Home > Vulnerability Database > CVE-2018-3639

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2018-3639

Date: May 22, 2018

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Severity Score

5.5

Related Resources (150)

Url: https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

Url: https://access.redhat.com/errata/RHSA-2018:1648

Url: https://access.redhat.com/errata/RHSA-2018:1649

Url: https://access.redhat.com/errata/RHSA-2018:1646

Url: https://www.exploit-db.com/exploits/44695/

Url: https://access.redhat.com/errata/RHSA-2018:1647

Url: https://access.redhat.com/errata/RHSA-2018:1644

Url: https://access.redhat.com/errata/RHSA-2018:2216

Url: https://access.redhat.com/errata/RHSA-2018:1645

Url: https://www.synology.com/support/security/Synology_SA_18_23

Url: https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html

Url: https://usn.ubuntu.com/3777-3/

Url: https://access.redhat.com/errata/RHSA-2018:2060

Url: https://usn.ubuntu.com/3654-1/

Url: https://access.redhat.com/errata/RHSA-2018:1653

Url: https://access.redhat.com/errata/RHSA-2018:1654

Url: https://access.redhat.com/errata/RHSA-2018:1651

Url: https://access.redhat.com/errata/RHSA-2018:1652

Url: https://access.redhat.com/errata/RHSA-2018:3399

Url: https://access.redhat.com/errata/RHSA-2018:1650

Url: https://access.redhat.com/errata/RHSA-2018:3398

Url: https://access.redhat.com/errata/RHSA-2018:3397

Url: https://access.redhat.com/errata/RHSA-2018:3396

Url: https://access.redhat.com/errata/RHSA-2018:1639

Url: https://access.redhat.com/errata/RHSA-2018:1637

Url: http://www.openwall.com/lists/oss-security/2020/06/10/1

Url: http://www.securityfocus.com/bid/104232

Url: https://access.redhat.com/errata/RHSA-2018:1638

Url: https://access.redhat.com/errata/RHSA-2018:1635

Url: https://access.redhat.com/errata/RHSA-2018:2328

Url: https://access.redhat.com/errata/RHSA-2018:1636

Url: https://access.redhat.com/errata/RHSA-2018:1633

Url: https://security.netapp.com/advisory/ntap-20180521-0001/

Url: https://access.redhat.com/errata/RHSA-2018:1997

Url: https://usn.ubuntu.com/3651-1/

Url: https://access.redhat.com/errata/RHSA-2018:2171

Url: https://access.redhat.com/errata/RHSA-2018:2172

Url: https://access.redhat.com/errata/RHSA-2018:1642

Url: https://access.redhat.com/errata/RHSA-2018:3425

Url: https://access.redhat.com/security/cve/CVE-2018-3639

Url: https://access.redhat.com/errata/RHSA-2018:1643

Url: https://access.redhat.com/errata/RHSA-2018:3424

Url: https://access.redhat.com/errata/RHSA-2018:1640

Url: https://access.redhat.com/errata/RHSA-2018:3423

Url: https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Url: https://access.redhat.com/errata/RHSA-2018:1641

Url: http://www.openwall.com/lists/oss-security/2020/06/10/2

Url: https://support.citrix.com/article/CTX235225

Url: http://www.openwall.com/lists/oss-security/2020/06/10/5

Url: https://access.redhat.com/errata/RHSA-2018:1826

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-3639

Url: https://access.redhat.com/errata/RHSA-2018:1668

Url: https://access.redhat.com/errata/RHSA-2019:0148

Url: https://access.redhat.com/errata/RHSA-2018:1669

Url: https://access.redhat.com/errata/RHSA-2018:1666

Url: https://access.redhat.com/errata/RHSA-2018:1667

Url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel

Url: https://www.kb.cert.org/vuls/id/180049

Url: https://usn.ubuntu.com/3652-1/

Url: http://www.securitytracker.com/id/1042004

Url: https://access.redhat.com/errata/RHSA-2018:1675

Url: https://access.redhat.com/errata/RHSA-2018:1676

Url: https://access.redhat.com/errata/RHSA-2018:2006

Url: https://access.redhat.com/errata/RHSA-2018:2003

Url: https://access.redhat.com/errata/RHSA-2018:1674

Url: https://access.redhat.com/errata/RHSA-2018:2246

Url: https://access.redhat.com/errata/RHSA-2018:2364

Url: https://access.redhat.com/errata/RHSA-2018:2001

Url: https://access.redhat.com/errata/RHSA-2018:2363

Url: https://access.redhat.com/errata/RHSA-2018:1659

Url: https://access.redhat.com/errata/RHSA-2018:1657

Url: https://access.redhat.com/errata/RHSA-2018:1658

Url: https://access.redhat.com/errata/RHSA-2018:1655

Url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012

Url: https://access.redhat.com/errata/RHSA-2018:1656

Url: https://access.redhat.com/errata/RHSA-2018:2228

Url: http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html

Url: https://www.debian.org/security/2018/dsa-4210

Url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us

Url: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

Url: https://usn.ubuntu.com/3680-1/

Url: https://usn.ubuntu.com/3654-2/

Url: https://access.redhat.com/errata/RHSA-2018:1664

Url: https://access.redhat.com/errata/RHSA-2018:1665

Url: https://access.redhat.com/errata/RHSA-2018:1662

Url: https://access.redhat.com/errata/RHSA-2018:1663

Url: https://access.redhat.com/errata/RHSA-2018:1660

Url: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html

Url: https://access.redhat.com/errata/RHSA-2018:1661

Url: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Url: https://access.redhat.com/errata/RHSA-2018:1967

Url: https://access.redhat.com/errata/RHSA-2018:1965

Url: http://xenbits.xen.org/xsa/advisory-263.html

Url: https://access.redhat.com/errata/RHSA-2018:1688

Url: https://access.redhat.com/errata/RHSA-2018:1689

Url: https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006

Url: https://access.redhat.com/errata/RHSA-2018:1690

Url: https://usn.ubuntu.com/3756-1/

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf

Url: https://www.oracle.com/security-alerts/cpujul2020.html

Url: https://access.redhat.com/errata/RHSA-2018:1696

Url: https://access.redhat.com/errata/RHSA-2018:2387

Url: https://access.redhat.com/errata/RHSA-2018:1710

Url: https://www.us-cert.gov/ncas/alerts/TA18-141A

Url: https://access.redhat.com/errata/RHSA-2018:1711

Url: https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html

Url: https://usn.ubuntu.com/3655-2/

Url: https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html

Url: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Url: https://usn.ubuntu.com/3679-1/

Url: https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Url: https://access.redhat.com/errata/RHSA-2018:2250

Url: https://seclists.org/bugtraq/2019/Jun/36

Url: https://www.debian.org/security/2018/dsa-4273

Url: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

Url: http://support.lenovo.com/us/en/solutions/LEN-22133

Url: https://usn.ubuntu.com/3655-1/

Url: https://access.redhat.com/errata/RHSA-2018:1686

Url: https://access.redhat.com/errata/RHSA-2018:2258

Url: https://access.redhat.com/errata/RHSA-2018:1629

Url: https://access.redhat.com/errata/RHSA-2018:3407

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

Url: https://access.redhat.com/errata/RHSA-2018:2162

Url: https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Url: https://access.redhat.com/errata/RHSA-2018:2161

Url: https://nvidia.custhelp.com/app/answers/detail/a_id/4787

Url: https://usn.ubuntu.com/3653-2/

Url: https://access.redhat.com/errata/RHSA-2018:1632

Url: https://access.redhat.com/errata/RHSA-2018:2289

Url: http://www.securitytracker.com/id/1040949

Url: https://access.redhat.com/errata/RHSA-2018:1630

Url: https://access.redhat.com/errata/RHSA-2018:2164

Url: https://access.redhat.com/errata/RHSA-2018:1738

Url: https://access.redhat.com/errata/RHSA-2018:2948

Url: https://access.redhat.com/errata/RHSA-2019:1046

Url: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004

Url: https://access.redhat.com/errata/RHSA-2018:1737

Url: https://access.redhat.com/errata/RHSA-2018:2309

Url: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

Url: https://access.redhat.com/errata/RHSA-2018:1854

Url: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

Url: https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

Url: https://access.redhat.com/errata/RHSA-2018:2394

Url: https://usn.ubuntu.com/3653-1/

Url: https://access.redhat.com/errata/RHSA-2018:3402

Url: https://access.redhat.com/errata/RHSA-2018:3401

Url: https://access.redhat.com/errata/RHSA-2018:3400

Url: https://access.redhat.com/errata/RHSA-2018:2396

Url: https://www.mend.io/vulnerability-database/CVE-2018-3639

Severity Score

5.5

Weakness Type (CWE)

Observable Discrepancy

CWE-203

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us