CVE-2018-3639

MEDIUM

Description

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

References

http://support.lenovo.com/us/en/solutions/LEN-22133

http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html

http://www.securityfocus.com/bid/104232

http://www.securitytracker.com/id/1040949

http://www.securitytracker.com/id/1042004

http://xenbits.xen.org/xsa/advisory-263.html

https://access.redhat.com/errata/RHSA-2018:1629

https://access.redhat.com/errata/RHSA-2018:1630

https://access.redhat.com/errata/RHSA-2018:1632

https://access.redhat.com/errata/RHSA-2018:1633

https://access.redhat.com/errata/RHSA-2018:1635

https://access.redhat.com/errata/RHSA-2018:1636

https://access.redhat.com/errata/RHSA-2018:1637

https://access.redhat.com/errata/RHSA-2018:1638

https://access.redhat.com/errata/RHSA-2018:1639

https://access.redhat.com/errata/RHSA-2018:1640

https://access.redhat.com/errata/RHSA-2018:1641

https://access.redhat.com/errata/RHSA-2018:1642

https://access.redhat.com/errata/RHSA-2018:1643

https://access.redhat.com/errata/RHSA-2018:1644

https://access.redhat.com/errata/RHSA-2018:1645

https://access.redhat.com/errata/RHSA-2018:1646

https://access.redhat.com/errata/RHSA-2018:1647

https://access.redhat.com/errata/RHSA-2018:1648

https://access.redhat.com/errata/RHSA-2018:1649

https://access.redhat.com/errata/RHSA-2018:1650

https://access.redhat.com/errata/RHSA-2018:1651

https://access.redhat.com/errata/RHSA-2018:1652

https://access.redhat.com/errata/RHSA-2018:1653

https://access.redhat.com/errata/RHSA-2018:1654

https://access.redhat.com/errata/RHSA-2018:1655

https://access.redhat.com/errata/RHSA-2018:1656

https://access.redhat.com/errata/RHSA-2018:1657

https://access.redhat.com/errata/RHSA-2018:1658

https://access.redhat.com/errata/RHSA-2018:1659

https://access.redhat.com/errata/RHSA-2018:1660

https://access.redhat.com/errata/RHSA-2018:1661

https://access.redhat.com/errata/RHSA-2018:1662

https://access.redhat.com/errata/RHSA-2018:1663

https://access.redhat.com/errata/RHSA-2018:1664

https://access.redhat.com/errata/RHSA-2018:1665

https://access.redhat.com/errata/RHSA-2018:1666

https://access.redhat.com/errata/RHSA-2018:1667

https://access.redhat.com/errata/RHSA-2018:1668

https://access.redhat.com/errata/RHSA-2018:1669

https://access.redhat.com/errata/RHSA-2018:1674

https://access.redhat.com/errata/RHSA-2018:1675

https://access.redhat.com/errata/RHSA-2018:1676

https://access.redhat.com/errata/RHSA-2018:1686

https://access.redhat.com/errata/RHSA-2018:1688

https://access.redhat.com/errata/RHSA-2018:1689

https://access.redhat.com/errata/RHSA-2018:1690

https://access.redhat.com/errata/RHSA-2018:1696

https://access.redhat.com/errata/RHSA-2018:1710

https://access.redhat.com/errata/RHSA-2018:1711

https://access.redhat.com/errata/RHSA-2018:1737

https://access.redhat.com/errata/RHSA-2018:1738

https://access.redhat.com/errata/RHSA-2018:1826

https://access.redhat.com/errata/RHSA-2018:1854

https://access.redhat.com/errata/RHSA-2018:1965

https://access.redhat.com/errata/RHSA-2018:1967

https://access.redhat.com/errata/RHSA-2018:1997

https://access.redhat.com/errata/RHSA-2018:2001

https://access.redhat.com/errata/RHSA-2018:2003

https://access.redhat.com/errata/RHSA-2018:2006

https://access.redhat.com/errata/RHSA-2018:2060

https://access.redhat.com/errata/RHSA-2018:2161

https://access.redhat.com/errata/RHSA-2018:2162

https://access.redhat.com/errata/RHSA-2018:2164

https://access.redhat.com/errata/RHSA-2018:2171

https://access.redhat.com/errata/RHSA-2018:2172

https://access.redhat.com/errata/RHSA-2018:2216

https://access.redhat.com/errata/RHSA-2018:2228

https://access.redhat.com/errata/RHSA-2018:2246

https://access.redhat.com/errata/RHSA-2018:2250

https://access.redhat.com/errata/RHSA-2018:2258

https://access.redhat.com/errata/RHSA-2018:2289

https://access.redhat.com/errata/RHSA-2018:2309

https://access.redhat.com/errata/RHSA-2018:2328

https://access.redhat.com/errata/RHSA-2018:2363

https://access.redhat.com/errata/RHSA-2018:2364

https://access.redhat.com/errata/RHSA-2018:2387

https://access.redhat.com/errata/RHSA-2018:2394

https://access.redhat.com/errata/RHSA-2018:2396

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2018:3396

https://access.redhat.com/errata/RHSA-2018:3397

https://access.redhat.com/errata/RHSA-2018:3398

https://access.redhat.com/errata/RHSA-2018:3399

https://access.redhat.com/errata/RHSA-2018:3400

https://access.redhat.com/errata/RHSA-2018:3401

https://access.redhat.com/errata/RHSA-2018:3402

https://access.redhat.com/errata/RHSA-2018:3407

https://access.redhat.com/errata/RHSA-2018:3423

https://access.redhat.com/errata/RHSA-2018:3424

https://access.redhat.com/errata/RHSA-2018:3425

https://access.redhat.com/errata/RHSA-2019:0148

https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html

https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://nvidia.custhelp.com/app/answers/detail/a_id/4787

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004

https://security.netapp.com/advisory/ntap-20180521-0001/

https://support.citrix.com/article/CTX235225

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us

https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel

https://usn.ubuntu.com/3651-1/

https://usn.ubuntu.com/3652-1/

https://usn.ubuntu.com/3653-1/

https://usn.ubuntu.com/3653-2/

https://usn.ubuntu.com/3654-1/

https://usn.ubuntu.com/3654-2/

https://usn.ubuntu.com/3655-1/

https://usn.ubuntu.com/3655-2/

https://usn.ubuntu.com/3679-1/

https://usn.ubuntu.com/3680-1/

https://usn.ubuntu.com/3756-1/

https://usn.ubuntu.com/3777-3/

https://www.debian.org/security/2018/dsa-4210

https://www.debian.org/security/2018/dsa-4273

https://www.exploit-db.com/exploits/44695/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

https://www.kb.cert.org/vuls/id/180049

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.synology.com/support/security/Synology_SA_18_23

https://www.us-cert.gov/ncas/alerts/TA18-141A

Details

Source: MITRE

Published: 2018-05-22

Updated: 2019-04-09

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM