CVE-2018-3639

Public Exploit

Description

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2018:1689	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2162	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1641	third party advisory vendor advisory
https://usn.ubuntu.com/3680-1/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1997	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1665	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3407	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2164	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2001	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3423	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2003	third party advisory vendor advisory
https://usn.ubuntu.com/3654-1/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1645	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1643	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1652	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3424	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3402	third party advisory vendor advisory
https://www.us-cert.gov/ncas/alerts/TA18-141A	third party advisory us government resource
https://access.redhat.com/errata/RHSA-2018:1656	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1664	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2258	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1688	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1658	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1657	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2289	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1666	third party advisory vendor advisory
http://www.securitytracker.com/id/1042004	third party advisory vdb entry
https://access.redhat.com/errata/RHSA-2018:1675	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1660	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1965	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1661	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1633	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1636	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1854	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2006	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2250	third party advisory vendor advisory
http://www.securitytracker.com/id/1040949	third party advisory vdb entry
https://access.redhat.com/errata/RHSA-2018:3401	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1737	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1826	third party advisory vendor advisory
https://usn.ubuntu.com/3651-1/	third party advisory vendor advisory
https://www.debian.org/security/2018/dsa-4210	third party advisory vendor advisory
https://www.exploit-db.com/exploits/44695/	third party advisory vdb entry exploit
https://access.redhat.com/errata/RHSA-2018:1651	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1638	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1696	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2246	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1644	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1646	third party advisory vendor advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	third party advisory mailing list
https://access.redhat.com/errata/RHSA-2018:1639	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1668	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1637	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2948	third party advisory vendor advisory
https://www.kb.cert.org/vuls/id/180049	third party advisory us government resource
https://access.redhat.com/errata/RHSA-2018:1686	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2172	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1663	third party advisory vendor advisory
https://usn.ubuntu.com/3652-1/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1629	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1655	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1640	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1669	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1676	third party advisory vendor advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3425	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2363	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1632	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1650	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2396	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2364	third party advisory vendor advisory
https://usn.ubuntu.com/3653-2/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2216	third party advisory vendor advisory
https://usn.ubuntu.com/3655-1/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1649	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2309	third party advisory vendor advisory
http://www.securityfocus.com/bid/104232	third party advisory vdb entry
https://access.redhat.com/errata/RHSA-2018:1653	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2171	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1635	third party advisory vendor advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	third party advisory mailing list
https://access.redhat.com/errata/RHSA-2018:2394	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1710	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1659	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1711	third party advisory vendor advisory
https://www.debian.org/security/2018/dsa-4273	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1738	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1674	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3396	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1667	third party advisory vendor advisory
https://usn.ubuntu.com/3654-2/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1662	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1630	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1647	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1967	third party advisory vendor advisory
https://usn.ubuntu.com/3655-2/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3399	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2060	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1690	third party advisory vendor advisory
https://usn.ubuntu.com/3653-1/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2161	third party advisory vendor advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html	third party advisory mailing list
https://access.redhat.com/errata/RHSA-2018:2328	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1648	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2387	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:0148	vendor advisory broken link
https://access.redhat.com/errata/RHSA-2018:1654	third party advisory vendor advisory
https://usn.ubuntu.com/3679-1/	third party advisory vendor advisory
https://usn.ubuntu.com/3777-3/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:1642	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3397	third party advisory vendor advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	third party advisory mailing list
https://usn.ubuntu.com/3756-1/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3398	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:3400	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2018:2228	third party advisory vendor advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html	third party advisory mailing list
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html	third party advisory mailing list
https://access.redhat.com/errata/RHSA-2019:1046	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html	vendor advisory broken link
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html	vendor advisory broken link
https://seclists.org/bugtraq/2019/Jun/36	mailing list third party advisory issue tracking
http://www.openwall.com/lists/oss-security/2020/06/10/1	third party advisory mailing list
http://www.openwall.com/lists/oss-security/2020/06/10/2	third party advisory mailing list
http://www.openwall.com/lists/oss-security/2020/06/10/5	third party advisory mailing list
https://www.oracle.com/security-alerts/cpujul2020.html	third party advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	third party advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	third party advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	third party advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf	third party advisory
http://support.lenovo.com/us/en/solutions/LEN-22133	third party advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004	third party advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012	patch vendor advisory third party advisory
https://support.citrix.com/article/CTX235225	third party advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html	third party advisory
https://www.synology.com/support/security/Synology_SA_18_23	third party advisory
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	third party advisory
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html	third party advisory
http://xenbits.xen.org/xsa/advisory-263.html	third party advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf	third party advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006	third party advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us	third party advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528	patch exploit third party advisory issue tracking
https://security.netapp.com/advisory/ntap-20180521-0001/	third party advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4787	third party advisory
https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html	third party advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html	vendor advisory broken link

Frequently Asked Questions

What is the severity of CVE-2018-3639?: CVE-2018-3639 has been scored as a medium severity vulnerability.
How to fix CVE-2018-3639?: To fix CVE-2018-3639, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-3639 being actively exploited in the wild?: It is possible that CVE-2018-3639 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~47% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-3639?: CVE-2018-3639 affects Intel Corporation Multiple.

Description

Category

CWE-203 – Observable Discrepancy

References

Frequently Asked Questions