Lucene search
Ubuntu.comUB:CVE-2018-3693HistoryJul 10, 2018 - 12:00 a.m.
CVE-2018-3693
2018-07-1000:00:00
ubuntu.com
ubuntu.com
22
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
9.6%
Systems with microprocessors utilizing speculative execution and branch
prediction may allow unauthorized disclosure of information to an attacker
with local user access via a speculative buffer overflow and side-channel
analysis.
Bugs
Notes
| Author | Note |
|---|---|
| tyhicks | Also known as “Bounds Check Bypass Store” This issue is mitigated using the same techniques as CVE-2017-5753. Ubuntu and the rest of the Linux kernel community will continue to monitor for vulnerable instances in the kernel and insert speculation barriers, as needed. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 17.10 | noarch | intel-microcode | < 3.20180312.0~ubuntu17.10.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | intel-microcode | < 3.20180312.0~ubuntu18.04.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | intel-microcode | < 3.20180312.0~ubuntu14.04.1 | UNKNOWN |
| ubuntu | 16.04 | noarch | intel-microcode | < 3.20180312.0~ubuntu16.04.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | < 3.13.0-157.207 | UNKNOWN |
| ubuntu | 16.04 | noarch | linux | < 4.4.0-112.135 | UNKNOWN |
| ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1011.11 | UNKNOWN |
| ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1049.58 | UNKNOWN |
| ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1013.13~16.04.2 | UNKNOWN |
| ubuntu | 16.04 | noarch | linux-euclid | < 4.4.0-9023.24 | UNKNOWN |
Related
thn
thn
Two New Spectre-Class CPU Flaws Discovered—Intel Pays $100K Bounty
2018-07-11 11:38:00
NetSpectre — New Remote Spectre Attack Steals Data Over the Network
2018-07-27 08:31:00
New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection
2021-09-13 07:54:00
threatpost
threatpost
Fresh Spectre Variants Come to Light
2018-07-11 17:48:27
Apple Releases Spectre Patches for Safari, macOS and iOS
2018-01-08 16:57:57
Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
2018-01-04 13:01:52
nessus
nessus
F5 Networks BIG-IP : Side-channel processor vulnerability (K54252492)
2019-05-29 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : NVIDIA graphics drivers vulnerability (USN-3521-1)
2018-01-10 00:00:00
Oracle Solaris Critical Patch Update : apr2018_SRU11_3_31_6_0 (Spectre)
2018-04-20 00:00:00
veracode
veracode
Privilege Escalation
2019-05-16 03:11:25
cve
cve
prion
prion
Buffer overflow
2018-07-10 21:29:00
Information disclosure
2018-01-04 13:29:00
redhatcve
redhatcve
debiancve
debiancve
CVE-2018-3693
2018-07-10 21:29:00
CVE-2017-5753
2018-01-04 13:29:00
f5
f5
K54252492 : Side-channel processor vulnerability CVE-2018-3693
2018-08-22 00:00:00
K58304450 : Multiple Intel Processor vulnerabilities: Spectre-NG
2018-05-30 00:00:00
mscve
mscve
Guidance to mitigate speculative execution side-channel vulnerabilities
2018-01-03 08:00:00
suse
suse
Security update for spectre-meltdown-checker (moderate)
2021-08-27 00:00:00
Security update for spectre-meltdown-checker (moderate)
2021-08-31 00:00:00
Security update for the Linux Kernel (important)
2018-01-22 15:08:49
canvas
canvas
Immunity Canvas: SPECTRE_FILE_LEAK
2018-01-04 13:29:00
Immunity Canvas: SPECTRE_SAM_LEAK
2018-01-04 13:29:00
ubuntucve
ubuntucve
CVE-2017-5753
2018-01-03 00:00:00
ubuntu
ubuntu
NVIDIA graphics drivers vulnerability
2018-01-09 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2018-01-23 00:00:00
Linux kernel (KVM) vulnerabilities
2018-01-29 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:2861-1)
2021-08-29 00:00:00
ibm
ibm
alpinelinux
alpinelinux
CVE-2017-5753
2018-01-04 13:29:00
osv
osv
CVE-2017-5753
2018-01-04 13:29:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-02-26 23:17:47
apple
apple
About the security content of iOS 11.2.2
2018-01-08 00:00:00
About the security content of iOS 11.2.2 - Apple Support
2018-01-08 10:30:27
About the security content of macOS High Sierra 10.13.2 Supplemental Update
2018-01-08 00:00:00
vmware
vmware
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-01-18 00:00:00
Unbreakable Enterprise kernel security update
2018-01-05 00:00:00
kernel security update
2018-02-23 00:00:00
msrc
msrc
Speculative Execution Bounty Launch
2018-03-15 00:00:04
fedora
fedora
[SECURITY] Fedora 27 Update: webkitgtk4-2.18.5-1.fc27
2018-01-12 14:44:12
[SECURITY] Fedora 26 Update: webkitgtk4-2.18.5-1.fc26
2018-01-18 21:11:25
intel
intel
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-02-11 21:42:57
Updated webkit2 packages fix security vulnerabilities
2018-01-14 19:54:13
Updated nvidia-current packages mitigates security issues
2018-01-13 17:28:36
xen
xen
Cache-load gadgets exploitable with L1TF
2019-01-21 12:00:00
packetstorm
packetstorm
Spectre Information Disclosure Proof Of Concept
2018-01-04 00:00:00
photon
photon
zdt
zdt
Multiple CPUs - Spectre Information Disclosure (PoC) Exploit
2018-01-04 00:00:00
redhat
redhat
(RHSA-2018:0464) Important: kernel security and bug fix update
2018-03-07 14:50:33
(RHSA-2018:0044) Important: redhat-virtualization-host security update
2018-01-05 15:35:38
(RHSA-2018:0017) Important: kernel security update
2018-01-04 05:10:29
kaspersky
kaspersky
KLA11173 OSI vulnerability in VMware Products
2018-01-09 00:00:00
securelist
securelist
Kaspersky Security Bulletin 2018. Top security stories
2018-12-03 10:00:11
amazon
amazon
Important: kernel
2018-06-08 18:08:00
Important: kernel
2018-06-08 18:33:00
qualysblog
qualysblog
Meltdown and Spectre Aren’t Business as Usual
2018-01-18 22:22:16
paloalto
paloalto
Information about Meltdown and Spectre findings
2018-01-04 00:00:00
malwarebytes
malwarebytes
Meltdown and Spectre fallout: patching problems persist
2018-01-11 14:00:00
cloudfoundry
cloudfoundry
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-01-23 00:00:00
kitploit
kitploit
centos
centos
kernel, perf, python security update
2018-01-04 11:36:27
kernel, perf, python security update
2018-01-04 19:46:26
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities
2018-01-04 22:20:00
nvidia
nvidia
huawei
huawei
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
2018-06-06 00:00:00
seebug
seebug
Reading privileged memory with a side-channel
(Meltdown & Spectre)
2018-01-04 00:00:00
citrix
citrix
Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
2018-01-03 04:00:00
talosblog
talosblog
Meltdown and Spectre
2018-01-08 09:16:00
symantec
symantec
Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-01-03 00:00:00
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
9.6%
Related for UB:CVE-2018-3693