Detections
Analytics
CVE-2018-3640
medium
Description
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
References
https://www.us-cert.gov/ncas/alerts/TA18-141A
https://www.synology.com/support/security/Synology_SA_18_23
https://www.kb.cert.org/vuls/id/180049
https://www.debian.org/security/2018/dsa-4273
https://usn.ubuntu.com/3756-1/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
https://security.netapp.com/advisory/ntap-20180521-0001/
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
http://www.securitytracker.com/id/1040949
http://www.securityfocus.com/bid/104228
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf