CVE-2018-3639 Detail

Current Description

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.


View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score:  5.5 MEDIUM
Vector:  CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
http://support.lenovo.com/us/en/solutions/LEN-22133 Third Party Advisory 
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html Third Party Advisory 
http://www.openwall.com/lists/oss-security/2020/06/10/1
http://www.openwall.com/lists/oss-security/2020/06/10/2
http://www.openwall.com/lists/oss-security/2020/06/10/5
http://www.securityfocus.com/bid/104232 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1040949 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1042004 Third Party Advisory  VDB Entry 
http://xenbits.xen.org/xsa/advisory-263.html Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1629 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1630 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1632 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1633 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1635 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1636 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1637 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1638 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1639 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1640 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1641 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1642 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1643 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1644 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1645 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1646 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1647 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1648 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1649 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1650 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1651 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1652 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1653 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1654 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1655 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1656 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1657 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1658 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1659 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1660 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1661 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1662 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1663 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1664 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1665 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1666 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1667 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1668 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1669 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1674 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1675 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1676 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1686 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1688 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1689 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1690 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1696 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1710 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1711 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1737 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1738 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1826 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1854 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1965 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1967 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:1997 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2001 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2003 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2006 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2060 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2161 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2162 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2164 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2171 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2172 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2216 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2228 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2246 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2250 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2258 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2289 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2309 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2328 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2363 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2364 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2387 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2394 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2396 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:2948 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3396 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3397 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3398 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3399 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3400 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3401 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3402 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3407 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3423 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3424 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2018:3425 Third Party Advisory 
https://access.redhat.com/errata/RHSA-2019:0148 Broken Link 
https://access.redhat.com/errata/RHSA-2019:1046
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 Exploit  Issue Tracking  Patch  Third Party Advisory 
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf Patch  Third Party Advisory 
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf Patch  Third Party Advisory 
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability Third Party Advisory 
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://nvidia.custhelp.com/app/answers/detail/a_id/4787
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 Patch  Third Party Advisory  Vendor Advisory 
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004 Third Party Advisory 
https://seclists.org/bugtraq/2019/Jun/36
https://security.netapp.com/advisory/ntap-20180521-0001/ Third Party Advisory 
https://support.citrix.com/article/CTX235225 Third Party Advisory 
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us Mitigation  Third Party Advisory 
https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel Third Party Advisory 
https://usn.ubuntu.com/3651-1/ Third Party Advisory 
https://usn.ubuntu.com/3652-1/ Third Party Advisory 
https://usn.ubuntu.com/3653-1/ Third Party Advisory 
https://usn.ubuntu.com/3653-2/ Third Party Advisory 
https://usn.ubuntu.com/3654-1/ Third Party Advisory 
https://usn.ubuntu.com/3654-2/ Third Party Advisory 
https://usn.ubuntu.com/3655-1/ Third Party Advisory 
https://usn.ubuntu.com/3655-2/ Third Party Advisory 
https://usn.ubuntu.com/3679-1/ Third Party Advisory 
https://usn.ubuntu.com/3680-1/ Third Party Advisory 
https://usn.ubuntu.com/3756-1/ Third Party Advisory 
https://usn.ubuntu.com/3777-3/ Third Party Advisory 
https://www.debian.org/security/2018/dsa-4210 Third Party Advisory 
https://www.debian.org/security/2018/dsa-4273 Third Party Advisory 
https://www.exploit-db.com/exploits/44695/ Exploit  Third Party Advisory  VDB Entry 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html Third Party Advisory 
https://www.kb.cert.org/vuls/id/180049 Third Party Advisory  US Government Resource 
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 Third Party Advisory 
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Patch  Third Party Advisory 
https://www.synology.com/support/security/Synology_SA_18_23 Third Party Advisory 
https://www.us-cert.gov/ncas/alerts/TA18-141A Third Party Advisory  US Government Resource 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-203 Observable Differences in Behavior to Error Inputs cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

230 change records found show changes