CVE-2018-3640

MEDIUM

Description

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

References

http://support.lenovo.com/us/en/solutions/LEN-22133

http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html

http://www.securityfocus.com/bid/104228

http://www.securitytracker.com/id/1040949

http://www.securitytracker.com/id/1042004

https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005

https://security.netapp.com/advisory/ntap-20180521-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel

https://usn.ubuntu.com/3756-1/

https://www.debian.org/security/2018/dsa-4273

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

https://www.kb.cert.org/vuls/id/180049

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006

https://www.synology.com/support/security/Synology_SA_18_23

https://www.us-cert.gov/ncas/alerts/TA18-141A

Details

Source: MITRE

Published: 2018-05-22

Updated: 2018-10-31

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3.0

Base Score: 5.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact Score: 4

Exploitability Score: 1.1

Severity: MEDIUM