CVE-2018-3640

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.6 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
intelxeon_e-1105c
-
intelxeon_e3_1105c_v2
-
intelxeon_e3_1125c_v2
-
intelxeon_e3_1220_v2
-
intelxeon_e3_1220_v3
-
intelxeon_e3_1220_v5
-
intelxeon_e3_1220_v6
-
intelxeon_e3_12201
-
intelxeon_e3_12201_v2
-
intelxeon_e3_1220l_v3
-
intelxeon_e3_1225
-
intelxeon_e3_1225_v2
-
intelxeon_e3_1225_v3
-
intelxeon_e3_1225_v5
-
intelxeon_e3_1225_v6
-
intelxeon_e3_1226_v3
-
intelxeon_e3_1230
-
intelxeon_e3_1230_v2
-
intelxeon_e3_1230_v3
-
intelxeon_e3_1230_v5
-
intelxeon_e3_1230_v6
-
intelxeon_e3_1230l_v3
-
intelxeon_e3_1231_v3
-
intelxeon_e3_1235
-
intelxeon_e3_1235l_v5
-
intelxeon_e3_1240
-
intelxeon_e3_1240_v2
-
intelxeon_e3_1240_v3
-
intelxeon_e3_1240_v5
-
intelxeon_e3_1240_v6
-
intelxeon_e3_1240l_v3
-
intelxeon_e3_1240l_v5
-
intelxeon_e3_1241_v3
-
intelxeon_e3_1245
-
intelxeon_e3_1245_v2
-
intelxeon_e3_1245_v3
-
intelxeon_e3_1245_v5
-
intelxeon_e3_1245_v6
-
intelxeon_e3_1246_v3
-
intelxeon_e3_1258l_v4
-
intelxeon_e3_1260l
-
intelxeon_e3_1260l_v5
-
intelxeon_e3_1265l_v2
-
intelxeon_e3_1265l_v3
-
intelxeon_e3_1265l_v4
-
intelxeon_e3_1268l_v3
-
intelxeon_e3_1268l_v5
-
intelxeon_e3_1270
-
intelxeon_e3_1270_v2
-
intelxeon_e3_1270_v3
-
intelxeon_e3_1270_v5
-
intelxeon_e3_1270_v6
-
intelxeon_e3_1271_v3
-
intelxeon_e3_1275_v2
-
intelxeon_e3_1275_v3
-
intelxeon_e3_1275_v5
-
intelxeon_e3_1275_v6
-
intelxeon_e3_1275l_v3
-
intelxeon_e3_1276_v3
-
intelxeon_e3_1278l_v4
-
intelxeon_e3_1280
-
intelxeon_e3_1280_v2
-
intelxeon_e3_1280_v3
-
intelxeon_e3_1280_v5
-
intelxeon_e3_1280_v6
-
intelxeon_e3_1281_v3
-
intelxeon_e3_1285_v3
-
intelxeon_e3_1285_v4
-
intelxeon_e3_1285_v6
-
intelxeon_e3_1285l_v3
-
intelxeon_e3_1285l_v4
-
intelxeon_e3_1286_v3
-
intelxeon_e3_1286l_v3
-
intelxeon_e3_1290
-
intelxeon_e3_1290_v2
-
intelxeon_e3_1501l_v6
-
intelxeon_e3_1501m_v6
-
intelxeon_e3_1505l_v5
-
intelxeon_e3_1505l_v6
-
intelxeon_e3_1505m_v5
-
intelxeon_e5_1428l
-
intelxeon_e5_1428l_v2
-
intelxeon_e5_1428l_v3
-
intelxeon_e5_1620
-
intelxeon_e5_1620_v2
-
intelxeon_e5_1620_v3
-
intelxeon_e5_1620_v4
-
intelxeon_e5_1630_v3
-
intelxeon_e5_1630_v4
-
intelxeon_e5_1650
-
intelxeon_e5_1650_v2
-
intelxeon_e5_1650_v3
-
intelxeon_e5_1650_v4
-
intelxeon_e5_1660
-
intelxeon_e5_1660_v2
-
intelxeon_e5_1660_v3
-
intelxeon_e5_1660_v4
-
intelxeon_e5_1680_v3
-
intelxeon_e5_1680_v4
-
intelxeon_e5_2403
-
intelxeon_e5_2403_v2
-
intelxeon_e5_2407
-
intelxeon_e5_2407_v2
-
intelxeon_e5_2408l_v3
-
intelxeon_e5_2418l
-
intelxeon_e5_2418l_v2
-
intelxeon_e5_2418l_v3
-
intelxeon_e5_2420
-
intelxeon_e5_2420_v2
-
intelxeon_e5_2428l
-
intelxeon_e5_2428l_v2
-
intelxeon_e5_2428l_v3
-
intelxeon_e5_2430
-
intelxeon_e5_2430_v2
-
intelxeon_e5_2430l
-
intelxeon_e5_2430l_v2
-
intelxeon_e5_2438l_v3
-
intelxeon_e5_2440
-
intelxeon_e5_2440_v2
-
intelxeon_e5_2448l
-
intelxeon_e5_2448l_v2
-
intelxeon_e5_2450
-
intelxeon_e5_2450_v2
-
intelxeon_e5_2450l
-
intelxeon_e5_2450l_v2
-
intelxeon_e5_2470
-
intelxeon_e5_2470_v2
-
intelxeon_e5_2603
-
intelxeon_e5_2603_v2
-
intelxeon_e5_2603_v3
-
intelxeon_e5_2603_v4
-
intelxeon_e5_2608l_v3
-
intelxeon_e5_2608l_v4
