5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
65.2%
Debian Security Advisory DSA-4273-2 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
Package : intel-microcode
CVE ID : CVE-2018-3639 CVE-2018-3640
This update ships updated CPU microcode for additional models of Intel
CPUs which were not yet covered by the Intel microcode update released
as DSA-4273-1 (and thus provides SSBD support (needed to address
"Spectre v4") and fixes for "Spectre v3a")).
For the stable distribution (stretch), these problems have been fixed in
version 3.20180807a.1~deb9u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | i386 | intel-microcode | < 3.20180703.2~deb8u1 | intel-microcode_3.20180703.2~deb8u1_i386.deb |
Debian | 9 | amd64 | intel-microcode | < 3.20180807a.1~deb9u1 | intel-microcode_3.20180807a.1~deb9u1_amd64.deb |
Debian | 9 | i386 | intel-microcode | < 3.20180807a.1~deb9u1 | intel-microcode_3.20180807a.1~deb9u1_i386.deb |
Debian | 8 | amd64 | intel-microcode | < 3.20180703.2~deb8u1 | intel-microcode_3.20180703.2~deb8u1_amd64.deb |
Debian | 9 | all | intel-microcode | < 3.20180807a.1~deb9u1 | intel-microcode_3.20180807a.1~deb9u1_all.deb |
Debian | 8 | all | intel-microcode | < 3.20180703.2~deb8u1 | intel-microcode_3.20180703.2~deb8u1_all.deb |
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
65.2%