Vulnerability Report

CVE-2018-3639

Title: Intel Xeon E3 1125C V2 Information Disclosure

Information Disclosure

Proof Of Concept

PoC Available for CVE-2018-3639

CWE Category CWE-203
Published Date May 22, 2018
Modified Date May 29, 2026
Exploit Status Available
Score 5.5 CVSS v3.1
Exploit Probability (EPSS)
46.73%

Vulnerability Summary

CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Impacted Vendors

I
ibm 2
O
oracle 2
S
sonicwall 5
M
mitel 8
M
microsoft 5
O
openstack 1
W
websense 1
S
siemens 38
S
solarwinds 1
S
schneider-electric 1
N
nvidia 2
A
arm 1
I
intel 201
R
redhat 4
H
hillstonenet 1

Reference Links

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-22133 http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html http://www.openwall.com/lists/oss-security/2020/06/10/1 http://www.openwall.com/lists/oss-security/2020/06/10/2 http://www.openwall.com/lists/oss-security/2020/06/10/5 http://www.securityfocus.com/bid/104232 http://www.securitytracker.com/id/1040949 http://www.securitytracker.com/id/1042004 http://xenbits.xen.org/xsa/advisory-263.html https://access.redhat.com/errata/RHSA-2018:1629 https://access.redhat.com/errata/RHSA-2018:1630 https://access.redhat.com/errata/RHSA-2018:1632 https://access.redhat.com/errata/RHSA-2018:1633 https://access.redhat.com/errata/RHSA-2018:1635 https://access.redhat.com/errata/RHSA-2018:1636 https://access.redhat.com/errata/RHSA-2018:1637 https://access.redhat.com/errata/RHSA-2018:1638 https://access.redhat.com/errata/RHSA-2018:1639 https://access.redhat.com/errata/RHSA-2018:1640 https://access.redhat.com/errata/RHSA-2018:1641 https://access.redhat.com/errata/RHSA-2018:1642 https://access.redhat.com/errata/RHSA-2018:1643 https://access.redhat.com/errata/RHSA-2018:1644 https://access.redhat.com/errata/RHSA-2018:1645 https://access.redhat.com/errata/RHSA-2018:1646 https://access.redhat.com/errata/RHSA-2018:1647 https://access.redhat.com/errata/RHSA-2018:1648 https://access.redhat.com/errata/RHSA-2018:1649 https://access.redhat.com/errata/RHSA-2018:1650 https://access.redhat.com/errata/RHSA-2018:1651 https://access.redhat.com/errata/RHSA-2018:1652 https://access.redhat.com/errata/RHSA-2018:1653 https://access.redhat.com/errata/RHSA-2018:1654 https://access.redhat.com/errata/RHSA-2018:1655 https://access.redhat.com/errata/RHSA-2018:1656 https://access.redhat.com/errata/RHSA-2018:1657 https://access.redhat.com/errata/RHSA-2018:1658 https://access.redhat.com/errata/RHSA-2018:1659 https://access.redhat.com/errata/RHSA-2018:1660 https://access.redhat.com/errata/RHSA-2018:1661 https://access.redhat.com/errata/RHSA-2018:1662 https://access.redhat.com/errata/RHSA-2018:1663 https://access.redhat.com/errata/RHSA-2018:1664 https://access.redhat.com/errata/RHSA-2018:1665 https://access.redhat.com/errata/RHSA-2018:1666 https://access.redhat.com/errata/RHSA-2018:1667 https://access.redhat.com/errata/RHSA-2018:1668 https://access.redhat.com/errata/RHSA-2018:1669 https://access.redhat.com/errata/RHSA-2018:1674 https://access.redhat.com/errata/RHSA-2018:1675 https://access.redhat.com/errata/RHSA-2018:1676 https://access.redhat.com/errata/RHSA-2018:1686 https://access.redhat.com/errata/RHSA-2018:1688 https://access.redhat.com/errata/RHSA-2018:1689 https://access.redhat.com/errata/RHSA-2018:1690 https://access.redhat.com/errata/RHSA-2018:1696 https://access.redhat.com/errata/RHSA-2018:1710 https://access.redhat.com/errata/RHSA-2018:1711 https://access.redhat.com/errata/RHSA-2018:1737 https://access.redhat.com/errata/RHSA-2018:1738 https://access.redhat.com/errata/RHSA-2018:1826 https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1965 https://access.redhat.com/errata/RHSA-2018:1967 https://access.redhat.com/errata/RHSA-2018:1997 https://access.redhat.com/errata/RHSA-2018:2001 https://access.redhat.com/errata/RHSA-2018:2003 https://access.redhat.com/errata/RHSA-2018:2006 https://access.redhat.com/errata/RHSA-2018:2060 https://access.redhat.com/errata/RHSA-2018:2161 https://access.redhat.com/errata/RHSA-2018:2162 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2171 https://access.redhat.com/errata/RHSA-2018:2172 https://access.redhat.com/errata/RHSA-2018:2216 https://access.redhat.com/errata/RHSA-2018:2228 