CVE-2018-3640 Information
Description
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis aka Rogue System Register Read (RSRE) Variant 3a.
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Reference
http://support.lenovo.com/us/en/solutions/LEN-22133 http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html http://www.securityfocus.com/bid/104228 http://www.securitytracker.com/id/1040949 http://www.securitytracker.com/id/1042004 https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005 https://security.netapp.com/advisory/ntap-20180521-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel https://usn.ubuntu.com/3756-1/ https://www.debian.org/security/2018/dsa-4273 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://www.kb.cert.org/vuls/id/180049 https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 https://www.synology.com/support/security/Synology_SA_18_23 https://www.us-cert.gov/ncas/alerts/TA18-141A
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.6
Share on: