Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:180049
HistoryMay 21, 2018 - 12:00 a.m.

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

2018-05-2100:00:00
www.kb.cert.org
559

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.976 High

EPSS

Percentile

100.0%

JSON

Overview

CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as “Variant 3a” and “Variant 4”.

Description

Speculative execution is a technique used by many modern processors to improve performance by predicting which instructions may be executed based on past execution history. An attacker with local user access may be able to utilize sequences of speculative execution to perform a cache timing side-channel analysis.

CWE-208: Information Exposure Through Timing Discrepancy

CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as “Variant 4”

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may read an earlier value of the data. Subsequent speculative memory accesses cause allocations into the cache, which may allow a sequence of speculative loads to be used to perform timing side-channel attacks. In particular, if an attacker has control of a previously cached value, or the first store and load instructions are accesses onto the stack, an attacker may be able to control future speculative execution and access arbitrary privileged data by using less privileged code with timing side-channel analysis.

CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as “Variant 3a”

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may return a speculative register value that is then used in subsequent speculative load instructions. These subsequence speculative loads cause allocations into the cache that may allow a sequence of speculative loads to be used to perform timing side-channel attacks. An attacker with local user access may be able to use timing side-channel analysis to determine the values stored in system registers.

For more information and technical details, please see the original Project Zero bug report, Intel’s security advisory INTEL-SA-00115, AMD’s whitepaper, and ARM’s whitepaper.

These vulnerabilities have been noted in the media for their similarity to previously-disclosed vulnerabilities: CVE-2017-5753 (Variant 1, “Spectre”), CVE-2017-5715 (Variant 2, “Spectre”), CVE-2017-5754 (Variant 3, “Meltdown”). See VU#584653 for further information.

Impact

An attacker with local user access may be able to read arbitrary privileged data or system register values by utilizing cache timing side-channel analysis.

Solution

Update system software

Affected users should check with OEM and system software vendors and apply any available updates as soon as possible. Microcode updates and other system updates are expected to be available within the coming weeks. The Vendor Status links below provide further information.

Update your browser

Affected users should update to the latest version of any web browser in use. Most leading browser providers have recently deployed mitigations in their Managed Runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. These techniques would likewise increase the difficulty of exploiting a side channel in a browser based on SSB.

Vendor Information

180049

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

AMD __ Affected

Notified: May 04, 2018 Updated: May 23, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

AMD has released a whitepaper with further details.

Vendor References

Addendum

AMD was reported by researchers as having been affected: <https://bugs.chromium.org/p/project-zero/issues/detail?id=1528&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23180049 Feedback>).

ARM Limited Affected

Updated: June 14, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Apple __ Affected

Notified: May 04, 2018 Updated: June 05, 2018

Statement Date: June 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Apple’s statement for more information.

Vendor References

Cisco __ Affected

Notified: May 21, 2018 Updated: May 22, 2018

Statement Date: May 22, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please find more information at Cisco Security Advisory 20180521.

Vendor References

Dell __ Affected

Notified: May 21, 2018 Updated: May 21, 2018

Statement Date: May 21, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Dell EMC’s statement.

Vendor References

Dell EMC __ Affected

Notified: May 21, 2018 Updated: May 21, 2018

Statement Date: May 21, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Dell EMC’s statement.

Vendor References

Fortinet, Inc. __ Affected

Notified: May 21, 2018 Updated: May 24, 2018

Statement Date: May 23, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Fortinet’s advisory FG-IR-18-002 for more information.

Vendor References

HP Inc. __ Affected

Notified: May 21, 2018 Updated: May 24, 2018

Statement Date: May 24, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

HP has released an advisory with further details.

Vendor References

Hitachi __ Affected

Notified: May 21, 2018 Updated: June 05, 2018

Statement Date: June 02, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see more information at HIRT-PUB18001.

Vendor References

IBM, INC. __ Affected

Notified: May 21, 2018 Updated: May 21, 2018

Statement Date: May 21, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see IBM’s statement for more details.

Vendor References

Intel __ Affected

Notified: May 04, 2018 Updated: May 21, 2018

Statement Date: May 21, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

See Intel security advisory SA-00115 for more details.

Vendor References

Microsoft __ Affected

Notified: May 04, 2018 Updated: May 21, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Microsoft security advisories ADV180012 and ADV180013 for more details. Developers may also consult guidance.

Vendor References

QUALCOMM Incorporated Affected

Notified: May 21, 2018 Updated: May 21, 2018

Statement Date: May 21, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. __ Affected

Notified: May 04, 2018 Updated: May 22, 2018

Statement Date: May 22, 2018

Status

Affected

Vendor Statement

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

SUSE Linux __ Affected

Notified: May 21, 2018 Updated: May 22, 2018

Statement Date: May 22, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see SUSE support document 7022937 for more details.

Vendor References

Synology __ Affected

Notified: May 21, 2018 Updated: May 22, 2018

Statement Date: May 22, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Synology security advisory SA-18:23 for more information.

Vendor References

Ubuntu __ Affected

Notified: May 21, 2018 Updated: May 21, 2018

Statement Date: May 22, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see the Ubuntu Security Team KnowledgeBase article for more details.

Vendor References

VMware __ Affected

Notified: May 04, 2018 Updated: May 21, 2018

Statement Date: May 21, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see VMware Article 54951 for further details.

Vendor References

Amazon __ Not Affected

Notified: May 04, 2018 Updated: May 23, 2018

Statement Date: May 22, 2018

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Amazon’s statement for more details

Vendor References

ASP Linux Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Acer Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

AirWatch Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Alpine Linux Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Android Open Source Project Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Arch Linux Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Arista Networks, Inc. Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

AsusTek Computer Inc. Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Barnes and Noble Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

BlackBerry Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Blunk Microsystems Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CMX Systems Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CentOS Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Citrix Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Contiki OS Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CoreOS Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Cricket Wireless Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Debian GNU/Linux Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Dell SecureWorks Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

DesktopBSD Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

DragonFly BSD Project Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

ENEA Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Express Logic Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

F5 Networks, Inc. Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fedora Project Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

FreeBSD Project Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fujitsu Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

GIGABYTE Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Geexbox Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Gentoo Linux Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Google Unknown

Notified: May 04, 2018 Updated: May 04, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

HTC Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

HardenedBSD Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Hewlett Packard Enterprise Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

HomeSeer Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Huawei Technologies Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

IBM Corporation (zseries) Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

IBM Global Services Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

IBM eServer Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Illumos Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Joyent Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Juniper Networks Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Kyocera Communications Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

LG Electronics Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Lenovo Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Linux Kernel Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Lynx Software Technologies Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Micro Focus Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

MontaVista Software, Inc. Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Mozilla Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NEC Corporation Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NVIDIA Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NetBSD Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Nexenta Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Nokia Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OmniTI Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OpenBSD Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OpenIndiana Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Openwall GNU/*/Linux Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Oracle Corporation Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Pantech North America Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

QNX Software Systems Inc. Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Rocket RTOS Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Roku Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Samsung Mobile Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Slackware Linux Inc. Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

SonicWall Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Sony Corporation Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

The Open Group Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Tizen Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Toshiba America Information Systems, Inc. Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Trend Micro Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

TrueOS Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Turbolinux Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Unisys Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Xen Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Xiaomi Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Xilinx Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Zephyr Project Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

eCosCentric Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

m0n0wall Unknown

Notified: May 21, 2018 Updated: May 21, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

View all 100 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base 4.4 AV:L/AC:M/Au:S/C:C/I:N/A:N
Temporal 3.4 E:POC/RL:OF/RC:C
Environmental 3.4 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Intel would like to acknowledge and thank Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC) for independently reporting CVE-2018-3639.Intel would like to acknowledge and thank Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (https://sysgo.com) for reporting CVE-2018-3640. Intel would also like to acknowledge and thank Innokentiy Sennovskiy from BiZone LLC (bi.zone).

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2018-3639, CVE-2018-3640
Date Public: 2018-05-21 Date First Published:

Related

lenovo 4
ibm 30
suse 6
nessus 62
aix 2
openvas 25
checkpoint_advisories 1
hp 1
thn 3
qualysblog 5
threatpost 2
symantec 3
f5 1
ubuntu 6
vmware 2
redhat 19
virtuozzo 4
huawei 2
arista 1
paloalto 1
malwarebytes 1
centos 2
kitploit 1
cisco 1
cloudfoundry 1
nvidia 5
redhatcve 1
seebug 1
mageia 1
securelist 1
citrix 1
talosblog 1
oraclelinux 2
lenovo
lenovo
Speculative Execution Side Channel Variants 4 and 3a - US
2018-09-13 11:41:00
Reading Privileged Memory with a Side Channel - Lenovo Support US
2018-10-24 12:22:52
Reading Privileged Memory with a Side Channel - US
2018-10-24 12:22:52
ibm
ibm
Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.
2019-12-18 14:26:38
Security Bulletin: IBM has released updated AIX and VIOS fixes for CVE-2017-5715, known as Spectre, that are only applicable to some POWER9 systems.
2018-09-24 15:35:01
Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.
2021-09-15 12:53:48
suse
suse
Security update for xen (important)
2018-06-09 15:08:42
Security update for the Linux Kernel (important)
2018-01-16 21:08:19
Security update for the Linux Kernel (important)
2018-01-11 18:10:26
nessus
nessus
SUSE SLES12 Security Update : xen (SUSE-SU-2018:1699-1) (Meltdown) (Spectre)
2018-06-18 00:00:00
SUSE SLES11 Security Update : xen (SUSE-SU-2018:1603-1) (Meltdown) (Spectre)
2018-06-11 00:00:00
SUSE SLES12 Security Update : xen (SUSE-SU-2018:1658-1) (Meltdown) (Spectre)
2018-06-13 00:00:00
aix
aix
IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.,IBM has released VIOS and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.
2018-01-25 08:15:51
IBM has released updated AIX and VIOS fixes for CVE-2017-5715 known as Spectre that are only applicable to some POWER9 systems.,IBM has released updated VIOS and VIOS fixes for CVE-2017-5715 known as Spectre that are only applicable to some POWER9 systems.
2018-08-17 08:05:01
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:1699-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1658-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for xen (openSUSE-SU-2018:1623-1)
2018-10-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Meltdown/Spectre Multiple Browsers Speculative Execution (CVE-2017-5715; CVE-2017-5753; CVE-2017-5754; CVE-2018-3639)
2018-01-04 00:00:00
hp
hp
HPSBHF03573 rev. 15 - Side-Channel Analysis Method
2018-01-04 00:00:00
thn
thn
New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected
2018-05-22 08:27:00
[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks
2018-01-04 21:18:00
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
2018-01-03 19:34:00
qualysblog
qualysblog
Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack
2018-03-02 14:48:53
Meltdown/Spectre and Qualys Cloud Platform
2018-01-09 02:36:19
Processor Vulnerabilities – Meltdown and Spectre
2018-01-04 02:17:43
threatpost
threatpost
Experts Weigh In On Spectre Patch Challenges
2018-01-07 23:21:34
Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
2018-01-04 13:01:52
symantec
symantec
Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03 00:00:00
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks
2018-01-08 08:00:00
Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-01-03 00:00:00
f5
f5
Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
2018-01-04 04:46:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-01-23 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-01-23 00:00:00
Linux kernel vulnerabilities
2018-01-23 00:00:00
vmware
vmware
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
redhat
redhat
(RHSA-2018:0496) Important: kernel security and bug fix update
2018-03-13 14:14:17
(RHSA-2018:0182) Important: kernel security and bug fix update
2018-01-25 11:23:54
(RHSA-2018:0047) Important: redhat-virtualization-host security update
2018-01-05 15:36:05
virtuozzo
virtuozzo
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2, Virtuozzo 6.0 Update 12 Hotfix 20 (6.0.12-3690)
2018-01-06 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 3.10.0-693.11.6.vz7.40.4, Virtuozzo 7.0 Update 6 Hotfix 3 (7.0.6-710)
2018-01-08 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-01-06 00:00:00
huawei
huawei
Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'
2018-01-06 00:00:00
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
2018-06-06 00:00:00
arista
arista
Security Advisory 0031
2018-01-03 00:00:00
paloalto
paloalto
Information about Meltdown and Spectre findings
2018-01-04 00:00:00
malwarebytes
malwarebytes
Meltdown and Spectre fallout: patching problems persist
2018-01-11 14:00:00
centos
centos
kernel, perf, python security update
2018-01-04 19:46:26
kernel, perf, python security update
2018-01-04 11:36:27
kitploit
kitploit
Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux
2018-01-08 12:43:00
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities
2018-01-04 22:20:00
cloudfoundry
cloudfoundry
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-01-23 00:00:00
nvidia
nvidia
Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-09 00:00:00
Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-04 00:00:00
Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-05 00:00:00
redhatcve
redhatcve
CVE-2017-5715
2021-07-20 18:54:09
seebug
seebug
Reading privileged memory with a side-channel (Meltdown & Spectre)
2018-01-04 00:00:00
mageia
mageia
Updated nvidia-current packages mitigates security issues
2018-01-13 17:28:36
securelist
securelist
IT threat evolution Q1 2018
2018-05-14 10:00:08
citrix
citrix
Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
2018-01-03 04:00:00
talosblog
talosblog
Meltdown and Spectre
2018-01-08 09:16:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-01-19 00:00:00
kernel security update
2018-01-04 00:00:00

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.976 High

EPSS

Percentile

100.0%

JSON
Related for VU:180049
lenovo4ibm30suse6nessus62aix2openvas25checkpoint_advisories1hp1thn3qualysblog5threatpost2symantec3f51ubuntu6vmware2redhat19virtuozzo4huawei2arista1paloalto1malwarebytes1centos2kitploit1cisco1cloudfoundry1nvidia5redhatcve1seebug1mageia1securelist1citrix1talosblog1oraclelinux2