https://access.redhat.com/errata/RHSA-2018:2246 https://access.redhat.com/errata/RHSA-2018:2250 https://access.redhat.com/errata/RHSA-2018:2258 https://access.redhat.com/errata/RHSA-2018:2289 https://access.redhat.com/errata/RHSA-2018:2309 https://access.redhat.com/errata/RHSA-2018:2328 https://access.redhat.com/errata/RHSA-2018:2363 https://access.redhat.com/errata/RHSA-2018:2364 https://access.redhat.com/errata/RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3396 https://access.redhat.com/errata/RHSA-2018:3397 https://access.redhat.com/errata/RHSA-2018:3398 https://access.redhat.com/errata/RHSA-2018:3399 https://access.redhat.com/errata/RHSA-2018:3400 https://access.redhat.com/errata/RHSA-2018:3401 https://access.redhat.com/errata/RHSA-2018:3402 https://access.redhat.com/errata/RHSA-2018:3407 https://access.redhat.com/errata/RHSA-2018:3423 https://access.redhat.com/errata/RHSA-2018:3424 https://access.redhat.com/errata/RHSA-2018:3425 https://access.redhat.com/errata/RHSA-2019:0148 https://access.redhat.com/errata/RHSA-2019:1046 https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://nvidia.custhelp.com/app/answers/detail/a_id/4787 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004 https://seclists.org/bugtraq/2019/Jun/36 https://security.netapp.com/advisory/ntap-20180521-0001/ https://support.citrix.com/article/CTX235225 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel https://usn.ubuntu.com/3651-1/ https://usn.ubuntu.com/3652-1/ https://usn.ubuntu.com/3653-1/ https://usn.ubuntu.com/3653-2/ https://usn.ubuntu.com/3654-1/ https://usn.ubuntu.com/3654-2/ https://usn.ubuntu.com/3655-1/ https://usn.ubuntu.com/3655-2/ https://usn.ubuntu.com/3679-1/ https://usn.ubuntu.com/3680-1/ https://usn.ubuntu.com/3756-1/ https://usn.ubuntu.com/3777-3/ https://www.debian.org/security/2018/dsa-4210 https://www.debian.org/security/2018/dsa-4273 https://www.exploit-db.com/exploits/44695/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://www.kb.cert.org/vuls/id/180049 https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.synology.com/support/security/Synology_SA_18_23 https://www.us-cert.gov/ncas/alerts/TA18-141A http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-22133 http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html http://www.openwall.com/lists/oss-security/2020/06/10/1 http://www.openwall.com/lists/oss-security/2020/06/10/2 http://www.openwall.com/lists/oss-security/2020/06/10/5 http://www.securityfocus.com/bid/104232 http://www.securitytracker.com/id/1040949 http://www.securitytracker.com/id/1042004 http://xenbits.xen.org/xsa/advisory-263.html https://access.redhat.com/errata/RHSA-2018:1629 https://access.redhat.com/errata/RHSA-2018:1630 https://access.redhat.com/errata/RHSA-2018:1632 https://access.redhat.com/errata/RHSA-2018:1633 https://access.redhat.com/errata/RHSA-2018:1635 https://access.redhat.com/errata/RHSA-2018:1636 https://access.redhat.com/errata/RHSA-2018:1637 https://access.redhat.com/errata/RHSA-2018:1638 https://access.redhat.com/errata/RHSA-2018:1639 https://access.redhat.com/errata/RHSA-2018:1640 https://access.redhat.com/errata/RHSA-2018:1641 https://access.redhat.com/errata/RHSA-2018:1642 https://access.redhat.com/errata/RHSA-2018:1643 https://access.redhat.com/errata/RHSA-2018:1644 https://access.redhat.com/errata/RHSA-2018:1645 https://access.redhat.com/errata/RHSA-2018:1646 https://access.redhat.com/errata/RHSA-2018:1647 https://access.redhat.com/errata/RHSA-2018:1648 https://access.redhat.com/errata/RHSA-2018:1649 https://access.redhat.com/errata/RHSA-2018:1650 https://access.redhat.com/errata/RHSA-2018:1651 https://access.redhat.com/errata/RHSA-2018:1652 https://access.redhat.com/errata/RHSA-2018:1653 https://access.redhat.com/errata/RHSA-2018:1654 https://access.redhat.com/errata/RHSA-2018:1655 https://access.redhat.com/errata/RHSA-2018:1656 https://access.redhat.com/errata/RHSA-2018:1657 https://access.redhat.com/errata/RHSA-2018:1658 https://access.redhat.com/errata/RHSA-2018:1659 https://access.redhat.com/errata/RHSA-2018:1660 https://access.redhat.com/errata/RHSA-2018:1661 https://access.redhat.com/errata/RHSA-2018:1662 https://access.redhat.com/errata/RHSA-2018:1663 https://access.redhat.com/errata/RHSA-2018:1664 