-
intelxeon_e5_2609
-
intelxeon_e5_2609_v2
-
intelxeon_e5_2609_v3
-
intelxeon_e5_2609_v4
-
intelxeon_e5_2618l_v2
-
intelxeon_e5_2618l_v3
-
intelxeon_e5_2618l_v4
-
intelxeon_e5_2620
-
intelxeon_e5_2620_v2
-
intelxeon_e5_2620_v3
-
intelxeon_e5_2620_v4
-
intelxeon_e5_2623_v3
-
intelxeon_e5_2623_v4
-
intelxeon_e5_2628l_v2
-
intelxeon_e5_2628l_v3
-
intelxeon_e5_2628l_v4
-
intelxeon_e5_2630
-
intelxeon_e5_2630_v2
-
intelxeon_e5_2630_v3
-
intelxeon_e5_2630_v4
-
intelxeon_e5_2630l
-
intelxeon_e5_2630l_v2
-
intelxeon_e5_2630l_v3
-
intelxeon_e5_2630l_v4
-
intelxeon_e5_2637
-
intelxeon_e5_2637_v2
-
intelxeon_e5_2637_v3
-
intelxeon_e5_2637_v4
-
intelxeon_e5_2640
-
intelxeon_e5_2640_v2
-
intelxeon_e5_2640_v3
-
intelxeon_e5_2640_v4
-
intelxeon_e5_2643
-
intelxeon_e5_2643_v2
-
intelxeon_e5_2643_v3
-
intelxeon_e5_2643_v4
-
intelxeon_e5_2648l
-
intelxeon_e5_2648l_v2
-
intelxeon_e5_2648l_v3
-
intelxeon_e5_2648l_v4
-
intelxeon_e5_2650
-
intelxeon_e5_2650_v2
-
intelxeon_e5_2650_v3
-
intelxeon_e5_2650_v4
-
intelxeon_e5_2650l
-
intelxeon_e5_2650l_v2
-
intelxeon_e5_2650l_v3
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
intel-microcode
bullseye/non-free
3.20240813.1~deb11u1
fixed
bullseye/non-free (security)
3.20231114.1~deb11u1
fixed
bookworm/non-free-firmware
3.20240813.1~deb12u1
fixed
bookworm/non-free-firmware (security)
3.20231114.1~deb12u1
fixed
sid/non-free-firmware
3.20240910.1
fixed
trixie/non-free-firmware
3.20240910.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
intel-microcode
bionic
Fixed 3.20180807a.0ubuntu0.18.04.1
released
artful
ignored
xenial
Fixed 3.20180807a.0ubuntu0.16.04.1
released
trusty
Fixed 3.20180807a.0ubuntu0.14.04.1
released
Common Weakness Enumeration
References
http://support.lenovo.com/us/en/solutions/LEN-22133
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
http://www.securityfocus.com/bid/104228
http://www.securitytracker.com/id/1040949
http://www.securitytracker.com/id/1042004
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
https://security.netapp.com/advisory/ntap-20180521-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
https://usn.ubuntu.com/3756-1/
https://www.debian.org/security/2018/dsa-4273
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.kb.cert.org/vuls/id/180049
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
https://www.synology.com/support/security/Synology_SA_18_23
https://www.us-cert.gov/ncas/alerts/TA18-141A
http://support.lenovo.com/us/en/solutions/LEN-22133
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
http://www.securityfocus.com/bid/104228
http://www.securitytracker.com/id/1040949
http://www.securitytracker.com/id/1042004
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
https://security.netapp.com/advisory/ntap-20180521-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
https://usn.ubuntu.com/3756-1/
https://www.debian.org/security/2018/dsa-4273
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.kb.cert.org/vuls/id/180049
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
https://www.synology.com/support/security/Synology_SA_18_23
https://www.us-cert.gov/ncas/alerts/TA18-141A