CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
65.2%
Systems with microprocessors utilizing speculative execution and
speculative execution of memory reads before the addresses of all prior
memory writes are known may allow unauthorized disclosure of information to
an attacker with local user access via a side-channel analysis, aka
Speculative Store Bypass (SSB), Variant 4.
Author | Note |
---|---|
tyhicks | “Variant 4” The break-fix lines for this CVE are not complete since a large number of patches are required to mitigate this issue. The commit(s) listed are chosen as placeholders for automated CVE triage purposes. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | intel-microcode | < 3.20180807a.0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | intel-microcode | < 3.20180807a.0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | intel-microcode | < 3.20180807a.0ubuntu0.16.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-149.199 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-127.153 | UNKNOWN |
ubuntu | 17.10 | noarch | linux | < 4.13.0-43.48 | UNKNOWN |
ubuntu | 18.04 | noarch | linux | < 4.15.0-22.24 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1022.22 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1060.69 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1009.9 | UNKNOWN |
xenbits.xen.org/xsa/advisory-263.html
bugs.chromium.org/p/project-zero/issues/detail?id=1528
launchpad.net/bugs/cve/CVE-2018-3639
nvd.nist.gov/vuln/detail/CVE-2018-3639
security-tracker.debian.org/tracker/CVE-2018-3639
ubuntu.com/security/notices/USN-3651-1
ubuntu.com/security/notices/USN-3652-1
ubuntu.com/security/notices/USN-3653-1
ubuntu.com/security/notices/USN-3653-2
ubuntu.com/security/notices/USN-3654-1
ubuntu.com/security/notices/USN-3654-2
ubuntu.com/security/notices/USN-3655-1
ubuntu.com/security/notices/USN-3655-2
ubuntu.com/security/notices/USN-3679-1
ubuntu.com/security/notices/USN-3680-1
ubuntu.com/security/notices/USN-3756-1
ubuntu.com/security/notices/USN-3777-3
www.cve.org/CVERecord?id=CVE-2018-3639
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
65.2%