CVE-2018-3693

CWE-200Information Exposure9 documents8 sources
Severity
5.6MEDIUM
EPSS
1.3%
top 20.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
40
Fujitsu M12-1 FirmwareFujitsu M12-2 FirmwareFujitsu M12-2s Firmware+37 more
Timeline
PublishedJul 10
Latest updateMay 13

Description

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages36 packages

NVDfujitsu/m12-1_firmware< xcp3090
NVDfujitsu/m12-2_firmware< xcp3090
Debianlinux< 4.15.11-1+3

Also affects: Enterprise Linux 7.0, 7.4, 7.6, 7.5

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-v5hg-j44c-8mvh: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wit2022-05-13
OSV
CVE-2018-3693: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wit2018-07-10
CVEList
CVE-2018-3693: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wit2018-07-10

📋Vendor Advisories

3
Oracle
Oracle Oracle Systems Risk Matrix: XCP Firmware (Kernel) — CVE-2018-36932020-10-15
Red Hat
Kernel: speculative bounds check bypass store2018-07-10
Debian
CVE-2018-3693: linux - Systems with microprocessors utilizing speculative execution and branch predicti...2018

💬Community

2
Bugzilla
CVE-2018-3693 kernel: speculative bounds check bypass store [fedora-all]2018-07-10
Bugzilla
CVE-2018-3693 Kernel: speculative bounds check bypass store2018-05-23