Vulnerabilites related to Intel Corporation - Multiple
cve-2018-3620
Vulnerability from cvelistv5
Published
2018-08-14 19:00
Modified
2024-09-17 01:01
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Multiple |
Version: Multiple |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:50:29.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#982149", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041451", }, { name: "GLSA-201810-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201810-06", }, { name: "USN-3741-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3741-2/", }, { name: "RHSA-2018:2393", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2393", }, { name: "USN-3823-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3823-1/", }, { name: "RHSA-2018:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2389", }, { name: "RHSA-2018:2390", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2390", }, { name: "RHSA-2018:2403", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2403", }, { name: "105080", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105080", }, { name: "RHSA-2018:2395", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2395", }, { name: "RHSA-2018:2384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2384", }, { name: "USN-3740-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3740-2/", }, { name: "FreeBSD-SA-18:09", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc", }, { name: "DSA-4274", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4274", }, { name: "FEDORA-2018-1c80fea1cd", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", }, { name: "RHSA-2018:2388", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2388", }, { name: "USN-3741-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3741-1/", }, { name: "RHSA-2018:2603", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2603", }, { name: "RHSA-2018:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2402", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { name: "FEDORA-2018-f8cba144ae", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/", }, { name: "USN-3742-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3742-2/", }, { name: "RHSA-2018:2404", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2404", }, { name: "USN-3740-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3740-1/", }, { name: "RHSA-2018:2391", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2391", }, { name: "RHSA-2018:2396", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "DSA-4279", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4279", }, { name: "RHSA-2018:2392", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2392", }, { name: "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html", }, { name: "USN-3742-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3742-1/", }, { name: "RHSA-2018:2602", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2602", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-273.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://foreshadowattack.eu/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2018-0021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K95275140", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Multiple", vendor: "Intel Corporation", versions: [ { status: "affected", version: "Multiple", }, ], }, ], datePublic: "2018-08-14T00:00:00", descriptions: [ { lang: "en", value: "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-15T02:22:58", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { name: "VU#982149", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041451", }, { name: "GLSA-201810-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201810-06", }, { name: "USN-3741-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3741-2/", }, { name: "RHSA-2018:2393", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2393", }, { name: "USN-3823-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3823-1/", }, { name: "RHSA-2018:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2389", }, { name: "RHSA-2018:2390", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2390", }, { name: "RHSA-2018:2403", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2403", }, { name: "105080", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105080", }, { name: "RHSA-2018:2395", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2395", }, { name: "RHSA-2018:2384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2384", }, { name: "USN-3740-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3740-2/", }, { name: "FreeBSD-SA-18:09", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc", }, { name: "DSA-4274", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4274", }, { name: "FEDORA-2018-1c80fea1cd", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", }, { name: "RHSA-2018:2388", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2388", }, { name: "USN-3741-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3741-1/", }, { name: "RHSA-2018:2603", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2603", }, { name: "RHSA-2018:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2402", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { name: "FEDORA-2018-f8cba144ae", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/", }, { name: "USN-3742-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3742-2/", }, { name: "RHSA-2018:2404", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2404", }, { name: "USN-3740-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3740-1/", }, { name: "RHSA-2018:2391", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2391", }, { name: "RHSA-2018:2396", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "DSA-4279", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4279", }, { name: "RHSA-2018:2392", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2392", }, { name: "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html", }, { name: "USN-3742-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3742-1/", }, { name: "RHSA-2018:2602", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2602", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://xenbits.xen.org/xsa/advisory-273.html", }, { tags: [ "x_refsource_MISC", ], url: "https://foreshadowattack.eu/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2018-0021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K95275140", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", DATE_PUBLIC: "2018-08-14T00:00:00", ID: "CVE-2018-3620", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Multiple", version: { version_data: [ { version_value: "Multiple", }, ], }, }, ], }, vendor_name: "Intel Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "VU#982149", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041451", }, { name: "GLSA-201810-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201810-06", }, { name: "USN-3741-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3741-2/", }, { name: "RHSA-2018:2393", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2393", }, { name: "USN-3823-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3823-1/", }, { name: "RHSA-2018:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2389", }, { name: "RHSA-2018:2390", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2390", }, { name: "RHSA-2018:2403", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2403", }, { name: "105080", refsource: "BID", url: "http://www.securityfocus.com/bid/105080", }, { name: "RHSA-2018:2395", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2395", }, { name: "RHSA-2018:2384", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2384", }, { name: "USN-3740-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3740-2/", }, { name: "FreeBSD-SA-18:09", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc", }, { name: "DSA-4274", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4274", }, { name: "FEDORA-2018-1c80fea1cd", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", }, { name: "RHSA-2018:2388", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2388", }, { name: "USN-3741-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3741-1/", }, { name: "RHSA-2018:2603", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2603", }, { name: "RHSA-2018:2402", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2402", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { name: "FEDORA-2018-f8cba144ae", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/", }, { name: "USN-3742-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3742-2/", }, { name: "RHSA-2018:2404", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2404", }, { name: "USN-3740-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3740-1/", }, { name: "RHSA-2018:2391", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2391", }, { name: "RHSA-2018:2396", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "DSA-4279", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4279", }, { name: "RHSA-2018:2392", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2392", }, { name: "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html", }, { name: "USN-3742-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3742-1/", }, { name: "RHSA-2018:2602", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2602", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:2387", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { name: "http://xenbits.xen.org/xsa/advisory-273.html", refsource: "CONFIRM", url: "http://xenbits.xen.org/xsa/advisory-273.html", }, { name: "https://foreshadowattack.eu/", refsource: "MISC", url: "https://foreshadowattack.eu/", }, { name: "http://www.vmware.com/security/advisories/VMSA-2018-0021.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2018-0021.html", }, { name: "https://security.netapp.com/advisory/ntap-20180815-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", }, { name: "https://support.f5.com/csp/article/K95275140", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K95275140", }, { name: "http://support.lenovo.com/us/en/solutions/LEN-24163", refsource: "CONFIRM", url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { name: "https://www.synology.com/support/security/Synology_SA_18_45", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { name: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", refsource: "CONFIRM", url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2018-3620", datePublished: "2018-08-14T19:00:00Z", dateReserved: "2017-12-28T00:00:00", dateUpdated: "2024-09-17T01:01:22.367Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-3640
Vulnerability from cvelistv5
Published
2018-05-22 12:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Multiple |
Version: Multiple |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:50:30.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lenovo.com/us/en/solutions/LEN-22133", }, { name: "TA18-141A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "https://www.us-cert.gov/ncas/alerts/TA18-141A", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "1040949", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040949", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_18_23", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { name: "VU#180049", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013", }, { name: "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "DSA-4273", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4273", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", }, { name: "104228", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104228", }, { name: "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html", }, { name: "USN-3756-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3756-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180521-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Multiple", vendor: "Intel Corporation", versions: [ { status: "affected", version: "Multiple", }, ], }, ], datePublic: "2018-05-21T00:00:00", descriptions: [ { lang: "en", value: "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-08T12:06:05", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lenovo.com/us/en/solutions/LEN-22133", }, { name: "TA18-141A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "https://www.us-cert.gov/ncas/alerts/TA18-141A", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "1040949", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040949", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_18_23", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { name: "VU#180049", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013", }, { name: "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "DSA-4273", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4273", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", }, { name: "104228", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104228", }, { name: "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html", }, { name: "USN-3756-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3756-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180521-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", DATE_PUBLIC: "2018-05-21T00:00:00", ID: "CVE-2018-3640", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Multiple", version: { version_data: [ { version_value: "Multiple", }, ], }, }, ], }, vendor_name: "Intel Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", }, { name: "http://support.lenovo.com/us/en/solutions/LEN-22133", refsource: "CONFIRM", url: "http://support.lenovo.com/us/en/solutions/LEN-22133", }, { name: "TA18-141A", refsource: "CERT", url: "https://www.us-cert.gov/ncas/alerts/TA18-141A", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "1040949", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040949", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005", }, { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", }, { name: "https://www.synology.com/support/security/Synology_SA_18_23", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_18_23", }, { name: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", refsource: "CONFIRM", url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { name: "VU#180049", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/180049", }, { name: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", refsource: "CONFIRM", url: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", }, { name: "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013", }, { name: "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel", }, { name: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", refsource: "CONFIRM", url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "DSA-4273", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4273", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", }, { name: "104228", refsource: "BID", url: "http://www.securityfocus.com/bid/104228", }, { name: "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html", }, { name: "USN-3756-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3756-1/", }, { name: "https://security.netapp.com/advisory/ntap-20180521-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180521-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2018-3640", datePublished: "2018-05-22T12:00:00Z", dateReserved: "2017-12-28T00:00:00", dateUpdated: "2024-09-16T19:31:35.612Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-3646
Vulnerability from cvelistv5
Published
2018-08-14 19:00
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Multiple |
Version: Multiple |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:50:30.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#982149", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041451", }, { name: "GLSA-201810-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201810-06", }, { name: "USN-3741-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3741-2/", }, { name: "RHSA-2018:2393", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2393", }, { name: "USN-3823-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3823-1/", }, { name: "RHSA-2018:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2389", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:2390", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2390", }, { name: "RHSA-2018:2403", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2403", }, { name: "105080", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105080", }, { name: "RHSA-2018:2395", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2395", }, { name: "RHSA-2018:2384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2384", }, { name: "USN-3740-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3740-2/", }, { name: "FreeBSD-SA-18:09", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc", }, { name: "DSA-4274", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4274", }, { name: "FEDORA-2018-1c80fea1cd", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", }, { name: "RHSA-2018:2388", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2388", }, { name: "USN-3741-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3741-1/", }, { name: "RHSA-2018:2603", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2603", }, { name: "RHSA-2018:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2402", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { name: "FEDORA-2018-f8cba144ae", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/", }, { name: "USN-3742-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3742-2/", }, { name: "RHSA-2018:2404", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2404", }, { name: "USN-3740-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3740-1/", }, { name: "RHSA-2018:2391", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2391", }, { name: "RHSA-2018:2396", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "DSA-4279", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4279", }, { name: "RHSA-2018:2392", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2392", }, { name: "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html", }, { name: "USN-3742-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3742-1/", }, { name: "RHSA-2018:2602", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2602", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { name: "USN-3756-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3756-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-273.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://foreshadowattack.eu/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2018-0020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K31300402", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Multiple", vendor: "Intel Corporation", versions: [ { status: "affected", version: "Multiple", }, ], }, ], datePublic: "2018-08-14T00:00:00", descriptions: [ { lang: "en", value: "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-15T02:22:59", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { name: "VU#982149", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041451", }, { name: "GLSA-201810-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201810-06", }, { name: "USN-3741-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3741-2/", }, { name: "RHSA-2018:2393", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2393", }, { name: "USN-3823-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3823-1/", }, { name: "RHSA-2018:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2389", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:2390", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2390", }, { name: "RHSA-2018:2403", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2403", }, { name: "105080", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105080", }, { name: "RHSA-2018:2395", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2395", }, { name: "RHSA-2018:2384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2384", }, { name: "USN-3740-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3740-2/", }, { name: "FreeBSD-SA-18:09", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc", }, { name: "DSA-4274", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4274", }, { name: "FEDORA-2018-1c80fea1cd", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", }, { name: "RHSA-2018:2388", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2388", }, { name: "USN-3741-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3741-1/", }, { name: "RHSA-2018:2603", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2603", }, { name: "RHSA-2018:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2402", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { name: "FEDORA-2018-f8cba144ae", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/", }, { name: "USN-3742-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3742-2/", }, { name: "RHSA-2018:2404", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2404", }, { name: "USN-3740-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3740-1/", }, { name: "RHSA-2018:2391", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2391", }, { name: "RHSA-2018:2396", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "DSA-4279", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4279", }, { name: "RHSA-2018:2392", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2392", }, { name: "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html", }, { name: "USN-3742-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3742-1/", }, { name: "RHSA-2018:2602", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2602", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { name: "USN-3756-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3756-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://xenbits.xen.org/xsa/advisory-273.html", }, { tags: [ "x_refsource_MISC", ], url: "https://foreshadowattack.eu/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2018-0020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K31300402", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", DATE_PUBLIC: "2018-08-14T00:00:00", ID: "CVE-2018-3646", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Multiple", version: { version_data: [ { version_value: "Multiple", }, ], }, }, ], }, vendor_name: "Intel Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "VU#982149", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041451", }, { name: "GLSA-201810-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201810-06", }, { name: "USN-3741-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3741-2/", }, { name: "RHSA-2018:2393", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2393", }, { name: "USN-3823-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3823-1/", }, { name: "RHSA-2018:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2389", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:2390", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2390", }, { name: "RHSA-2018:2403", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2403", }, { name: "105080", refsource: "BID", url: "http://www.securityfocus.com/bid/105080", }, { name: "RHSA-2018:2395", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2395", }, { name: "RHSA-2018:2384", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2384", }, { name: "USN-3740-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3740-2/", }, { name: "FreeBSD-SA-18:09", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc", }, { name: "DSA-4274", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4274", }, { name: "FEDORA-2018-1c80fea1cd", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", }, { name: "RHSA-2018:2388", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2388", }, { name: "USN-3741-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3741-1/", }, { name: "RHSA-2018:2603", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2603", }, { name: "RHSA-2018:2402", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2402", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { name: "FEDORA-2018-f8cba144ae", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/", }, { name: "USN-3742-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3742-2/", }, { name: "RHSA-2018:2404", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2404", }, { name: "USN-3740-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3740-1/", }, { name: "RHSA-2018:2391", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2391", }, { name: "RHSA-2018:2396", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "DSA-4279", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4279", }, { name: "RHSA-2018:2392", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2392", }, { name: "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html", }, { name: "USN-3742-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3742-1/", }, { name: "RHSA-2018:2602", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2602", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:2387", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { name: "USN-3756-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3756-1/", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { name: "http://xenbits.xen.org/xsa/advisory-273.html", refsource: "CONFIRM", url: "http://xenbits.xen.org/xsa/advisory-273.html", }, { name: "https://foreshadowattack.eu/", refsource: "MISC", url: "https://foreshadowattack.eu/", }, { name: "https://security.netapp.com/advisory/ntap-20180815-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018", }, { name: "http://support.lenovo.com/us/en/solutions/LEN-24163", refsource: "CONFIRM", url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { name: "https://www.synology.com/support/security/Synology_SA_18_45", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { name: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", refsource: "CONFIRM", url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010", }, { name: "http://www.vmware.com/security/advisories/VMSA-2018-0020.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2018-0020.html", }, { name: "https://support.f5.com/csp/article/K31300402", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K31300402", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2018-3646", datePublished: "2018-08-14T19:00:00Z", dateReserved: "2017-12-28T00:00:00", dateUpdated: "2024-09-17T02:27:21.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-3615
Vulnerability from cvelistv5
Published
2018-08-14 19:00
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Multiple |
Version: Multiple |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:50:30.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#982149", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041451", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008", }, { name: "105080", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105080", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://foreshadowattack.eu/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K35558453", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Multiple", vendor: "Intel Corporation", versions: [ { status: "affected", version: "Multiple", }, ], }, ], datePublic: "2018-08-14T00:00:00", descriptions: [ { lang: "en", value: "Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-08T12:06:06", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { name: "VU#982149", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041451", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008", }, { name: "105080", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105080", }, { tags: [ "x_refsource_MISC", ], url: "https://foreshadowattack.eu/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K35558453", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", DATE_PUBLIC: "2018-08-14T00:00:00", ID: "CVE-2018-3615", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Multiple", version: { version_data: [ { version_value: "Multiple", }, ], }, }, ], }, vendor_name: "Intel Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "VU#982149", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/982149", }, { name: "1041451", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041451", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008", }, { name: "105080", refsource: "BID", url: "http://www.securityfocus.com/bid/105080", }, { name: "https://foreshadowattack.eu/", refsource: "MISC", url: "https://foreshadowattack.eu/", }, { name: "https://security.netapp.com/advisory/ntap-20180815-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180815-0001/", }, { name: "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel", }, { name: "https://support.f5.com/csp/article/K35558453", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K35558453", }, { name: "http://support.lenovo.com/us/en/solutions/LEN-24163", refsource: "CONFIRM", url: "http://support.lenovo.com/us/en/solutions/LEN-24163", }, { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en", }, { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html", }, { name: "https://www.synology.com/support/security/Synology_SA_18_45", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_18_45", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us", }, { name: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", refsource: "CONFIRM", url: "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2018-3615", datePublished: "2018-08-14T19:00:00Z", dateReserved: "2017-12-28T00:00:00", dateUpdated: "2024-09-16T19:40:45.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-3639
Vulnerability from cvelistv5
Published
2018-05-22 12:00
Modified
2024-09-16 22:55
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Multiple |
Version: Multiple |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:50:30.281Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:1689", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1689", }, { name: "RHSA-2018:2162", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2162", }, { name: "RHSA-2018:1641", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1641", }, { name: "USN-3680-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3680-1/", }, { name: "RHSA-2018:1997", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1997", }, { name: "RHSA-2018:1665", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1665", }, { name: "RHSA-2018:3407", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3407", }, { name: "RHSA-2018:2164", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2164", }, { name: "RHSA-2018:2001", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2001", }, { name: "RHSA-2018:3423", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3423", }, { name: "RHSA-2018:2003", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2003", }, { name: "USN-3654-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3654-1/", }, { name: "RHSA-2018:1645", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1645", }, { name: "RHSA-2018:1643", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1643", }, { name: "RHSA-2018:1652", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1652", }, { name: "RHSA-2018:3424", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3424", }, { name: "RHSA-2018:3402", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3402", }, { name: "TA18-141A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "https://www.us-cert.gov/ncas/alerts/TA18-141A", }, { name: "RHSA-2018:1656", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1656", }, { name: "RHSA-2018:1664", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1664", }, { name: "RHSA-2018:2258", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2258", }, { name: "RHSA-2018:1688", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1688", }, { name: "RHSA-2018:1658", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1658", }, { name: "RHSA-2018:1657", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1657", }, { name: "RHSA-2018:2289", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2289", }, { name: "RHSA-2018:1666", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1666", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:1675", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1675", }, { name: "RHSA-2018:1660", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1660", }, { name: "RHSA-2018:1965", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1965", }, { name: "RHSA-2018:1661", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1661", }, { name: "RHSA-2018:1633", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1633", }, { name: "RHSA-2018:1636", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1636", }, { name: "RHSA-2018:1854", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1854", }, { name: "RHSA-2018:2006", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2006", }, { name: "RHSA-2018:2250", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2250", }, { name: "1040949", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040949", }, { name: "RHSA-2018:3401", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3401", }, { name: "RHSA-2018:1737", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1737", }, { name: "RHSA-2018:1826", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1826", }, { name: "USN-3651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3651-1/", }, { name: "DSA-4210", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4210", }, { name: "44695", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44695/", }, { name: "RHSA-2018:1651", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1651", }, { name: "RHSA-2018:1638", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1638", }, { name: "RHSA-2018:1696", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1696", }, { name: "RHSA-2018:2246", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2246", }, { name: "RHSA-2018:1644", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1644", }, { name: "RHSA-2018:1646", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1646", }, { name: "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html", }, { name: "RHSA-2018:1639", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1639", }, { name: "RHSA-2018:1668", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1668", }, { name: "RHSA-2018:1637", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1637", }, { name: "RHSA-2018:2948", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2948", }, { name: "VU#180049", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { name: "RHSA-2018:1686", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1686", }, { name: "RHSA-2018:2172", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2172", }, { name: "RHSA-2018:1663", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1663", }, { name: "USN-3652-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3652-1/", }, { name: "RHSA-2018:1629", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1629", }, { name: "RHSA-2018:1655", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1655", }, { name: "RHSA-2018:1640", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1640", }, { name: "RHSA-2018:1669", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1669", }, { name: "RHSA-2018:1676", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1676", }, { name: "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel", }, { name: "RHSA-2018:3425", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3425", }, { name: "RHSA-2018:2363", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2363", }, { name: "RHSA-2018:1632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1632", }, { name: "RHSA-2018:1650", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1650", }, { name: "RHSA-2018:2396", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "RHSA-2018:2364", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2364", }, { name: "USN-3653-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3653-2/", }, { name: "RHSA-2018:2216", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2216", }, { name: "USN-3655-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3655-1/", }, { name: "RHSA-2018:1649", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1649", }, { name: "RHSA-2018:2309", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2309", }, { name: "104232", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104232", }, { name: "RHSA-2018:1653", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1653", }, { name: "RHSA-2018:2171", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2171", }, { name: "RHSA-2018:1635", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1635", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:1710", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1710", }, { name: "RHSA-2018:1659", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1659", }, { name: "RHSA-2018:1711", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1711", }, { name: "DSA-4273", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4273", }, { name: "RHSA-2018:1738", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1738", }, { name: "RHSA-2018:1674", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1674", }, { name: "RHSA-2018:3396", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3396", }, { name: "RHSA-2018:1667", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1667", }, { name: "USN-3654-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3654-2/", }, { name: "RHSA-2018:1662", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1662", }, { name: "RHSA-2018:1630", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1630", }, { name: "RHSA-2018:1647", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1647", }, { name: "RHSA-2018:1967", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1967", }, { name: "USN-3655-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3655-2/", }, { name: "RHSA-2018:3399", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3399", }, { name: "RHSA-2018:2060", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2060", }, { name: "RHSA-2018:1690", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1690", }, { name: "USN-3653-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3653-1/", }, { name: "RHSA-2018:2161", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2161", }, { name: "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html", }, { name: "RHSA-2018:2328", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2328", }, { name: "RHSA-2018:1648", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1648", }, { name: "RHSA-2018:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { name: "RHSA-2019:0148", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0148", }, { name: "RHSA-2018:1654", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1654", }, { name: "USN-3679-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3679-1/", }, { name: "USN-3777-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3777-3/", }, { name: "RHSA-2018:1642", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1642", }, { name: "RHSA-2018:3397", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3397", }, { name: "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html", }, { name: "USN-3756-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3756-1/", }, { name: "RHSA-2018:3398", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3398", }, { name: "RHSA-2018:3400", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3400", }, { name: "RHSA-2018:2228", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2228", }, { name: "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html", }, { name: "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html", }, { name: "RHSA-2019:1046", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1046", }, { name: "openSUSE-SU-2019:1439", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html", }, { name: "openSUSE-SU-2019:1438", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html", }, { name: "20190624 [SECURITY] [DSA 4469-1] libvirt security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/36", }, { name: "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/06/10/1", }, { name: "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/06/10/2", }, { name: "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/06/10/5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lenovo.com/us/en/solutions/LEN-22133", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX235225", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_18_23", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-263.