Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20180615-01-CPU
HistoryJun 15, 2018 - 12:00 a.m.

Security Advisory - Side-Channel Vulnerability Variants 3a and 4

2018-06-1500:00:00
Huawei Technologies
www.huawei.com
91

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON

Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown. These variants known as 3A (CVE-2018-3640)and 4 (CVE-2018-3639), local attackers may exploit these vulnerabilities to cause information leak on the affected system. (Vulnerability ID: HWPSIRT-2018-05139 and HWPSIRT-2018-05140)

Huawei has released software updates to fix these vulnerabilities in the following products.

This advisory will be updated as additional information becomes available, Please stay tuned. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180615-01-cpu-en.

Affected configurations

Vulners
Node
huawei1288h_v5Range<V100R005C00SPC117
OR
huawei2288h_v5Range<V100R005C00SPC117
OR
huawei2488_v5Range<V100R005C00SPC500
OR
huawei2488h_v5Range<V100R005C00SPC203
OR
huaweioceanstor_5800_v3Range<V100R003C00SPC706
OR
huaweiar3600Matchv200r006c10
OR
huaweibh620Range<V100R002C00SPC302
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC301
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC309
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC307
OR
huaweifusionserver_ch121_v3Matchv100r001c00spc305
OR
huaweifusionserver_ch121_v3Range<V100R001C00SPC261
OR
huaweifusionserver_ch121_v3Range<V100R001C00SPC131
OR
huaweioceanstor_5800_v3Range<V100R001C00SPC121
OR
huaweich121l_v5Range<V100R001C00SPC161
OR
huaweich121l_v5Range<V100R001C00SPC131
OR
huaweich140Matchv100r001c00
OR
huaweich140Range<V100R001C00SPC181
OR
huaweioceanstor_5800_v3Range<V100R001C00SPC161
OR
huaweifusionserver_ch220_v3Matchv100r001c00
OR
huaweifusionserver_ch220_v3Range<V100R001C00SPC261
OR
huaweich221Matchv100r001c00
OR
huaweifusionserver_ch222_v3Matchv100r002c00spc305
OR
huaweifusionserver_ch222_v3Range<V100R001C00SPC261
OR
huaweich225_v5Range<V100R001C00SPC161
OR
huaweioceanstor_5800_v3Range<V100R001C00SPC181
OR
huaweich240Matchv100r001c00
OR
huaweich242Matchv100r001c00
OR
huaweich242Range<V100R001C00SPC331
OR
huaweich242Range<V100R001C00SPC331
OR
huaweich242_v5Range<V100R001C00SPC121
OR
huaweifusioncomputeMatchv100r006c00
OR
huaweifusioncomputeMatchv100r006c10
OR
huaweifusioncubeMatchv100r002c02
OR
huaweifusioncubeMatchv100r002c30
OR
huaweifusioncubeMatchv100r002c70
OR
huaweifusionsphere_openstackMatchv100r005c00
OR
huaweifusionsphere_openstackMatchv100r005c10spc700
OR
huaweifusionsphere_openstackMatchv100r005c10spc701
OR
huaweifusionsphere_openstackMatchv100r006c00
OR
huaweifusionsphere_openstackMatchv100r006c10
OR
huaweifusionsphere_openstackMatchv1r6c00rc1spc1b060
OR
huaweimatebook_hz-w09Range<1.52
OR
huaweimatebook_hz-w19Range<1.52
OR
huaweimatebook_hz-w29Range<1.52
OR
huaweimatebook_b200Range<1.21
OR
huaweimatebook_d_pl-w09Range<1.21
OR
huaweimatebook_d_pl-w19Range<1.21
OR
huaweimatebook_d_pl-w29Range<1.21
OR
huaweimatebook_d_mrc-w10Range<1.19
OR
huaweimatebook_d_mrc-w50Range<1.19
OR
huaweimatebook_d_mrc-w60Range<1.19
OR
huaweimatebook_x_wt-w19Range<1.12
OR
huaweimatebook_hz-w29Range<1.12
OR
huaweihonor_magicbook_vlt-w50Range<1.12
OR
huaweihonor_magicbook_vlt-w60Range<1.12
OR
huaweimanageoneMatch3.0.5
OR
huaweimanageoneMatch3.0.7
OR
huaweimanageoneMatch3.0.8
