CVE-2018-3639 Information

Feb 14, 2021 cve

Description

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis aka Speculative Store Bypass (SSB) Variant 4.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-22133 http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html http://www.openwall.com/lists/oss-security/2020/06/10/1 http://www.openwall.com/lists/oss-security/2020/06/10/2 http://www.openwall.com/lists/oss-security/2020/06/10/5 http://www.securityfocus.com/bid/104232 http://www.securitytracker.com/id/1040949 http://www.securitytracker.com/id/1042004 http://xenbits.xen.org/xsa/advisory-263.html https://access.redhat.com/errata/RHSA-2018:1629 https://access.redhat.com/errata/RHSA-2018:1630 https://access.redhat.com/errata/RHSA-2018:1632 https://access.redhat.com/errata/RHSA-2018:1633 https://access.redhat.com/errata/RHSA-2018:1635 https://access.redhat.com/errata/RHSA-2018:1636 https://access.redhat.com/errata/RHSA-2018:1637 https://access.redhat.com/errata/RHSA-2018:1638 https://access.redhat.com/errata/RHSA-2018:1639 https://access.redhat.com/errata/RHSA-2018:1640 https://access.redhat.com/errata/RHSA-2018:1641 https://access.redhat.com/errata/RHSA-2018:1642 https://access.redhat.com/errata/RHSA-2018:1643 https://access.redhat.com/errata/RHSA-2018:1644 https://access.redhat.com/errata/RHSA-2018:1645 https://access.redhat.com/errata/RHSA-2018:1646 https://access.redhat.com/errata/RHSA-2018:1647 https://access.redhat.com/errata/RHSA-2018:1648 https://access.redhat.com/errata/RHSA-2018:1649 https://access.redhat.com/errata/RHSA-2018:1650 https://access.redhat.com/errata/RHSA-2018:1651 https://access.redhat.com/errata/RHSA-2018:1652 https://access.redhat.com/errata/RHSA-2018:1653 https://access.redhat.com/errata/RHSA-2018:1654 https://access.redhat.com/errata/RHSA-2018:1655 https://access.redhat.com/errata/RHSA-2018:1656 https://access.redhat.com/errata/RHSA-2018:1657 https://access.redhat.com/errata/RHSA-2018:1658 https://access.redhat.com/errata/RHSA-2018:1659 https://access.redhat.com/errata/RHSA-2018:1660 https://access.redhat.com/errata/RHSA-2018:1661 https://access.redhat.com/errata/RHSA-2018:1662 https://access.redhat.com/errata/RHSA-2018:1663 https://access.redhat.com/errata/RHSA-2018:1664 https://access.redhat.com/errata/RHSA-2018:1665 https://access.redhat.com/errata/RHSA-2018:1666 https://access.redhat.com/errata/RHSA-2018:1667 https://access.redhat.com/errata/RHSA-2018:1668 https://access.redhat.com/errata/RHSA-2018:1669 https://access.redhat.com/errata/RHSA-2018:1674 https://access.redhat.com/errata/RHSA-2018:1675 https://access.redhat.com/errata/RHSA-2018:1676 https://access.redhat.com/errata/RHSA-2018:1686 https://access.redhat.com/errata/RHSA-2018:1688 https://access.redhat.com/errata/RHSA-2018:1689 https://access.redhat.com/errata/RHSA-2018:1690 https://access.redhat.com/errata/RHSA-2018:1696 https://access.redhat.com/errata/RHSA-2018:1710 https://access.redhat.com/errata/RHSA-2018:1711 https://access.redhat.com/errata/RHSA-2018:1737 https://access.redhat.com/errata/RHSA-2018:1738 https://access.redhat.com/errata/RHSA-2018:1826 https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1965 https://access.redhat.com/errata/RHSA-2018:1967 https://access.redhat.com/errata/RHSA-2018:1997 https://access.redhat.com/errata/RHSA-2018:2001 https://access.redhat.com/errata/RHSA-2018:2003 https://access.redhat.com/errata/RHSA-2018:2006 https://access.redhat.com/errata/RHSA-2018:2060 https://access.redhat.com/errata/RHSA-2018:2161 https://access.redhat.com/errata/RHSA-2018:2162 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2171 https://access.redhat.com/errata/RHSA-2018:2172 https://access.redhat.com/errata/RHSA-2018:2216 https://access.redhat.com/errata/RHSA-2018:2228 https://access.redhat.com/errata/RHSA-2018:2246 https://access.redhat.com/errata/RHSA-2018:2250 https://access.redhat.com/errata/RHSA-2018:2258 https://access.redhat.com/errata/RHSA-2018:2289 https://access.redhat.com/errata/RHSA-2018:2309 https://access.redhat.com/errata/RHSA-2018:2328 https://access.redhat.com/errata/RHSA-2018:2363 https://access.redhat.com/errata/RHSA-2018:2364 https://access.redhat.com/errata/RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3396 https://access.redhat.com/errata/RHSA-2018:3397 https://access.redhat.com/errata/RHSA-2018:3398 https://access.redhat.com/errata/RHSA-2018:3399 https://access.redhat.com/errata/RHSA-2018:3400 https://access.redhat.com/errata/RHSA-2018:3401 https://access.redhat.com/errata/RHSA-2018:3402 https://access.redhat.com/errata/RHSA-2018:3407 https://access.redhat.com/errata/RHSA-2018:3423 https://access.redhat.com/errata/RHSA-2018:3424 https://access.redhat.com/errata/RHSA-2018:3425 https://access.redhat.com/errata/RHSA-2019:0148 https://access.redhat.com/errata/RHSA-2019:1046 https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://nvidia.custhelp.com/app/answers/detail/a_id/4787 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004 https://seclists.org/bugtraq/2019/Jun/36 https://security.netapp.com/advisory/ntap-20180521-0001/ https://support.citrix.com/article/CTX235225 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us https://support.oracle.com/knowledge/Sun20Microsystems/2481872_1.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel https://usn.ubuntu.com/3651-1/ https://usn.ubuntu.com/3652-1/ https://usn.ubuntu.com/3653-1/ https://usn.ubuntu.com/3653-2/ https://usn.ubuntu.com/3654-1/ https://usn.ubuntu.com/3654-2/ https://usn.ubuntu.com/3655-1/ https://usn.ubuntu.com/3655-2/ https://usn.ubuntu.com/3679-1/ https://usn.ubuntu.com/3680-1/ https://usn.ubuntu.com/3756-1/ https://usn.ubuntu.com/3777-3/ https://www.debian.org/security/2018/dsa-4210 https://www.debian.org/security/2018/dsa-4273 https://www.exploit-db.com/exploits/44695/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://www.kb.cert.org/vuls/id/180049 https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.synology.com/support/security/Synology_SA_18_23 https://www.us-cert.gov/ncas/alerts/TA18-141A

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5

Share on: