Vulnerability CVE-2018-3639


Published: 2018-05-22

Description:
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Type:

CWE-200

(Information Exposure)

Vendor: Intel
Product: Atom z 
Version:
z3795
z3785
z3775d
z3775
z3770d
z3770
z3745d
z3745
z3740d
z3740
z3736g
z3736f
z3735g
z3735f
z3735e
z3735d
z3590
z3580
z3570
z3560
z3530
z3480
z3460
z2760
z2580
z2560
z2520
z2480
z2460
z2420
See more versions on NVD
Product: Xeon e3 
Version:
x5570
x5560
x5550
x3480
x3470
x3460
x3450
x3440
x3430
w5590
w5580
l5530
l5520
l5518_
l5508_
l5506
l3426
l3406
l3403
e6550
e6540
e6510
e5540
e5530
e5520
e5507
e5506
e5504
e5503
e5502
See more versions on NVD
Product: Pentium silver 
Version: n5000; j5005;
Product: Pentium 
Version:
n4200
n4100
n4000
See more versions on NVD
Product: Celeron n 
Version: n3450;
Product: Pentium j 
Version: j4205;
Product: Celeron j 
Version:
j4105
j4005
j3455
See more versions on NVD
Product: Atom e 
Version:
e3845
e3827
e3826
e3825
e3815
e3805
See more versions on NVD
Product: Atom c 
Version:
c3958
c3955
c3950
c3858
c3850
c3830
c3808
c3758
c3750
c3708
c3558
c3538
c3508
c3338
c3308
c2308
See more versions on NVD
Product: Xeon e7 
Version:
8894_v4
8893_v4
8893_v3
8893_v2
8891_v4
8891_v3
See more versions on NVD
Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Redhat
Product: Openstack 
Version: 9;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
http://support.lenovo.com/us/en/solutions/LEN-22133
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
http://www.securityfocus.com/bid/104232
http://www.securitytracker.com/id/1040949
http://www.securitytracker.com/id/1042004
http://xenbits.xen.org/xsa/advisory-263.html
https://access.redhat.com/errata/RHSA-2018:1629
https://access.redhat.com/errata/RHSA-2018:1630
https://access.redhat.com/errata/RHSA-2018:1632
https://access.redhat.com/errata/RHSA-2018:1633
https://access.redhat.com/errata/RHSA-2018:1635
https://access.redhat.com/errata/RHSA-2018:1636
https://access.redhat.com/errata/RHSA-2018:1637
https://access.redhat.com/errata/RHSA-2018:1638
https://access.redhat.com/errata/RHSA-2018:1639
https://access.redhat.com/errata/RHSA-2018:1640
https://access.redhat.com/errata/RHSA-2018:1641
https://access.redhat.com/errata/RHSA-2018:1642
https://access.redhat.com/errata/RHSA-2018:1643
https://access.redhat.com/errata/RHSA-2018:1644
https://access.redhat.com/errata/RHSA-2018:1645
https://access.redhat.com/errata/RHSA-2018:1646
https://access.redhat.com/errata/RHSA-2018:1647
https://access.redhat.com/errata/RHSA-2018:1648
https://access.redhat.com/errata/RHSA-2018:1649
https://access.redhat.com/errata/RHSA-2018:1650
https://access.redhat.com/errata/RHSA-2018:1651
https://access.redhat.com/errata/RHSA-2018:1652
https://access.redhat.com/errata/RHSA-2018:1653
https://access.redhat.com/errata/RHSA-2018:1654
https://access.redhat.com/errata/RHSA-2018:1655
https://access.redhat.com/errata/RHSA-2018:1656
https://access.redhat.com/errata/RHSA-2018:1657
https://access.redhat.com/errata/RHSA-2018:1658
https://access.redhat.com/errata/RHSA-2018:1659
https://access.redhat.com/errata/RHSA-2018:1660
https://access.redhat.com/errata/RHSA-2018:1661
https://access.redhat.com/errata/RHSA-2018:1662
https://access.redhat.com/errata/RHSA-2018:1663
https://access.redhat.com/errata/RHSA-2018:1664
https://access.redhat.com/errata/RHSA-2018:1665
https://access.redhat.com/errata/RHSA-2018:1666
https://access.redhat.com/errata/RHSA-2018:1667
https://access.redhat.com/errata/RHSA-2018:1668
https://access.redhat.com/errata/RHSA-2018:1669
https://access.redhat.com/errata/RHSA-2018:1674
https://access.redhat.com/errata/RHSA-2018:1675
https://access.redhat.com/errata/RHSA-2018:1676
https://access.redhat.com/errata/RHSA-2018:1686
https://access.redhat.com/errata/RHSA-2018:1688
https://access.redhat.com/errata/RHSA-2018:1689
https://access.redhat.com/errata/RHSA-2018:1690
https://access.redhat.com/errata/RHSA-2018:1696
https://access.redhat.com/errata/RHSA-2018:1710
https://access.redhat.com/errata/RHSA-2018:1711
https://access.redhat.com/errata/RHSA-2018:1737
https://access.redhat.com/errata/RHSA-2018:1738
https://access.redhat.com/errata/RHSA-2018:1826
https://access.redhat.com/errata/RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1965
https://access.redhat.com/errata/RHSA-2018:1967
https://access.redhat.com/errata/RHSA-2018:1997
https://access.redhat.com/errata/RHSA-2018:2001
https://access.redhat.com/errata/RHSA-2018:2003
https://access.redhat.com/errata/RHSA-2018:2006
https://access.redhat.com/errata/RHSA-2018:2060
https://access.redhat.com/errata/RHSA-2018:2161
https://access.redhat.com/errata/RHSA-2018:2162
https://access.redhat.com/errata/RHSA-2018:2164
https://access.redhat.com/errata/RHSA-2018:2171
https://access.redhat.com/errata/RHSA-2018:2172
https://access.redhat.com/errata/RHSA-2018:2216
https://access.redhat.com/errata/RHSA-2018:2228
https://access.redhat.com/errata/RHSA-2018:2246
https://access.redhat.com/errata/RHSA-2018:2250
https://access.redhat.com/errata/RHSA-2018:2258
https://access.redhat.com/errata/RHSA-2018:2289
https://access.redhat.com/errata/RHSA-2018:2309
https://access.redhat.com/errata/RHSA-2018:2328
https://access.redhat.com/errata/RHSA-2018:2363
https://access.redhat.com/errata/RHSA-2018:2364
https://access.redhat.com/errata/RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2396
https://access.redhat.com/errata/RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:3396
https://access.redhat.com/errata/RHSA-2018:3397
https://access.redhat.com/errata/RHSA-2018:3398
https://access.redhat.com/errata/RHSA-2018:3399
https://access.redhat.com/errata/RHSA-2018:3400
https://access.redhat.com/errata/RHSA-2018:3401
https://access.redhat.com/errata/RHSA-2018:3402
https://access.redhat.com/errata/RHSA-2018:3407
https://access.redhat.com/errata/RHSA-2018:3423
https://access.redhat.com/errata/RHSA-2018:3424
https://access.redhat.com/errata/RHSA-2018:3425
https://access.redhat.com/errata/RHSA-2019:0148
https://access.redhat.com/errata/RHSA-2019:1046
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://nvidia.custhelp.com/app/answers/detail/a_id/4787
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004
https://security.netapp.com/advisory/ntap-20180521-0001/
https://support.citrix.com/article/CTX235225
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
https://usn.ubuntu.com/3651-1/
https://usn.ubuntu.com/3652-1/
https://usn.ubuntu.com/3653-1/
https://usn.ubuntu.com/3653-2/
https://usn.ubuntu.com/3654-1/
https://usn.ubuntu.com/3654-2/
https://usn.ubuntu.com/3655-1/
https://usn.ubuntu.com/3655-2/
https://usn.ubuntu.com/3679-1/
https://usn.ubuntu.com/3680-1/
https://usn.ubuntu.com/3756-1/
https://usn.ubuntu.com/3777-3/
https://www.debian.org/security/2018/dsa-4210
https://www.debian.org/security/2018/dsa-4273
https://www.exploit-db.com/exploits/44695/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.kb.cert.org/vuls/id/180049
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.synology.com/support/security/Synology_SA_18_23
https://www.us-cert.gov/ncas/alerts/TA18-141A

Related CVE
CVE-2019-3834
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader propertie...
CVE-2019-10212
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
CVE-2019-10202
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterX...
CVE-2019-14844
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the...
CVE-2019-14816
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14814
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wher...

Copyright 2019, cxsecurity.com

 

Back to Top