{ "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2018-05-21T00:00:00", "ID": "CVE-2018-3639", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Multiple", "version": { "version_data": [ { "version_value": "Multiple" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:1689", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1689" }, { "name": "RHSA-2018:2162", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2162" }, { "name": "RHSA-2018:1641", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1641" }, { "name": "USN-3680-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3680-1/" }, { "name": "RHSA-2018:1997", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1997" }, { "name": "RHSA-2018:1665", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1665" }, { "name": "RHSA-2018:3407", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3407" }, { "name": "RHSA-2018:2164", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2164" }, { "name": "RHSA-2018:2001", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2001" }, { "name": "RHSA-2018:3423", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3423" }, { "name": "RHSA-2018:2003", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2003" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "RHSA-2018:1645", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1645" }, { "name": "RHSA-2018:1643", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1643" }, { "name": "RHSA-2018:1652", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1652" }, { "name": "RHSA-2018:3424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3424" }, { "name": "RHSA-2018:3402", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3402" }, { "name": "TA18-141A", "refsource": "CERT", "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A" }, { "name": "RHSA-2018:1656", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1656" }, { "name": "RHSA-2018:1664", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1664" }, { "name": "RHSA-2018:2258", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2258" }, { "name": "RHSA-2018:1688", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1688" }, { "name": "RHSA-2018:1658", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1658" }, { "name": "RHSA-2018:1657", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1657" }, { "name": "RHSA-2018:2289", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2289" }, { "name": "RHSA-2018:1666", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1666" }, { "name": "1042004", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042004" }, { "name": "RHSA-2018:1675", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1675" }, { "name": "RHSA-2018:1660", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1660" }, { "name": "RHSA-2018:1965", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1965" }, { "name": "RHSA-2018:1661", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1661" }, { "name": "RHSA-2018:1633", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1633" }, { "name": "RHSA-2018:1636", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1636" }, { "name": "RHSA-2018:1854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "name": "RHSA-2018:2006", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2006" }, { "name": "RHSA-2018:2250", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2250" }, { "name": "1040949", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040949" }, { "name": "RHSA-2018:3401", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3401" }, { "name": "RHSA-2018:1737", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1737" }, { "name": "RHSA-2018:1826", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1826" }, { "name": "USN-3651-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3651-1/" }, { "name": "DSA-4210", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4210" }, { "name": "44695", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44695/" }, { "name": "RHSA-2018:1651", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1651" }, { "name": "RHSA-2018:1638", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1638" }, { "name": "RHSA-2018:1696", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1696" }, { "name": "RHSA-2018:2246", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2246" }, { "name": "RHSA-2018:1644", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1644" }, { "name": "RHSA-2018:1646", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1646" }, { "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" }, { "name": "RHSA-2018:1639", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1639" }, { "name": "RHSA-2018:1668", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1668" }, { "name": "RHSA-2018:1637", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1637" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "VU#180049", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/180049" }, { "name": "RHSA-2018:1686", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1686" }, { "name": "RHSA-2018:2172", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2172" }, { "name": "RHSA-2018:1663", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1663" }, { "name": "USN-3652-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3652-1/" }, { "name": "RHSA-2018:1629", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1629" }, { "name": "RHSA-2018:1655", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1655" }, { "name": "RHSA-2018:1640", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1640" }, { "name": "RHSA-2018:1669", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1669" }, { "name": "RHSA-2018:1676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1676" }, { "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel" }, { "name": "RHSA-2018:3425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3425" }, { "name": "RHSA-2018:2363", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2363" }, { "name": "RHSA-2018:1632", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1632" }, { "name": "RHSA-2018:1650", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1650" }, { "name": "RHSA-2018:2396", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2396" }, { "name": "RHSA-2018:2364", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2364" }, { "name": "USN-3653-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "RHSA-2018:2216", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2216" }, { "name": "USN-3655-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "RHSA-2018:1649", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1649" }, { "name": "RHSA-2018:2309", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2309" }, { "name": "104232", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104232" }, { "name": "RHSA-2018:1653", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1653" }, { "name": "RHSA-2018:2171", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2171" }, { "name": "RHSA-2018:1635", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1635" }, { "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html" }, { "name": "RHSA-2018:2394", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2394" }, { "name": "RHSA-2018:1710", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1710" }, { "name": "RHSA-2018:1659", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1659" }, { "name": "RHSA-2018:1711", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1711" }, { "name": "DSA-4273", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4273" }, { "name": "RHSA-2018:1738", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1738" }, { "name": "RHSA-2018:1674", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1674" }, { "name": "RHSA-2018:3396", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3396" }, { "name": "RHSA-2018:1667", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1667" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "RHSA-2018:1662", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1662" }, { "name": "RHSA-2018:1630", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1630" }, { "name": "RHSA-2018:1647", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1647" }, { "name": "RHSA-2018:1967", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1967" }, { "name": "USN-3655-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "RHSA-2018:3399", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3399" }, { "name": "RHSA-2018:2060", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2060" }, { "name": "RHSA-2018:1690", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1690" }, { "name": "USN-3653-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "RHSA-2018:2161", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2161" }, { "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html" }, { "name": "RHSA-2018:2328", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2328" }, { "name": "RHSA-2018:1648", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1648" }, { "name": "RHSA-2018:2387", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2387" }, { "name": "RHSA-2019:0148", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0148" }, { "name": "RHSA-2018:1654", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1654" }, { "name": "USN-3679-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3679-1/" }, { "name": "USN-3777-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3777-3/" }, { "name": "RHSA-2018:1642", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1642" }, { "name": "RHSA-2018:3397", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3397" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" }, { "name": "USN-3756-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3756-1/" }, { "name": "RHSA-2018:3398", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3398" }, { "name": "RHSA-2018:3400", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3400" }, { "name": "RHSA-2018:2228", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2228" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" }, { "refsource": "REDHAT", "name": "RHSA-2019:1046", "url": "https://access.redhat.com/errata/RHSA-2019:1046" }, { "refsource": "SUSE", "name": "openSUSE-SU-2019:1439", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html" }, { "refsource": "SUSE", "name": "openSUSE-SU-2019:1438", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html" }, { "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "refsource": "MLIST", "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1" }, { "refsource": "MLIST", "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2" }, { "refsource": "MLIST", "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5" }, { "url": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf" }, { "name": "http://support.lenovo.com/us/en/solutions/LEN-22133", "refsource": "CONFIRM", "url": "http://support.lenovo.com/us/en/solutions/LEN-22133" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012" }, { "name": "https://support.citrix.com/article/CTX235225", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX235225" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_23", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_23" }, { "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html" }, { "name": "http://xenbits.xen.org/xsa/advisory-263.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-263.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf" }, { "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", "refsource": "CONFIRM", "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us" }, { "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528" }, { "name": "https://security.netapp.com/advisory/ntap-20180521-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180521-0001/" }, { "refsource": "CONFIRM", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" }, { "refsource": "CONFIRM", "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html", "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html" }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:1325", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html" } ] } }