Vulnerability Description
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Atom C | c2308 |
| Intel | Atom E | e3805 |
| Intel | Atom X5-E3930 | - |
| Intel | Atom X5-E3940 | - |
| Intel | Atom X7-E3950 | - |
| Intel | Atom Z | z2420 |
| Intel | Celeron J | j3455 |
| Intel | Celeron N | n3450 |
| Intel | Core I3 | 32nm |
| Intel | Core I5 | 32nm |
| Intel | Core I7 | 32nm |
| Intel | Core M | 32nm |
| Intel | Pentium | n4000 |
| Intel | Pentium J | j4205 |
| Intel | Pentium Silver | j5005 |
| Intel | Xeon E-1105C | - |
| Intel | Xeon E3 | 125c_ |
| Intel | Xeon E3 1105C V2 | - |
| Intel | Xeon E3 1125C V2 | - |
| Intel | Xeon E3 1220 V2 | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.htmlBroken Link
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.htmlBroken Link
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlBroken Link
- http://support.lenovo.com/us/en/solutions/LEN-22133Third Party Advisory
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-Third Party Advisory
- http://www.openwall.com/lists/oss-security/2020/06/10/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2020/06/10/2Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2020/06/10/5Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104232Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040949Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042004Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-263.htmlThird Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1629Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1630Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1632Third Party Advisory
FAQ
What is CVE-2018-3639?
CVE-2018-3639 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of in...
How severe is CVE-2018-3639?
CVE-2018-3639 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3639?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Atom C, Intel Atom E, Intel Atom X5-E3930, Intel Atom X5-E3940, Intel Atom X7-E3950.