OR
huaweimanageoneMatch3.0.9
OR
huaweioceanstor_replicationdirectorMatchv100r001c30spc300
OR
huaweioceanstor_5800_v3Matchv300r003c00
OR
huaweioceanstor_5800_v3Matchv300r006c10spc100
OR
huaweioceanstor_5800_v3Matchv300r006c10spc100
OR
huawei18800Matchv100r001c30spc300
OR
huawei18800Matchv300r006c10spc100
OR
huawei18800fMatchv100r001c30spc300
OR
huawei18800fMatchv300r006c10spc100
OR
huaweioceanstor_5800_v3Matchv300r006c10spc100
OR
huaweioceanstor_5800_v3Matchv300r006c10spc100
OR
huaweioceanstor_5800_v3Matchv300r006c10spc100
OR
huaweioceanstor_5800_v3Matchv300r006c10spc100
OR
huaweioceanstor_5800_v3Matchv300r006c10spc100
OR
huaweihvs85tMatchv100r001c00
OR
huaweihvs88tMatchv100r001c00
OR
huaweioceanstor_replicationdirectorMatchv200r001c00
OR
huaweifusionserver_rh1288_v3Range<V100R002C00SPC640
OR
huaweifusionserver_rh1288_v3Range<V100R003C00SPC706
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC710
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC510
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC609
OR
huaweirh2285Range<V100R002C00SPC511
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC511
OR
huaweifusionserver_rh2288_v3Range<V100R002C00SPC610
OR
huaweifusionserver_rh2288_v3Range<V100R003C00SPC706
OR
huaweifusionserver_rh2288a_v2Range<V100R002C00SPC710
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC302
OR
huaweifusionserver_rh2288h_v3Range<V100R002C00SPC620
OR
huaweifusionserver_rh2288h_v3Range<V100R003C00SPC706
OR
huaweifusionserver_rh1288a_v2Range<V100R002C00SPC713
OR
huaweifusionserver_rh1288a_v2Range<V100R001C02SPC306
OR
huaweifusionserver_rh1288a_v2Range<V100R001C02SPC306
OR
huaweioceanstor_5800_v3Range<V100R003C01SPC127
OR
huaweioceanstor_5800_v3Range<V100R003C10SPC121
OR
huaweioceanstor_5800_v3Range<V100R003C00SPC218
OR
huaweioceanstor_5800_v3Range<V100R003C00SPC218
OR
huaweioceanstor_5800_v3Range<V100R003C10SPC120
OR
huaweifusionserver_rh8100_v3Range<V100R003C00SPC229
OR
huaweifusionserver_rh8100_v3Range<V100R003C00SPC229
OR
huaweirse6500Matchv500r002c00
OR
huaweismc2.0Matchv100r003c10
OR
huaweismc2.0Matchv500r002c00
OR
huaweitaishan200_2180k\[1\]Range<1.1.0.SPC133
OR
huaweitaishan200_2280\[1\]Range<1.0.0.SPC133
OR
huaweitaishan200_2280k\[1\]Range<1.1.0.SPC133
OR
huaweitaishan200_5280\[1\]Range<1.2.0.SPC133
OR
huaweivp9630Matchv600r006c10
OR
huaweivp9660Matchv600r006c10
OR
huaweioceanstor_5800_v3Range<V100R003C00SPC706
OR
huaweixh321_v5Range<V100R003C00SPC706
OR
huaweixh620Range<V100R003C00SPC706
OR
huaweioceanstor_5800_v3Range<V100R003C00SPC706
OR
huaweifusionserver_xh628_v3Range<V100R003C00SPC706
OR
huaweiecns280Matchv100r005c00
OR
huaweiese620x_vessMatchv100r001c00
OR
huaweiese620x_vessMatchv100r001c10
OR
huaweiimanager_netecoMatchv600r007c00
OR
huaweiimanager_netecoMatchv600r007c10
OR
huaweiimanager_netecoMatchv600r007c11
OR
huaweiimanager_netecoMatchv600r007c12
OR
huaweiimanager_netecoMatchv600r007c20
OR
huaweiimanager_netecoMatchv600r007c40
OR
huaweiimanager_netecoMatchv600r008c00
OR
huaweiimanager_netecoMatchv600r008c10
OR
huaweiimanager_netecoMatchv600r008c20
OR
huaweiimanager_netecoMatchv600r008c30
OR
huaweiimanager_neteco_6000Matchv600r007c40
OR
huaweiimanager_neteco_6000Matchv600r007c60
OR
huaweiimanager_neteco_6000Matchv600r007c80
OR
huaweiimanager_neteco_6000Matchv600r007c90
OR
huaweiimanager_neteco_6000Matchv600r008c00

Related

nessus 70
openvas 39
suse 4
ibm 10
debian 4
cisco 1
mscve 2
osv 3
threatpost 1
qualysblog 1
mageia 2
intel 1
hp 1
vmware 1
ubuntu 1
cloudfoundry 1
f5 3
cert 1
lenovo 3
cve 1
cvelist 1
ubuntucve 2
prion 1
nvd 1
redhatcve 1
debiancve 2
oraclelinux 2
centos 5
redhat 28
fedora 3
citrix 1
virtuozzo 1
slackware 1
nessus
nessus
SUSE SLED12 / SLES12 Security Update : Recommended update for ucode-intel (SUSE-SU-2018:1935-1) (Spectre)
2018-07-13 00:00:00
openSUSE Security Update : ucode-intel (openSUSE-2019-510) (Spectre)
2019-03-27 00:00:00
openSUSE Security Update : ucode-intel (openSUSE-2018-700) (Spectre)
2018-07-09 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1446-1)
2018-07-26 00:00:00
openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2018:1904-1)
2018-07-07 00:00:00
Huawei Data Communication: Side-Channel Vulnerability Variants 3a and 4 (huawei-sa-20180615-01-cpu)
2020-05-26 00:00:00
suse
suse
Security update for ucode-intel (important)
2018-07-06 21:08:25
Security update to ucode-intel (important)
2018-08-17 12:10:34
Security update for libvirt (moderate)
2018-08-13 12:07:25
ibm
ibm
Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)
2019-01-24 12:55:01
Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)
2019-01-24 12:55:01
Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)
2019-01-24 12:55:01
debian
debian
[SECURITY] [DSA 4273-2] intel-microcode security update
2018-09-16 20:43:40
[SECURITY] [DLA 1446-1] intel-microcode security update
2018-07-27 05:08:13
[SECURITY] [DSA 4273-1] intel-microcode security update
2018-08-16 20:43:21
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
2018-05-22 01:00:00
mscve
mscve
Microsoft Guidance for Speculative Store Bypass
2018-05-21 07:00:00
Microsoft Guidance for Rogue System Register Read
2018-05-21 07:00:00
osv
osv
intel-microcode - security update
2018-09-16 00:00:00
intel-microcode - security update
2018-08-16 00:00:00
intel-microcode - security update
2018-07-27 00:00:00
threatpost
threatpost
Intel Responds to Spectre-Like Flaw In CPUs
2018-05-22 14:03:08
qualysblog
qualysblog
All Hands Memo to Owners of Home / Small Office Routers: Reboot Them!
2018-05-30 14:33:42
mageia
mageia
Updated microcode packages fix security vulnerability
2018-07-25 11:24:17
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
intel
intel
Q2 2018 Speculative Execution Side Channel Update
2021-05-11 00:00:00
hp
hp
HPSBHF03584 rev. 8 - Derivative Side-Channel Analysis Method
2018-05-04 00:00:00
vmware
vmware
VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.
2018-05-21 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerabilities
2018-08-27 00:00:00
cloudfoundry
cloudfoundry
USN-3756-1: Intel Microcode vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
f5
f5
K58304450 : Multiple Intel Processor vulnerabilities: Spectre-NG
2018-05-30 00:00:00
K51801290 : RSRE Variant 3a vulnerability CVE-2018-3640
2018-07-03 00:00:00
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
cert
cert
CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
2018-05-21 00:00:00
lenovo
lenovo
Speculative Execution Side Channel Variants 4 and 3a - US
2018-09-13 11:41:00
Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US
2018-10-16 12:02:18
Intel Software Guard Extensions (SGX) Vulnerabilities - US
2018-08-22 18:58:00
cve
cve
CVE-2018-3640
2018-05-22 12:29:00
cvelist
cvelist
CVE-2018-3640
2018-05-21 00:00:00
ubuntucve
ubuntucve
CVE-2018-3640
2018-05-21 00:00:00
CVE-2018-3639
2018-05-21 00:00:00
prion
prion
Design/Logic Flaw
2018-05-22 12:29:00
nvd
nvd
CVE-2018-3640
2018-05-22 12:29:00
redhatcve
redhatcve
CVE-2018-3640
2018-05-21 21:19:45
debiancve
debiancve
CVE-2018-3640
2018-05-22 12:29:00
CVE-2018-3639
2018-05-22 12:29:00
oraclelinux
oraclelinux
libvirt security update
2018-05-22 00:00:00
qemu-kvm security update
2018-05-22 00:00:00
centos
centos
kernel, perf, python security update
2018-05-22 15:35:50
qemu security update
2018-07-03 18:54:02
java security update
2018-05-22 15:32:03
redhat
redhat
(RHSA-2018:2171) Important: kernel security update
2018-07-11 15:14:50
(RHSA-2018:1633) Important: qemu-kvm security update
2018-05-21 21:13:32
(RHSA-2018:1690) Important: vdsm security update
2018-05-22 08:43:58
fedora
fedora
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.212.b04-0.fc29
2019-05-03 03:43:22
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-07-27 21:57:40

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON
Related for HUAWEI-SA-20180615-01-CPU
nessus70openvas39suse4ibm10debian4cisco1mscve2osv3threatpost1qualysblog1mageia2intel1hp1vmware1ubuntu1cloudfoundry1f53cert1lenovo3cve1cvelist1ubuntucve2prion1nvd1redhatcve1debiancve2oraclelinux2centos5redhat28fedora3citrix1virtuozzo1slackware1