CVE-2018-3639
⚪ Do wiadomości
Wykorzystanie spekulacyjnego wykonania w mikroprocesorach umożliwia ujawnienie informacji lokalnemu atakującemu.
CVSS
5.5
EPSS
46.7%
Exploit
poc
Vendor
intel
Opis źródłowy (NVD)
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 46.7% |
| Opublikowano (NVD) | 2018-05-22 12:29:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-29 21:16:34 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html (secure@intel.com) [Broken Link]
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html (secure@intel.com) [Broken Link]
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html (secure@intel.com) [Broken Link]
- http://support.lenovo.com/us/en/solutions/LEN-22133 (secure@intel.com) [Third Party Advisory]
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html (secure@intel.com) [Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2020/06/10/1 (secure@intel.com) [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2020/06/10/2 (secure@intel.com) [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2020/06/10/5 (secure@intel.com) [Mailing List, Third Party Advisory]
- http://www.securityfocus.com/bid/104232 (secure@intel.com) [Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1040949 (secure@intel.com) [Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1042004 (secure@intel.com) [Third Party Advisory, VDB Entry]
- http://xenbits.xen.org/xsa/advisory-263.html (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1629 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1630 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1632 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1633 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1635 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1636 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1637 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1638 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1639 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1640 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1641 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1642 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1643 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1644 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1645 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1646 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1647 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1648 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1649 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1650 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1651 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1652 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1653 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1654 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1655 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1656 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1657 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1658 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1659 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1660 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1661 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1662 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1663 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1664 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1665 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1666 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1667 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1668 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1669 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1674 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1675 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1676 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1686 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1688 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1689 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1690 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1696 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1710 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1711 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1737 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1738 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1826 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1854 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1965 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1967 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:1997 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2001 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2003 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2006 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2060 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2161 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2162 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2164 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2171 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2172 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2216 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2228 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2246 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2250 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2258 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2289 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2309 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2328 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2363 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2364 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2387 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2394 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2396 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:2948 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3396 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3397 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3398 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3399 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3400 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3401 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3402 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3407 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3423 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3424 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2018:3425 (secure@intel.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2019:0148 (secure@intel.com) [Broken Link]
- https://access.redhat.com/errata/RHSA-2019:1046 (secure@intel.com) [Third Party Advisory]
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 (secure@intel.com) [Exploit, Issue Tracking, Patch, Third Party Advisory]
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf (secure@intel.com) [Third Party Advisory]
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf (secure@intel.com) [Third Party Advisory]
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf (secure@intel.com) [Third Party Advisory]
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability (secure@intel.com) [Third Party Advisory]
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 (secure@intel.com) [Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html (secure@intel.com) [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html (secure@intel.com) [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html (secure@intel.com) [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html (secure@intel.com) [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html (secure@intel.com) [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html (secure@intel.com) [Mailing List, Third Party Advisory]
- https://nvidia.custhelp.com/app/answers/detail/a_id/4787 (secure@intel.com) [Third Party Advisory]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 (secure@intel.com) [Patch, Third Party Advisory, Vendor Advisory]
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004 (secure@intel.com) [Third Party Advisory]
- https://seclists.org/bugtraq/2019/Jun/36 (secure@intel.com) [Issue Tracking, Mailing List, Third Party Advisory]
- https://security.netapp.com/advisory/ntap-20180521-0001/ (secure@intel.com) [Third Party Advisory]
- https://support.citrix.com/article/CTX235225 (secure@intel.com) [Third Party Advisory]
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us (secure@intel.com) [Third Party Advisory]
- https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html (secure@intel.com) [Third Party Advisory]
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3651-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3652-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3653-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3653-2/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3654-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3654-2/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3655-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3655-2/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3679-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3680-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3756-1/ (secure@intel.com) [Third Party Advisory]
- https://usn.ubuntu.com/3777-3/ (secure@intel.com) [Third Party Advisory]
- https://www.debian.org/security/2018/dsa-4210 (secure@intel.com) [Third Party Advisory]
- https://www.debian.org/security/2018/dsa-4273 (secure@intel.com) [Third Party Advisory]
- https://www.exploit-db.com/exploits/44695/ (secure@intel.com) [Exploit, Third Party Advisory, VDB Entry]
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html (secure@intel.com) [Third Party Advisory]
- https://www.kb.cert.org/vuls/id/180049 (secure@intel.com) [Third Party Advisory, US Government Resource]
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 (secure@intel.com) [Third Party Advisory]
- https://www.oracle.com/security-alerts/cpujul2020.html (secure@intel.com) [Third Party Advisory]
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (secure@intel.com) [Third Party Advisory]
- https://www.synology.com/support/security/Synology_SA_18_23 (secure@intel.com) [Third Party Advisory]
- https://www.us-cert.gov/ncas/alerts/TA18-141A (secure@intel.com) [Third Party Advisory, US Government Resource]