5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.976 High
EPSS
Percentile
100.0%
CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as “Variant 3a” and “Variant 4”.
Speculative execution is a technique used by many modern processors to improve performance by predicting which instructions may be executed based on past execution history. An attacker with local user access may be able to utilize sequences of speculative execution to perform a cache timing side-channel analysis.
CWE-208: Information Exposure Through Timing Discrepancy
CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as “Variant 4”
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may read an earlier value of the data. Subsequent speculative memory accesses cause allocations into the cache, which may allow a sequence of speculative loads to be used to perform timing side-channel attacks. In particular, if an attacker has control of a previously cached value, or the first store and load instructions are accesses onto the stack, an attacker may be able to control future speculative execution and access arbitrary privileged data by using less privileged code with timing side-channel analysis.
CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as “Variant 3a”
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may return a speculative register value that is then used in subsequent speculative load instructions. These subsequence speculative loads cause allocations into the cache that may allow a sequence of speculative loads to be used to perform timing side-channel attacks. An attacker with local user access may be able to use timing side-channel analysis to determine the values stored in system registers.
For more information and technical details, please see the original Project Zero bug report, Intel’s security advisory INTEL-SA-00115, AMD’s whitepaper, and ARM’s whitepaper.
These vulnerabilities have been noted in the media for their similarity to previously-disclosed vulnerabilities: CVE-2017-5753 (Variant 1, “Spectre”), CVE-2017-5715 (Variant 2, “Spectre”), CVE-2017-5754 (Variant 3, “Meltdown”). See VU#584653 for further information.
An attacker with local user access may be able to read arbitrary privileged data or system register values by utilizing cache timing side-channel analysis.
Update system software
Affected users should check with OEM and system software vendors and apply any available updates as soon as possible. Microcode updates and other system updates are expected to be available within the coming weeks. The Vendor Status links below provide further information.
Update your browser
Affected users should update to the latest version of any web browser in use. Most leading browser providers have recently deployed mitigations in their Managed Runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. These techniques would likewise increase the difficulty of exploiting a side channel in a browser based on SSB.
180049
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 04, 2018 Updated: May 23, 2018
Affected
We have not received a statement from the vendor.
AMD has released a whitepaper with further details.
AMD was reported by researchers as having been affected: <https://bugs.chromium.org/p/project-zero/issues/detail?id=1528>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23180049 Feedback>).
Updated: June 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 04, 2018 Updated: June 05, 2018
Statement Date: June 01, 2018
Affected
We have not received a statement from the vendor.
Please see Apple’s statement for more information.
Notified: May 21, 2018 Updated: May 22, 2018
Statement Date: May 22, 2018
Affected
We have not received a statement from the vendor.
Please find more information at Cisco Security Advisory 20180521.
Notified: May 21, 2018 Updated: May 21, 2018
Statement Date: May 21, 2018
Affected
We have not received a statement from the vendor.
Please see Dell EMC’s statement.
Notified: May 21, 2018 Updated: May 21, 2018
Statement Date: May 21, 2018
Affected
We have not received a statement from the vendor.
Please see Dell EMC’s statement.
Notified: May 21, 2018 Updated: May 24, 2018
Statement Date: May 23, 2018
Affected
We have not received a statement from the vendor.
Please see Fortinet’s advisory FG-IR-18-002 for more information.
Notified: May 21, 2018 Updated: May 24, 2018
Statement Date: May 24, 2018
Affected
We have not received a statement from the vendor.
HP has released an advisory with further details.
Notified: May 21, 2018 Updated: June 05, 2018
Statement Date: June 02, 2018
Affected
We have not received a statement from the vendor.
Please see more information at
HIRT-PUB18001
.
Notified: May 21, 2018 Updated: May 21, 2018
Statement Date: May 21, 2018
Affected
We have not received a statement from the vendor.
Please see IBM’s statement for more details.
Notified: May 04, 2018 Updated: May 21, 2018
Statement Date: May 21, 2018
Affected
We have not received a statement from the vendor.
See Intel security advisory SA-00115 for more details.
Notified: May 04, 2018 Updated: May 21, 2018
Affected
We have not received a statement from the vendor.
Please see Microsoft security advisories ADV180012 and ADV180013 for more details. Developers may also consult guidance.
Notified: May 21, 2018 Updated: May 21, 2018
Statement Date: May 21, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 04, 2018 Updated: May 22, 2018
Statement Date: May 22, 2018
Affected
Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article:
https://access.redhat.com/security/vulnerabilities/ssbd
We are not aware of further vendor information regarding this vulnerability.
Notified: May 21, 2018 Updated: May 22, 2018
Statement Date: May 22, 2018
Affected
We have not received a statement from the vendor.
Please see SUSE support document 7022937 for more details.
Notified: May 21, 2018 Updated: May 22, 2018
Statement Date: May 22, 2018
Affected
We have not received a statement from the vendor.
Please see Synology security advisory SA-18:23 for more information.
Notified: May 21, 2018 Updated: May 21, 2018
Statement Date: May 22, 2018
Affected
We have not received a statement from the vendor.
Please see the Ubuntu Security Team KnowledgeBase article for more details.
Notified: May 04, 2018 Updated: May 21, 2018
Statement Date: May 21, 2018
Affected
We have not received a statement from the vendor.
Please see VMware Article 54951 for further details.
Notified: May 04, 2018 Updated: May 23, 2018
Statement Date: May 22, 2018
Not Affected
We have not received a statement from the vendor.
Please see Amazon’s statement for more details
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 04, 2018 Updated: May 04, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 21, 2018 Updated: May 21, 2018
Unknown
We have not received a statement from the vendor.
View all 100 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 4.4 | AV:L/AC:M/Au:S/C:C/I:N/A:N |
Temporal | 3.4 | E:POC/RL:OF/RC:C |
Environmental | 3.4 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Intel would like to acknowledge and thank Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC) for independently reporting CVE-2018-3639.Intel would like to acknowledge and thank Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (https://sysgo.com) for reporting CVE-2018-3640. Intel would also like to acknowledge and thank Innokentiy Sennovskiy from BiZone LLC (bi.zone).
This document was written by Garret Wassermann.
CVE IDs: | CVE-2018-3639, CVE-2018-3640 |
---|---|
Date Public: | 2018-05-21 Date First Published: |
cwe.mitre.org/data/definitions/208.html
bugs.chromium.org/p/project-zero/issues/detail?id=1528
developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf
software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
support.apple.com//HT208394
vuls.cert.org/confluence/display/Wiki/Vulnerabilities+Associated+with+CPU+Speculative+Execution
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
www.kb.cert.org/vuls/id/584653
www.us-cert.gov/ncas/alerts/TA18-141A
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.976 High
EPSS
Percentile
100.0%