CVE-2018-3639

Published May 22, 2018

Last updated 9 days ago

CVSS medium 5.5

Overview

Description
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Source
secure@intel.com
NVD status
Modified
Products
atom_c, atom_e, atom_x5-e3930, atom_x5-e3940, atom_x7-e3950, atom_z, celeron_j, celeron_n, core_i3, core_i5, core_i7, core_m, pentium, pentium_j, pentium_silver, xeon_e-1105c, xeon_e3, xeon_e3_1105c_v2, xeon_e3_1125c_v2, xeon_e3_1220_v2, xeon_e3_1220_v3, xeon_e3_1220_v5, xeon_e3_1220_v6, xeon_e3_12201, xeon_e3_12201_v2, xeon_e3_1220l_v3, xeon_e3_1225, xeon_e3_1225_v2, xeon_e3_1225_v3, xeon_e3_1225_v5, xeon_e3_1225_v6, xeon_e3_1226_v3, xeon_e3_1230, xeon_e3_1230_v2, xeon_e3_1230_v3, xeon_e3_1230_v5, xeon_e3_1230_v6, xeon_e3_1230l_v3, xeon_e3_1231_v3, xeon_e3_1235, xeon_e3_1235l_v5, xeon_e3_1240, xeon_e3_1240_v2, xeon_e3_1240_v3, xeon_e3_1240_v5, xeon_e3_1240_v6, xeon_e3_1240l_v3, xeon_e3_1240l_v5, xeon_e3_1241_v3, xeon_e3_1245, xeon_e3_1245_v2, xeon_e3_1245_v3, xeon_e3_1245_v5, xeon_e3_1245_v6, xeon_e3_1246_v3, xeon_e3_1258l_v4, xeon_e3_1260l, xeon_e3_1260l_v5, xeon_e3_1265l_v2, xeon_e3_1265l_v3, xeon_e3_1265l_v4, xeon_e3_1268l_v3, xeon_e3_1268l_v5, xeon_e3_1270, xeon_e3_1270_v2, xeon_e3_1270_v3, xeon_e3_1270_v5, xeon_e3_1270_v6, xeon_e3_1271_v3, xeon_e3_1275_v2, xeon_e3_1275_v3, xeon_e3_1275_v5, xeon_e3_1275_v6, xeon_e3_1275l_v3, xeon_e3_1276_v3, xeon_e3_1278l_v4, xeon_e3_1280, xeon_e3_1280_v2, xeon_e3_1280_v3, xeon_e3_1280_v5, xeon_e3_1280_v6, xeon_e3_1281_v3, xeon_e3_1285_v3, xeon_e3_1285_v4, xeon_e3_1285_v6, xeon_e3_1285l_v3, xeon_e3_1285l_v4, xeon_e3_1286_v3, xeon_e3_1286l_v3, xeon_e3_1290, xeon_e3_1290_v2, xeon_e3_1501l_v6, xeon_e3_1501m_v6, xeon_e3_1505l_v5, xeon_e3_1505l_v6, xeon_e3_1505m_v5, xeon_e5, xeon_e5_1428l, xeon_e5_1428l_v2, xeon_e5_1428l_v3, xeon_e5_1620, xeon_e5_1620_v2, xeon_e5_1620_v3, xeon_e5_1620_v4, xeon_e5_1630_v3, xeon_e5_1630_v4, xeon_e5_1650, xeon_e5_1650_v2, xeon_e5_1650_v3, xeon_e5_1650_v4, xeon_e5_1660, xeon_e5_1660_v2, xeon_e5_1660_v3, xeon_e5_1660_v4, xeon_e5_1680_v3, xeon_e5_1680_v4, xeon_e5_2403, xeon_e5_2403_v2, xeon_e5_2407, xeon_e5_2407_v2, xeon_e5_2408l_v3, xeon_e5_2418l, xeon_e5_2418l_v2, xeon_e5_2418l_v3, xeon_e5_2420, xeon_e5_2420_v2, xeon_e5_2428l, xeon_e5_2428l_v2, xeon_e5_2428l_v3, xeon_e5_2430, xeon_e5_2430_v2, xeon_e5_2430l, xeon_e5_2430l_v2, xeon_e5_2438l_v3, xeon_e5_2440, xeon_e5_2440_v2, xeon_e5_2448l, xeon_e5_2448l_v2, xeon_e5_2450, xeon_e5_2450_v2, xeon_e5_2450l, xeon_e5_2450l_v2, xeon_e5_2470, xeon_e5_2470_v2, xeon_e5_2603, xeon_e5_2603_v2, xeon_e5_2603_v3, xeon_e5_2603_v4, xeon_e5_2608l_v3, xeon_e5_2608l_v4, xeon_e5_2609, xeon_e5_2609_v2, xeon_e5_2609_v3, xeon_e5_2609_v4, xeon_e5_2618l_v2, xeon_e5_2618l_v3, xeon_e5_2618l_v4, xeon_e5_2620, xeon_e5_2620_v2, xeon_e5_2620_v3, xeon_e5_2620_v4, xeon_e5_2623_v3, xeon_e5_2623_v4, xeon_e5_2628l_v2, xeon_e5_2628l_v3, xeon_e5_2628l_v4, xeon_e5_2630, xeon_e5_2630_v2, xeon_e5_2630_v3, xeon_e5_2630_v4, xeon_e5_2630l, xeon_e5_2630l_v2, xeon_e5_2630l_v3, xeon_e5_2630l_v4, xeon_e5_2637, xeon_e5_2637_v2, xeon_e5_2637_v3, xeon_e5_2637_v4, xeon_e5_2640, xeon_e5_2640_v2, xeon_e5_2640_v3, xeon_e5_2640_v4, xeon_e5_2643, xeon_e5_2643_v2, xeon_e5_2643_v3, xeon_e5_2643_v4, xeon_e5_2648l, xeon_e5_2648l_v2, xeon_e5_2648l_v3, xeon_e5_2648l_v4, xeon_e5_2650, xeon_e5_2650_v2, xeon_e5_2650_v3, xeon_e5_2650_v4, xeon_e5_2650l, xeon_e5_2650l_v2, xeon_e5_2650l_v3, xeon_e7, xeon_gold, xeon_platinum, xeon_silver, cortex-a, mrg_realtime, openstack, virtualization_manager, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, debian_linux, ubuntu_linux, itc1500_firmware, itc1500_pro_firmware, itc1900_firmware, itc1900_pro_firmware, itc2200_firmware, itc2200_pro_firmware, local_service_management_system, solaris, ruggedcom_ape_firmware, simatic_et_200_sp_firmware, simatic_field_pg_m4_firmware, simatic_field_pg_m5_firmware, simatic_ipc3000_smart_firmware, simatic_ipc347e_firmware, simatic_ipc427c_firmware, simatic_ipc427d_firmware, simatic_ipc427e_firmware, simatic_ipc477c_firmware, simatic_ipc477d_firmware, simatic_ipc477e_firmware, simatic_ipc477e_pro_firmware, simatic_ipc547e_firmware, simatic_ipc547g_firmware, simatic_ipc627c_firmware, simatic_ipc627d_firmware, simatic_ipc647c_firmware, simatic_ipc647d_firmware, simatic_ipc677d_firmware, simatic_ipc677c_firmware, simatic_ipc827c_firmware, simatic_ipc827d_firmware, simatic_ipc847c_firmware, simatic_ipc847d_firmware, simatic_itp1000_firmware, simatic_s7-1500_firmware, simotion_p320-4e_firmware, sinumerik_840_d_sl_firmware, sinumerik_pcu_50.5_firmware, sinumerik_tcu_30.3_firmware, sinema_remote_connect_firmware, micloud_management_portal, micollab, mivoic_mx-one, mivoice_5000, mivoice_border_gateway, mivoice_business, mivoice_connect, open_integration_gateway, cloud_global_management_system, email_security, global_management_system, secure_mobile_access, web_application_firewall, sonicosv, struxureware_data_center_expert, virtualization, jetson_tx1, jetson_tx2, surface, surface_book, surface_pro, surface_pro_with_lte_advanced, surface_studio, windows_10, windows_7, windows_8.1, windows_server_2008, windows_server_2012, windows_server_2016

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
2.1
Impact score
2.9
Exploitability score
3.9
Vector string
AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-203
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-203

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.CVE-2026-47337
  2. Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and could result in incorrect fine-grained mediation of network sockets.CVE-2026-47336
  3. Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic.CVE-2026-47335
  4. Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.CVE-2026-42825
  5. Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.CVE-2026-41095

References

Sources include official advisories and independent security research.