CVE-2018-5407
15.11.2018, 21:29
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.Enginsight
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| nodejs | node.js | 𝑥 < 6.14.4 |
| nodejs | node.js | 8.0.0 ≤ 𝑥 < 8.11.4 |
| nodejs | node.js | 10.0.0 ≤ 𝑥 < 10.9.0 |
| openssl | openssl | 1.0.2 ≤ 𝑥 < 1.0.2q |
| openssl | openssl | 1.1.0 ≤ 𝑥 < 1.1.0i |
| tenable | nessus | 𝑥 < 8.1.1 |
| oracle | api_gateway | 11.1.2.4.0 |
| oracle | application_server | 0.9.8 |
| oracle | application_server | 1.0.0 |
| oracle | application_server | 1.0.1 |
| oracle | enterprise_manager_base_platform | 12.1.0.5.0 |
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | mysql_enterprise_backup | 𝑥 ≤ 3.12.3 |
| oracle | mysql_enterprise_backup | 3.12.4 ≤ 𝑥 ≤ 4.1.2 |
| oracle | peoplesoft_enterprise_peopletools | 8.55 |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 17.7 ≤ 𝑥 ≤ 17.12 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 8.4 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.1 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.2 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.1 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.2 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 18.8 |
| oracle | tuxedo | 12.1.1.0.0 |
| oracle | vm_virtualbox | 𝑥 < 6.0.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server | 7.6 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssl |
| ||||||||||||||||||
| openssl098 |
| ||||||||||||||||||
| openssl1.0 |
|
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
References