Unauthorized exposure of privileged data from memory.
Source: HP, HP Product Security Response Team (PSRT)
Reported By:
CVE-2018-3639: Google Project Zero (GPZ) Microsoft Security Response Center (MSRC)
CVE-2018-3640: Researchers from SYSGO AG and BiZone LLC
Derivatives of speculative execution side-channel analysis methods publicly disclosed in January 2018 can be exploited to facilitate the unauthorized exposure of privileged data from memory.
More information is available at the following links:
Intel’s Security Advisory__ (in English)
AMD’s Security Advisory__ (in English)
Microsoft’s Security Advisory:
ADV180012 | Microsoft Guidance for Speculative Store Bypass__ (in English) for CVE-2018-3639
ADV180013 | Microsoft Guidance for Rogue System Register Read__ (in English) for CVE-2018-3640
HP’s Security Bulletin - HPSBHF03573 - Side-Channel Analysis Method
HP is working with processor vendors for mitigation of this issue. This bulletin will be updated; check back frequently for updates to this section and other sections. HP is identifying affected platforms and target dates for Softpaqs. See the current list below.