-audit
This repository contains a README for a removed project related to retpoline auditing, specifically referencing CVE-2017-5715 (Spectre Variant 2). The content is informational and does not include exploit code or technical details.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
none
No auth needed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
nomisec
WORKING POC
by GalloLuigi · poc
https://github.com/GalloLuigi/Analisi-CVE-2017-5715
This is a proof-of-concept implementation of the Spectre (CVE-2017-5715) vulnerability, demonstrating a side-channel attack to leak memory contents via speculative execution and cache timing. The code exploits branch prediction to access out-of-bounds memory and infer values through cache state analysis.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target:
CPUs with speculative execution (e.g., Intel, AMD, ARM)
No auth needed
Prerequisites:
Access to execute code on a vulnerable CPU · Knowledge of memory layout to target
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
nomisec
SCANNER
by GregAskew · poc
https://github.com/GregAskew/SpeculativeExecutionAssessment
This repository contains a C# tool to assess system vulnerability to speculative execution flaws (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754). It queries Windows system information to check for mitigations and hardware support.
Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
Windows OS (requires elevated permissions)
Auth required
Prerequisites:
Elevated permissions · Windows OS with speculative execution vulnerabilities
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (94)
Core 94
Core References
Third Party Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4609
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3560-1/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4187
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3542-2/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201810-06
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3540-2/
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/vulnerabilities/speculativeexecution
Patch, Third Party Advisory, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3597-1/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
Third Party Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4611
Third Party Advisory x_refsource_misc
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4213
Third Party Advisory x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2018-002
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4120
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3580-1/
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K91229003
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3531-3/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3620-2/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3582-1/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4188
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0292
Third Party Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-254.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180104-0001/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html
Third Party Advisory x_refsource_confirm
https://www.synology.com/support/security/Synology_SA_18_01
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102376
Third Party Advisory x_refsource_confirm
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3594-1/
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/584653
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/180049
Third Party Advisory x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2018-003
Third Party Advisory x_refsource_confirm
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3690-1/
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
Third Party Advisory x_refsource_confirm
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
Third Party Advisory x_refsource_confirm
https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3549-1/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html
Third Party Advisory x_refsource_confirm
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
Third Party Advisory x_refsource_confirm
https://support.citrix.com/article/CTX231399
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Third Party Advisory x_refsource_misc
https://spectreattack.com/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3531-1/
Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
Third Party Advisory x_refsource_confirm
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3581-1/
Third Party Advisory x_refsource_confirm
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040071
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
Vendor Advisory x_refsource_confirm
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3597-2/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3581-2/
Third Party Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4614
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/usn/usn-3516-1/
Third Party Advisory x_refsource_confirm
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43427/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3541-2/
Third Party Advisory x_refsource_misc
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-18282
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3777-3/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
Third Party Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0007.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
Third Party Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4613
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3561-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3582-2/
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/36
Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
Third Party Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Nov/16
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
Third Party Advisory x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2017-5715
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html
Scores
CVSS v3
5.6
EPSS
0.8848
EPSS Percentile
99.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (50)
arm/cortex-a
9
arm/cortex-a
15
arm/cortex-a
17
arm/cortex-a
57
arm/cortex-a
72
arm/cortex-a
73
arm/cortex-a
75
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
... and 40 more
Published
Jan 04, 2018
Tracked Since
Feb 18, 2026