AttackerKBAKB:64124DE0-CCEB-4AC1-91D9-5E1834B667F5CVE-2018-3639
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
65.2%
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
References
lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
support.lenovo.com/us/en/solutions/LEN-22133
www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
www.openwall.com/lists/oss-security/2020/06/10/1
www.openwall.com/lists/oss-security/2020/06/10/2
www.openwall.com/lists/oss-security/2020/06/10/5
www.securityfocus.com/bid/104232
www.securitytracker.com/id/1040949
www.securitytracker.com/id/1042004
xenbits.xen.org/xsa/advisory-263.html
access.redhat.com/errata/RHSA-2018:1629
access.redhat.com/errata/RHSA-2018:1630
access.redhat.com/errata/RHSA-2018:1632
access.redhat.com/errata/RHSA-2018:1633
access.redhat.com/errata/RHSA-2018:1635
access.redhat.com/errata/RHSA-2018:1636
access.redhat.com/errata/RHSA-2018:1637
access.redhat.com/errata/RHSA-2018:1638
access.redhat.com/errata/RHSA-2018:1639
access.redhat.com/errata/RHSA-2018:1640
access.redhat.com/errata/RHSA-2018:1641
access.redhat.com/errata/RHSA-2018:1642
access.redhat.com/errata/RHSA-2018:1643
access.redhat.com/errata/RHSA-2018:1644
access.redhat.com/errata/RHSA-2018:1645
access.redhat.com/errata/RHSA-2018:1646
access.redhat.com/errata/RHSA-2018:1647
access.redhat.com/errata/RHSA-2018:1648
access.redhat.com/errata/RHSA-2018:1649
access.redhat.com/errata/RHSA-2018:1650
access.redhat.com/errata/RHSA-2018:1651
access.redhat.com/errata/RHSA-2018:1652
access.redhat.com/errata/RHSA-2018:1653
access.redhat.com/errata/RHSA-2018:1654
access.redhat.com/errata/RHSA-2018:1655
access.redhat.com/errata/RHSA-2018:1656
access.redhat.com/errata/RHSA-2018:1657
access.redhat.com/errata/RHSA-2018:1658
access.redhat.com/errata/RHSA-2018:1659
access.redhat.com/errata/RHSA-2018:1660
access.redhat.com/errata/RHSA-2018:1661
access.redhat.com/errata/RHSA-2018:1662
access.redhat.com/errata/RHSA-2018:1663
access.redhat.com/errata/RHSA-2018:1664
access.redhat.com/errata/RHSA-2018:1665
access.redhat.com/errata/RHSA-2018:1666
access.redhat.com/errata/RHSA-2018:1667
access.redhat.com/errata/RHSA-2018:1668
access.redhat.com/errata/RHSA-2018:1669
access.redhat.com/errata/RHSA-2018:1674
access.redhat.com/errata/RHSA-2018:1675
access.redhat.com/errata/RHSA-2018:1676
access.redhat.com/errata/RHSA-2018:1686
access.redhat.com/errata/RHSA-2018:1688
access.redhat.com/errata/RHSA-2018:1689
access.redhat.com/errata/RHSA-2018:1690
access.redhat.com/errata/RHSA-2018:1696
access.redhat.com/errata/RHSA-2018:1710
access.redhat.com/errata/RHSA-2018:1711
access.redhat.com/errata/RHSA-2018:1737
access.redhat.com/errata/RHSA-2018:1738
access.redhat.com/errata/RHSA-2018:1826
access.redhat.com/errata/RHSA-2018:1854
access.redhat.com/errata/RHSA-2018:1965
access.redhat.com/errata/RHSA-2018:1967
access.redhat.com/errata/RHSA-2018:1997
access.redhat.com/errata/RHSA-2018:2001
access.redhat.com/errata/RHSA-2018:2003
access.redhat.com/errata/RHSA-2018:2006
access.redhat.com/errata/RHSA-2018:2060
access.redhat.com/errata/RHSA-2018:2161
access.redhat.com/errata/RHSA-2018:2162
access.redhat.com/errata/RHSA-2018:2164
access.redhat.com/errata/RHSA-2018:2171
access.redhat.com/errata/RHSA-2018:2172
access.redhat.com/errata/RHSA-2018:2216
access.redhat.com/errata/RHSA-2018:2228
access.redhat.com/errata/RHSA-2018:2246
access.redhat.com/errata/RHSA-2018:2250
access.redhat.com/errata/RHSA-2018:2258
access.redhat.com/errata/RHSA-2018:2289
access.redhat.com/errata/RHSA-2018:2309
access.redhat.com/errata/RHSA-2018:2328
access.redhat.com/errata/RHSA-2018:2363
access.redhat.com/errata/RHSA-2018:2364
access.redhat.com/errata/RHSA-2018:2387
access.redhat.com/errata/RHSA-2018:2394
access.redhat.com/errata/RHSA-2018:2396
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/errata/RHSA-2018:3396
access.redhat.com/errata/RHSA-2018:3397
access.redhat.com/errata/RHSA-2018:3398
access.redhat.com/errata/RHSA-2018:3399
access.redhat.com/errata/RHSA-2018:3400
access.redhat.com/errata/RHSA-2018:3401
access.redhat.com/errata/RHSA-2018:3402
access.redhat.com/errata/RHSA-2018:3407
access.redhat.com/errata/RHSA-2018:3423
access.redhat.com/errata/RHSA-2018:3424
access.redhat.com/errata/RHSA-2018:3425
access.redhat.com/errata/RHSA-2019:0148
access.redhat.com/errata/RHSA-2019:1046
bugs.chromium.org/p/project-zero/issues/detail?id=1528
cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
lists.debian.org/debian-lts-announce/2018/07/msg00020.html
lists.debian.org/debian-lts-announce/2018/07/msg00038.html
lists.debian.org/debian-lts-announce/2018/09/msg00017.html
lists.debian.org/debian-lts-announce/2019/03/msg00017.html
lists.debian.org/debian-lts-announce/2019/03/msg00034.html
lists.debian.org/debian-lts-announce/2019/04/msg00004.html
nvidia.custhelp.com/app/answers/detail/a_id/4787
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004
seclists.org/bugtraq/2019/Jun/36
security.netapp.com/advisory/ntap-20180521-0001
support.citrix.com/article/CTX235225
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
usn.ubuntu.com/3651-1
usn.ubuntu.com/3652-1
usn.ubuntu.com/3653-1
usn.ubuntu.com/3653-2
usn.ubuntu.com/3654-1
usn.ubuntu.com/3654-2
usn.ubuntu.com/3655-1
usn.ubuntu.com/3655-2
usn.ubuntu.com/3679-1
usn.ubuntu.com/3680-1
usn.ubuntu.com/3756-1
usn.ubuntu.com/3777-3
www.debian.org/security/2018/dsa-4210
www.debian.org/security/2018/dsa-4273
www.exploit-db.com/exploits/44695
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
www.kb.cert.org/vuls/id/180049
www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
www.synology.com/support/security/Synology_SA_18_23
www.us-cert.gov/ncas/alerts/TA18-141A
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
65.2%