CVE-2018-3640

medium

Description

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013

https://security.netapp.com/advisory/ntap-20180521-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel

https://usn.ubuntu.com/3756-1/

https://www.debian.org/security/2018/dsa-4273

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

https://www.kb.cert.org/vuls/id/180049

https://www.us-cert.gov/ncas/alerts/TA18-141A

http://www.securitytracker.com/id/1040949

http://www.securitytracker.com/id/1042004

Details

Published: 2018-05-22

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: Medium