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180521-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html", }, { name: "openSUSE-SU-2020:1325", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Multiple", vendor: "Intel Corporation", versions: [ { status: "affected", version: "Multiple", }, ], }, ], datePublic: "2018-05-21T00:00:00", descriptions: [ { lang: "en", value: "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-02T20:06:27", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { name: "RHSA-2018:1689", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1689", }, { name: "RHSA-2018:2162", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2162", }, { name: "RHSA-2018:1641", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1641", }, { name: "USN-3680-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3680-1/", }, { name: "RHSA-2018:1997", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1997", }, { name: "RHSA-2018:1665", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1665", }, { name: "RHSA-2018:3407", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3407", }, { name: "RHSA-2018:2164", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2164", }, { name: "RHSA-2018:2001", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2001", }, { name: "RHSA-2018:3423", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3423", }, { name: "RHSA-2018:2003", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2003", }, { name: "USN-3654-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3654-1/", }, { name: "RHSA-2018:1645", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1645", }, { name: "RHSA-2018:1643", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1643", }, { name: "RHSA-2018:1652", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1652", }, { name: "RHSA-2018:3424", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3424", }, { name: "RHSA-2018:3402", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3402", }, { name: "TA18-141A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "https://www.us-cert.gov/ncas/alerts/TA18-141A", }, { name: "RHSA-2018:1656", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1656", }, { name: "RHSA-2018:1664", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1664", }, { name: "RHSA-2018:2258", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2258", }, { name: "RHSA-2018:1688", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1688", }, { name: "RHSA-2018:1658", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1658", }, { name: "RHSA-2018:1657", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1657", }, { name: "RHSA-2018:2289", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2289", }, { name: "RHSA-2018:1666", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1666", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:1675", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1675", }, { name: "RHSA-2018:1660", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1660", }, { name: "RHSA-2018:1965", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1965", }, { name: "RHSA-2018:1661", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1661", }, { name: "RHSA-2018:1633", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1633", }, { name: "RHSA-2018:1636", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1636", }, { name: "RHSA-2018:1854", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1854", }, { name: "RHSA-2018:2006", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2006", }, { name: "RHSA-2018:2250", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2250", }, { name: "1040949", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040949", }, { name: "RHSA-2018:3401", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3401", }, { name: "RHSA-2018:1737", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1737", }, { name: "RHSA-2018:1826", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1826", }, { name: "USN-3651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3651-1/", }, { name: "DSA-4210", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4210", }, { name: "44695", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44695/", }, { name: "RHSA-2018:1651", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1651", }, { name: "RHSA-2018:1638", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1638", }, { name: "RHSA-2018:1696", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1696", }, { name: "RHSA-2018:2246", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2246", }, { name: "RHSA-2018:1644", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1644", }, { name: "RHSA-2018:1646", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1646", }, { name: "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html", }, { name: "RHSA-2018:1639", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1639", }, { name: "RHSA-2018:1668", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1668", }, { name: "RHSA-2018:1637", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1637", }, { name: "RHSA-2018:2948", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2948", }, { name: "VU#180049", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { name: "RHSA-2018:1686", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1686", }, { name: "RHSA-2018:2172", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2172", }, { name: "RHSA-2018:1663", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1663", }, { name: "USN-3652-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3652-1/", }, { name: "RHSA-2018:1629", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1629", }, { name: "RHSA-2018:1655", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1655", }, { name: "RHSA-2018:1640", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1640", }, { name: "RHSA-2018:1669", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1669", }, { name: "RHSA-2018:1676", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1676", }, { name: "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel", }, { name: "RHSA-2018:3425", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3425", }, { name: "RHSA-2018:2363", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2363", }, { name: "RHSA-2018:1632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1632", }, { name: "RHSA-2018:1650", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1650", }, { name: "RHSA-2018:2396", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "RHSA-2018:2364", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2364", }, { name: "USN-3653-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3653-2/", }, { name: "RHSA-2018:2216", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2216", }, { name: "USN-3655-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3655-1/", }, { name: "RHSA-2018:1649", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1649", }, { name: "RHSA-2018:2309", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2309", }, { name: "104232", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104232", }, { name: "RHSA-2018:1653", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1653", }, { name: "RHSA-2018:2171", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2171", }, { name: "RHSA-2018:1635", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1635", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:1710", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1710", }, { name: "RHSA-2018:1659", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1659", }, { name: "RHSA-2018:1711", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1711", }, { name: "DSA-4273", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4273", }, { name: "RHSA-2018:1738", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1738", }, { name: "RHSA-2018:1674", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1674", }, { name: "RHSA-2018:3396", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3396", }, { name: "RHSA-2018:1667", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1667", }, { name: "USN-3654-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3654-2/", }, { name: "RHSA-2018:1662", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1662", }, { name: "RHSA-2018:1630", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1630", }, { name: "RHSA-2018:1647", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1647", }, { name: "RHSA-2018:1967", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1967", }, { name: "USN-3655-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3655-2/", }, { name: "RHSA-2018:3399", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3399", }, { name: "RHSA-2018:2060", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2060", }, { name: "RHSA-2018:1690", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1690", }, { name: "USN-3653-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3653-1/", }, { name: "RHSA-2018:2161", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2161", }, { name: "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html", }, { name: "RHSA-2018:2328", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2328", }, { name: "RHSA-2018:1648", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1648", }, { name: "RHSA-2018:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { name: "RHSA-2019:0148", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0148", }, { name: "RHSA-2018:1654", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1654", }, { name: "USN-3679-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3679-1/", }, { name: "USN-3777-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3777-3/", }, { name: "RHSA-2018:1642", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1642", }, { name: "RHSA-2018:3397", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3397", }, { name: "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html", }, { name: "USN-3756-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3756-1/", }, { name: "RHSA-2018:3398", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3398", }, { name: "RHSA-2018:3400", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3400", }, { name: "RHSA-2018:2228", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2228", }, { name: "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html", }, { name: "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html", }, { name: "RHSA-2019:1046", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1046", }, { name: "openSUSE-SU-2019:1439", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html", }, { name: "openSUSE-SU-2019:1438", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html", }, { name: "20190624 [SECURITY] [DSA 4469-1] libvirt security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jun/36", }, { name: "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/06/10/1", }, { name: "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/06/10/2", }, { name: "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/06/10/5", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lenovo.com/us/en/solutions/LEN-22133", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX235225", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_18_23", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://xenbits.xen.org/xsa/advisory-263.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180521-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html", }, { name: "openSUSE-SU-2020:1325", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", DATE_PUBLIC: "2018-05-21T00:00:00", ID: "CVE-2018-3639", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Multiple", version: { version_data: [ { version_value: "Multiple", }, ], }, }, ], }, vendor_name: "Intel Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:1689", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1689", }, { name: "RHSA-2018:2162", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2162", }, { name: "RHSA-2018:1641", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1641", }, { name: "USN-3680-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3680-1/", }, { name: "RHSA-2018:1997", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1997", }, { name: "RHSA-2018:1665", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1665", }, { name: "RHSA-2018:3407", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3407", }, { name: "RHSA-2018:2164", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2164", }, { name: "RHSA-2018:2001", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2001", }, { name: "RHSA-2018:3423", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3423", }, { name: "RHSA-2018:2003", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2003", }, { name: "USN-3654-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3654-1/", }, { name: "RHSA-2018:1645", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1645", }, { name: "RHSA-2018:1643", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1643", }, { name: "RHSA-2018:1652", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1652", }, { name: "RHSA-2018:3424", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3424", }, { name: "RHSA-2018:3402", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3402", }, { name: "TA18-141A", refsource: "CERT", url: "https://www.us-cert.gov/ncas/alerts/TA18-141A", }, { name: "RHSA-2018:1656", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1656", }, { name: "RHSA-2018:1664", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1664", }, { name: "RHSA-2018:2258", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2258", }, { name: "RHSA-2018:1688", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1688", }, { name: "RHSA-2018:1658", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1658", }, { name: "RHSA-2018:1657", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1657", }, { name: "RHSA-2018:2289", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2289", }, { name: "RHSA-2018:1666", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1666", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:1675", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1675", }, { name: "RHSA-2018:1660", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1660", }, { name: "RHSA-2018:1965", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1965", }, { name: "RHSA-2018:1661", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1661", }, { name: "RHSA-2018:1633", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1633", }, { name: "RHSA-2018:1636", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1636", }, { name: "RHSA-2018:1854", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1854", }, { name: "RHSA-2018:2006", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2006", }, { name: "RHSA-2018:2250", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2250", }, { name: "1040949", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040949", }, { name: "RHSA-2018:3401", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3401", }, { name: "RHSA-2018:1737", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1737", }, { name: "RHSA-2018:1826", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1826", }, { name: "USN-3651-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3651-1/", }, { name: "DSA-4210", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4210", }, { name: "44695", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44695/", }, { name: "RHSA-2018:1651", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1651", }, { name: "RHSA-2018:1638", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1638", }, { name: "RHSA-2018:1696", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1696", }, { name: "RHSA-2018:2246", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2246", }, { name: "RHSA-2018:1644", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1644", }, { name: "RHSA-2018:1646", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1646", }, { name: "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html", }, { name: "RHSA-2018:1639", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1639", }, { name: "RHSA-2018:1668", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1668", }, { name: "RHSA-2018:1637", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1637", }, { name: "RHSA-2018:2948", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2948", }, { name: "VU#180049", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/180049", }, { name: "RHSA-2018:1686", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1686", }, { name: "RHSA-2018:2172", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2172", }, { name: "RHSA-2018:1663", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1663", }, { name: "USN-3652-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3652-1/", }, { name: "RHSA-2018:1629", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1629", }, { name: "RHSA-2018:1655", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1655", }, { name: "RHSA-2018:1640", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1640", }, { name: "RHSA-2018:1669", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1669", }, { name: "RHSA-2018:1676", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1676", }, { name: "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel", }, { name: "RHSA-2018:3425", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3425", }, { name: "RHSA-2018:2363", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2363", }, { name: "RHSA-2018:1632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1632", }, { name: "RHSA-2018:1650", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1650", }, { name: "RHSA-2018:2396", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2396", }, { name: "RHSA-2018:2364", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2364", }, { name: "USN-3653-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3653-2/", }, { name: "RHSA-2018:2216", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2216", }, { name: "USN-3655-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3655-1/", }, { name: "RHSA-2018:1649", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1649", }, { name: "RHSA-2018:2309", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2309", }, { name: "104232", refsource: "BID", url: "http://www.securityfocus.com/bid/104232", }, { name: "RHSA-2018:1653", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1653", }, { name: "RHSA-2018:2171", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2171", }, { name: "RHSA-2018:1635", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1635", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "RHSA-2018:2394", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2394", }, { name: "RHSA-2018:1710", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1710", }, { name: "RHSA-2018:1659", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1659", }, { name: "RHSA-2018:1711", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1711", }, { name: "DSA-4273", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4273", }, { name: "RHSA-2018:1738", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1738", }, { name: "RHSA-2018:1674", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1674", }, { name: "RHSA-2018:3396", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3396", }, { name: "RHSA-2018:1667", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1667", }, { name: "USN-3654-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3654-2/", }, { name: "RHSA-2018:1662", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1662", }, { name: "RHSA-2018:1630", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1630", }, { name: "RHSA-2018:1647", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1647", }, { name: "RHSA-2018:1967", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1967", }, { name: "USN-3655-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3655-2/", }, { name: "RHSA-2018:3399", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3399", }, { name: "RHSA-2018:2060", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2060", }, { name: "RHSA-2018:1690", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1690", }, { name: "USN-3653-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3653-1/", }, { name: "RHSA-2018:2161", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2161", }, { name: "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html", }, { name: "RHSA-2018:2328", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2328", }, { name: "RHSA-2018:1648", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1648", }, { name: "RHSA-2018:2387", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2387", }, { name: "RHSA-2019:0148", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0148", }, { name: "RHSA-2018:1654", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1654", }, { name: "USN-3679-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3679-1/", }, { name: "USN-3777-3", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3777-3/", }, { name: "RHSA-2018:1642", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1642", }, { name: "RHSA-2018:3397", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3397", }, { name: "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html", }, { name: "USN-3756-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3756-1/", }, { name: "RHSA-2018:3398", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3398", }, { name: "RHSA-2018:3400", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3400", }, { name: "RHSA-2018:2228", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2228", }, { name: "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html", }, { name: "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html", }, { name: "RHSA-2019:1046", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1046", }, { name: "openSUSE-SU-2019:1439", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html", }, { name: "openSUSE-SU-2019:1438", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html", }, { name: "20190624 [SECURITY] [DSA 4469-1] libvirt security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jun/36", }, { name: "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/06/10/1", }, { name: "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/06/10/2", }, { name: "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/06/10/5", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf", }, { name: "http://support.lenovo.com/us/en/solutions/LEN-22133", refsource: "CONFIRM", url: "http://support.lenovo.com/us/en/solutions/LEN-22133", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012", }, { name: "https://support.citrix.com/article/CTX235225", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX235225", }, { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html", }, { name: "https://www.synology.com/support/security/Synology_SA_18_23", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_18_23", }, { name: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", refsource: "CONFIRM", url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { name: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", refsource: "CONFIRM", url: "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html", }, { name: "http://xenbits.xen.org/xsa/advisory-263.html", refsource: "CONFIRM", url: "http://xenbits.xen.org/xsa/advisory-263.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf", }, { name: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", refsource: "CONFIRM", url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528", }, { name: "https://security.netapp.com/advisory/ntap-20180521-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180521-0001/", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", }, { name: "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html", refsource: "CONFIRM", url: "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html", }, { name: "openSUSE-SU-2020:1325", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2018-3639", datePublished: "2018-05-22T12:00:00Z", dateReserved: "2017-12-28T00:00:00", dateUpdated: "2024-09-16T22:55:27.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }