CVE-2018-3639 | AttackerKB

Description

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

Products

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Other: Ransomware Report 2023 (https://cybersecurityworks.com/howdymanage/uploads/file/Ransomware%20Report%202023_compressed.pdf)

Reported: February 21, 2023 6:03pm UTC (2 years ago)

References

Canonical

CVE-2018-3639 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639)

BID-104232 (http://www.securityfocus.com/bid/104232)

Advisory

https://access.redhat.com/errata/RHSA-2018:1689

https://access.redhat.com/errata/RHSA-2018:2162

https://access.redhat.com/errata/RHSA-2018:1641

USN-3680-1 (https://usn.ubuntu.com/3680-1)

https://access.redhat.com/errata/RHSA-2018:1997

https://access.redhat.com/errata/RHSA-2018:1665

https://access.redhat.com/errata/RHSA-2018:3407

https://access.redhat.com/errata/RHSA-2018:2164

https://access.redhat.com/errata/RHSA-2018:2001

https://access.redhat.com/errata/RHSA-2018:3423

https://access.redhat.com/errata/RHSA-2018:2003

USN-3654-1 (https://usn.ubuntu.com/3654-1)

https://access.redhat.com/errata/RHSA-2018:1645

https://access.redhat.com/errata/RHSA-2018:1643

https://access.redhat.com/errata/RHSA-2018:1652

https://access.redhat.com/errata/RHSA-2018:3424

https://access.redhat.com/errata/RHSA-2018:3402

TA18-141A (https://www.us-cert.gov/ncas/alerts/TA18-141A)

https://access.redhat.com/errata/RHSA-2018:1656

https://access.redhat.com/errata/RHSA-2018:1664

https://access.redhat.com/errata/RHSA-2018:2258

https://access.redhat.com/errata/RHSA-2018:1688

https://access.redhat.com/errata/RHSA-2018:1658

https://access.redhat.com/errata/RHSA-2018:1657

https://access.redhat.com/errata/RHSA-2018:2289

https://access.redhat.com/errata/RHSA-2018:1666

SECTRACK-1042004 (http://www.securitytracker.com/id/1042004)

https://access.redhat.com/errata/RHSA-2018:1675

https://access.redhat.com/errata/RHSA-2018:1660

https://access.redhat.com/errata/RHSA-2018:1965

https://access.redhat.com/errata/RHSA-2018:1661

https://access.redhat.com/errata/RHSA-2018:1633

https://access.redhat.com/errata/RHSA-2018:1636

https://access.redhat.com/errata/RHSA-2018:1854

https://access.redhat.com/errata/RHSA-2018:2006

https://access.redhat.com/errata/RHSA-2018:2250

SECTRACK-1040949 (http://www.securitytracker.com/id/1040949)

https://access.redhat.com/errata/RHSA-2018:3401

https://access.redhat.com/errata/RHSA-2018:1737

https://access.redhat.com/errata/RHSA-2018:1826

USN-3651-1 (https://usn.ubuntu.com/3651-1)

DSA-4210 (https://www.debian.org/security/2018/dsa-4210)

EXPLOIT-DB-44695 (https://www.exploit-db.com/exploits/44695)

https://access.redhat.com/errata/RHSA-2018:1651

https://access.redhat.com/errata/RHSA-2018:1638

https://access.redhat.com/errata/RHSA-2018:1696

https://access.redhat.com/errata/RHSA-2018:2246

https://access.redhat.com/errata/RHSA-2018:1644

https://access.redhat.com/errata/RHSA-2018:1646

[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html)

https://access.redhat.com/errata/RHSA-2018:1639

https://access.redhat.com/errata/RHSA-2018:1668

https://access.redhat.com/errata/RHSA-2018:1637

https://access.redhat.com/errata/RHSA-2018:2948

VU#180049 (https://www.kb.cert.org/vuls/id/180049)

https://access.redhat.com/errata/RHSA-2018:1686

https://access.redhat.com/errata/RHSA-2018:2172

https://access.redhat.com/errata/RHSA-2018:1663

USN-3652-1 (https://usn.ubuntu.com/3652-1)

https://access.redhat.com/errata/RHSA-2018:1629

https://access.redhat.com/errata/RHSA-2018:1655

https://access.redhat.com/errata/RHSA-2018:1640

https://access.redhat.com/errata/RHSA-2018:1669

https://access.redhat.com/errata/RHSA-2018:1676

20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018 (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel)

https://access.redhat.com/errata/RHSA-2018:3425

https://access.redhat.com/errata/RHSA-2018:2363

https://access.redhat.com/errata/RHSA-2018:1632

https://access.redhat.com/errata/RHSA-2018:1650

https://access.redhat.com/errata/RHSA-2018:2396

https://access.redhat.com/errata/RHSA-2018:2364

USN-3653-2 (https://usn.ubuntu.com/3653-2)

https://access.redhat.com/errata/RHSA-2018:2216

USN-3655-1 (https://usn.ubuntu.com/3655-1)

https://access.redhat.com/errata/RHSA-2018:1649

https://access.redhat.com/errata/RHSA-2018:2309

https://access.redhat.com/errata/RHSA-2018:1653

https://access.redhat.com/errata/RHSA-2018:2171

https://access.redhat.com/errata/RHSA-2018:1635

[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update (https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html)

https://access.redhat.com/errata/RHSA-2018:2394

https://access.redhat.com/errata/RHSA-2018:1710

https://access.redhat.com/errata/RHSA-2018:1659

https://access.redhat.com/errata/RHSA-2018:1711

DSA-4273 (https://www.debian.org/security/2018/dsa-4273)

https://access.redhat.com/errata/RHSA-2018:1738

https://access.redhat.com/errata/RHSA-2018:1674

https://access.redhat.com/errata/RHSA-2018:3396

https://access.redhat.com/errata/RHSA-2018:1667

USN-3654-2 (https://usn.ubuntu.com/3654-2)

https://access.redhat.com/errata/RHSA-2018:1662

https://access.redhat.com/errata/RHSA-2018:1630

https://access.redhat.com/errata/RHSA-2018:1647

https://access.redhat.com/errata/RHSA-2018:1967

USN-3655-2 (https://usn.ubuntu.com/3655-2)

https://access.redhat.com/errata/RHSA-2018:3399

https://access.redhat.com/errata/RHSA-2018:2060

https://access.redhat.com/errata/RHSA-2018:1690

USN-3653-1 (https://usn.ubuntu.com/3653-1)

https://access.redhat.com/errata/RHSA-2018:2161

[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update (https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html)

https://access.redhat.com/errata/RHSA-2018:2328

https://access.redhat.com/errata/RHSA-2018:1648

https://access.redhat.com/errata/RHSA-2018:2387

https://access.redhat.com/errata/RHSA-2019:0148

https://access.redhat.com/errata/RHSA-2018:1654

USN-3679-1 (https://usn.ubuntu.com/3679-1)

USN-3777-3 (https://usn.ubuntu.com/3777-3)

https://access.redhat.com/errata/RHSA-2018:1642

https://access.redhat.com/errata/RHSA-2018:3397

[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html)

USN-3756-1 (https://usn.ubuntu.com/3756-1)

https://access.redhat.com/errata/RHSA-2018:3398

https://access.redhat.com/errata/RHSA-2018:3400

https://access.redhat.com/errata/RHSA-2018:2228

[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update (https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html)

[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update (https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html)

https://access.redhat.com/errata/RHSA-2019:1046

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

20190624 [SECURITY] [DSA 4469-1] libvirt security update (https://seclists.org/bugtraq/2019/Jun/36)

[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (http://www.openwall.com/lists/oss-security/2020/06/10/1)

[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (http://www.openwall.com/lists/oss-security/2020/06/10/2)

[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (http://www.openwall.com/lists/oss-security/2020/06/10/5)

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

http://support.lenovo.com/us/en/solutions/LEN-22133

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012

https://support.citrix.com/article/CTX235225

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

https://www.synology.com/support/security/Synology_SA_18_23

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html

http://xenbits.xen.org/xsa/advisory-263.html

https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us

https://security.netapp.com/advisory/ntap-20180521-0001

https://nvidia.custhelp.com/app/answers/detail/a_id/4787

https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html

Miscellaneous

https://www.oracle.com/security-alerts/cpujul2020.html

https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

Rapid7

Technical Analysis