CVE-2018-3640

Description

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

References

https://www.us-cert.gov/ncas/alerts/TA18-141A

https://www.synology.com/support/security/Synology_SA_18_23

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006

https://www.kb.cert.org/vuls/id/180049

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

https://www.debian.org/security/2018/dsa-4273

https://usn.ubuntu.com/3756-1/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us

https://security.netapp.com/advisory/ntap-20180521-0001/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

http://www.securitytracker.com/id/1042004

http://www.securitytracker.com/id/1040949

http://www.securityfocus.com/bid/104228

http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html

http://support.lenovo.com/us/en/solutions/LEN-22133

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3