https://access.redhat.com/errata/RHSA-2018:1665 https://access.redhat.com/errata/RHSA-2018:1666 https://access.redhat.com/errata/RHSA-2018:1667 https://access.redhat.com/errata/RHSA-2018:1668 https://access.redhat.com/errata/RHSA-2018:1669 https://access.redhat.com/errata/RHSA-2018:1674 https://access.redhat.com/errata/RHSA-2018:1675 https://access.redhat.com/errata/RHSA-2018:1676 https://access.redhat.com/errata/RHSA-2018:1686 https://access.redhat.com/errata/RHSA-2018:1688 https://access.redhat.com/errata/RHSA-2018:1689 https://access.redhat.com/errata/RHSA-2018:1690 https://access.redhat.com/errata/RHSA-2018:1696 https://access.redhat.com/errata/RHSA-2018:1710 https://access.redhat.com/errata/RHSA-2018:1711 https://access.redhat.com/errata/RHSA-2018:1737 https://access.redhat.com/errata/RHSA-2018:1738 https://access.redhat.com/errata/RHSA-2018:1826 https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1965 https://access.redhat.com/errata/RHSA-2018:1967 https://access.redhat.com/errata/RHSA-2018:1997 https://access.redhat.com/errata/RHSA-2018:2001 https://access.redhat.com/errata/RHSA-2018:2003 https://access.redhat.com/errata/RHSA-2018:2006 https://access.redhat.com/errata/RHSA-2018:2060 https://access.redhat.com/errata/RHSA-2018:2161 https://access.redhat.com/errata/RHSA-2018:2162 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2171 https://access.redhat.com/errata/RHSA-2018:2172 https://access.redhat.com/errata/RHSA-2018:2216 https://access.redhat.com/errata/RHSA-2018:2228 https://access.redhat.com/errata/RHSA-2018:2246 https://access.redhat.com/errata/RHSA-2018:2250 https://access.redhat.com/errata/RHSA-2018:2258 https://access.redhat.com/errata/RHSA-2018:2289 https://access.redhat.com/errata/RHSA-2018:2309 https://access.redhat.com/errata/RHSA-2018:2328 https://access.redhat.com/errata/RHSA-2018:2363 https://access.redhat.com/errata/RHSA-2018:2364 https://access.redhat.com/errata/RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3396 https://access.redhat.com/errata/RHSA-2018:3397 https://access.redhat.com/errata/RHSA-2018:3398 https://access.redhat.com/errata/RHSA-2018:3399 https://access.redhat.com/errata/RHSA-2018:3400 https://access.redhat.com/errata/RHSA-2018:3401 https://access.redhat.com/errata/RHSA-2018:3402 https://access.redhat.com/errata/RHSA-2018:3407 https://access.redhat.com/errata/RHSA-2018:3423 https://access.redhat.com/errata/RHSA-2018:3424 https://access.redhat.com/errata/RHSA-2018:3425 https://access.redhat.com/errata/RHSA-2019:0148 https://access.redhat.com/errata/RHSA-2019:1046 https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://nvidia.custhelp.com/app/answers/detail/a_id/4787 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004 https://seclists.org/bugtraq/2019/Jun/36 https://security.netapp.com/advisory/ntap-20180521-0001/ https://support.citrix.com/article/CTX235225 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel https://usn.ubuntu.com/3651-1/ https://usn.ubuntu.com/3652-1/ https://usn.ubuntu.com/3653-1/ https://usn.ubuntu.com/3653-2/ https://usn.ubuntu.com/3654-1/ https://usn.ubuntu.com/3654-2/ https://usn.ubuntu.com/3655-1/ https://usn.ubuntu.com/3655-2/ https://usn.ubuntu.com/3679-1/ https://usn.ubuntu.com/3680-1/ https://usn.ubuntu.com/3756-1/ https://usn.ubuntu.com/3777-3/ https://www.debian.org/security/2018/dsa-4210 https://www.debian.org/security/2018/dsa-4273 https://www.exploit-db.com/exploits/44695/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://www.kb.cert.org/vuls/id/180049 https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.synology.com/support/security/Synology_SA_18_23 https://www.us-cert.gov/ncas/alerts/TA18-141A
CVSS v3.1
Source Entity [email protected]
Severity MEDIUM
5.5
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v3.1
Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity MEDIUM
5.5
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
Source Entity [email protected]
Severity LOW
2.1
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:L/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2018-3639 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/44695
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Stack

No specific products linked.