Vulnerability Description
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Atom C | c2308 |
| Intel | Atom E | e3805 |
| Intel | Atom Z | z2420 |
| Intel | Celeron J | j3455 |
| Intel | Celeron N | n3450 |
| Intel | Core I3 | 32nm |
| Intel | Core I5 | 32nm |
| Intel | Core I7 | 32nm |
| Intel | Core M | 32nm |
| Intel | Pentium | n4000 |
| Intel | Pentium J | j4205 |
| Intel | Pentium Silver | j5005 |
| Intel | Xeon E-1105C | - |
| Intel | Xeon E3 | 125c_ |
| Intel | Xeon E3 1105C V2 | - |
| Intel | Xeon E3 1125C V2 | - |
| Intel | Xeon E3 1220 V2 | - |
| Intel | Xeon E3 1220 V3 | - |
| Intel | Xeon E3 1220 V5 | - |
| Intel | Xeon E3 1220 V6 | - |
Related Weaknesses (CWE)
References
- http://support.lenovo.com/us/en/solutions/LEN-22133Third Party Advisory
- http://www.fujitsu.com/global/support/products/software/security/products-f/cve-Third Party Advisory
- http://www.securityfocus.com/bid/104228Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040949Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042004
- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulVendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013PatchThird Party AdvisoryVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
- https://security.netapp.com/advisory/ntap-20180521-0001/Third Party Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Third Party Advisory
FAQ
What is CVE-2018-3640?
CVE-2018-3640 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local use...
How severe is CVE-2018-3640?
CVE-2018-3640 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3640?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Atom C, Intel Atom E, Intel Atom Z, Intel Celeron J, Intel Celeron N.