Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) vulnverabiltieis and the Portal - any action needed?

Version 1

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    BMC Performance Manager Portal


    BMC PM Portal


    BMC Performance Manager Portal 2.9.+


    Two major vulnerabilities (known as Meltdown, CVE-2017-5754, and Spectre, CVE-2017-5753 & CVE-2017-5715) have been revealed that affect almost all modern CPUs on January 3, 2018. Meltdown allows any application to access all system memory, including memory allocated for the kernel.  Spectre allows an application to force another application to access arbitrary portions of its memory, which can then be read through a side channel.  The vulnerabilities are known to be exploitable on servers, workstations, mobile devices, IoT environments, and browsers.



                BMC is aware of these vulnerabilities, and have been working closely with our vendors and product teams to address them on applicable systems and products as soon as patches are available, and in accordance with BMC customer support process.  BMC will continue to closely monitor this evolving situation, and will provide additional details and maintenance notifications, as needed.           
                OS & hardware vendors will be the ones handling patches/microcode/firmware for this, not BMC.

    As of the time of this writing, no code fix has been provided by those vendors. 
    For the latest news, check here:



    Article Number:


    Article Type:


      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles