CVE-2018-5407
published 2018-11-15CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on…
medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
EXPLOIT
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.1.1~~pre9-1 (bookworm) | openssl 1.1.1~~pre9-1 (bookworm) |
| nodejs | node.js | < 6.14.4 | 6.14.4 |
| nodejs | node.js | >= 10.0.0 < 10.9.0 | 10.9.0 |
| nodejs | node.js | >= 8.0.0 < 8.11.4 | 8.11.4 |
| openssl | openssl | >= 0 < 1.1.1~~pre9-1 | 1.1.1~~pre9-1 |
| openssl | openssl | >= 0 < 1.1.1~~pre9-1 | 1.1.1~~pre9-1 |
| openssl | openssl | >= 0 < 1.1.1~~pre9-1 | 1.1.1~~pre9-1 |
| openssl | openssl | >= 0 < 1.1.1~~pre9-1 | 1.1.1~~pre9-1 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.27 | 1.0.1f-1ubuntu2.27 |
| openssl | openssl | >= 0 < 1.0.2g-1ubuntu4.14 | 1.0.2g-1ubuntu4.14 |
| openssl | openssl | >= 0 < 1.1.0g-2ubuntu4.3 | 1.1.0g-2ubuntu4.3 |
| openssl | openssl | >= 1.0.2 < 1.0.2q | 1.0.2q |
| openssl | openssl | >= 1.1.0 < 1.1.0i | 1.1.0i |
| oracle | api_gateway | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | enterprise_manager_base_platform | — | — |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM