CVE-2018-3640

CWE-203 CWE-1231 CWE-200 — Information Exposure10 documents10 sources

Severity

5.6MEDIUM

EPSS

0.9%

top 24.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Corporation Multiple ARM Cortex-a Intel Atom C +17 more

Timeline

PublishedMay 22

Latest updateMay 13

Description

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages21 packages

▶Debianintel-microcode< 3.20180703.1+3

▶NVDarm/cortex-a15, 57, 72+2

▶NVDintel/atom_c16 versions+15

▶NVDintel/atom_e6 versions+5

▶NVDintel/atom_z30 versions+29

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-wm4v-x65g-m25r: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure↗2022-05-13

▶

CVEList

CVE-2018-3640: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure↗2018-05-22

▶

OSV

CVE-2018-3640: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure↗2018-05-22

▶

📋Vendor Advisories

Apple

CVE-2018-3640: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra↗2018-10-30

▶

Ubuntu

Intel Microcode vulnerabilities↗2018-08-27

▶

Cisco

CPU Side-Channel Information Disclosure Vulnerabilities: May 2018↗2018-05-22

▶

Red Hat

hw: cpu: speculative register load↗2018-05-21

▶

Debian

CVE-2018-3640: intel-microcode - Systems with microprocessors utilizing speculative execution and that perform sp...↗2018

▶

💬Community

Bugzilla

CVE-2018-3640 hw: cpu: speculative register load↗2018-05-21

▶