Skip to main content

Atom C CVE-2018-3639

MEDIUM
Observable Discrepancy (CWE-203)
2018-05-22 secure@intel.com
Authentication Bypass Atom C Atom E Atom X5 E3930 Atom X5 E3940 Atom X7 E3950 Atom Z Celeron J Celeron N Core I3 Core I5 Core I7 Core M Pentium Pentium J Pentium Silver Xeon E 1105C Xeon E3 Xeon E3 1105C V2 Xeon E3 1125C V2 Xeon E3 1220 V2 Xeon E3 1220 V3 Xeon E3 1220 V5 Xeon E3 1220 V6 Xeon E3 12201 Xeon E3 12201 V2 Xeon E3 1220L V3 Xeon E3 1225 Xeon E3 1225 V2 Xeon E3 1225 V3 Xeon E3 1225 V5 Xeon E3 1225 V6 Xeon E3 1226 V3 Xeon E3 1230 Xeon E3 1230 V2 Xeon E3 1230 V3 Xeon E3 1230 V5 Xeon E3 1230 V6 Xeon E3 1230L V3 Xeon E3 1231 V3 Xeon E3 1235 Xeon E3 1235L V5 Xeon E3 1240 Xeon E3 1240 V2 Xeon E3 1240 V3 Xeon E3 1240 V5 Xeon E3 1240 V6 Xeon E3 1240L V3 Xeon E3 1240L V5 Xeon E3 1241 V3 Xeon E3 1245 Xeon E3 1245 V2 Xeon E3 1245 V3 Xeon E3 1245 V5 Xeon E3 1245 V6 Xeon E3 1246 V3 Xeon E3 1258L V4 Xeon E3 1260L Xeon E3 1260L V5 Xeon E3 1265L V2 Xeon E3 1265L V3 Xeon E3 1265L V4 Xeon E3 1268L V3 Xeon E3 1268L V5 Xeon E3 1270 Xeon E3 1270 V2 Xeon E3 1270 V3 Xeon E3 1270 V5 Xeon E3 1270 V6 Xeon E3 1271 V3 Xeon E3 1275 V2 Xeon E3 1275 V3 Xeon E3 1275 V5 Xeon E3 1275 V6 Xeon E3 1275L V3 Xeon E3 1276 V3 Xeon E3 1278L V4 Xeon E3 1280 Xeon E3 1280 V2 Xeon E3 1280 V3 Xeon E3 1280 V5 Xeon E3 1280 V6 Xeon E3 1281 V3 Xeon E3 1285 V3 Xeon E3 1285 V4 Xeon E3 1285 V6 Xeon E3 1285L V3 Xeon E3 1285L V4 Xeon E3 1286 V3 Xeon E3 1286L V3 Xeon E3 1290 Xeon E3 1290 V2 Xeon E3 1501L V6 Xeon E3 1501M V6 Xeon E3 1505L V5 Xeon E3 1505L V6 Xeon E3 1505M V5 Xeon E5 Xeon E5 1428L Xeon E5 1428L V2 Xeon E5 1428L V3 Xeon E5 1620 Xeon E5 1620 V2 Xeon E5 1620 V3 Xeon E5 1620 V4 Xeon E5 1630 V3 Xeon E5 1630 V4 Xeon E5 1650 Xeon E5 1650 V2 Xeon E5 1650 V3 Xeon E5 1650 V4 Xeon E5 1660 Xeon E5 1660 V2 Xeon E5 1660 V3 Xeon E5 1660 V4 Xeon E5 1680 V3 Xeon E5 1680 V4 Xeon E5 2403 Xeon E5 2403 V2 Xeon E5 2407 Xeon E5 2407 V2 Xeon E5 2408L V3 Xeon E5 2418L Xeon E5 2418L V2 Xeon E5 2418L V3 Xeon E5 2420 Xeon E5 2420 V2 Xeon E5 2428L Xeon E5 2428L V2 Xeon E5 2428L V3 Xeon E5 2430 Xeon E5 2430 V2 Xeon E5 2430L Xeon E5 2430L V2 Xeon E5 2438L V3 Xeon E5 2440 Xeon E5 2440 V2 Xeon E5 2448L Xeon E5 2448L V2 Xeon E5 2450 Xeon E5 2450 V2 Xeon E5 2450L Xeon E5 2450L V2 Xeon E5 2470 Xeon E5 2470 V2 Xeon E5 2603 Xeon E5 2603 V2 Xeon E5 2603 V3 Xeon E5 2603 V4 Xeon E5 2608L V3 Xeon E5 2608L V4 Xeon E5 2609 Xeon E5 2609 V2 Xeon E5 2609 V3 Xeon E5 2609 V4 Xeon E5 2618L V2 Xeon E5 2618L V3 Xeon E5 2618L V4 Xeon E5 2620 Xeon E5 2620 V2 Xeon E5 2620 V3 Xeon E5 2620 V4 Xeon E5 2623 V3 Xeon E5 2623 V4 Xeon E5 2628L V2 Xeon E5 2628L V3 Xeon E5 2628L V4 Xeon E5 2630 Xeon E5 2630 V2 Xeon E5 2630 V3 Xeon E5 2630 V4 Xeon E5 2630L Xeon E5 2630L V2 Xeon E5 2630L V3 Xeon E5 2630L V4 Xeon E5 2637 Xeon E5 2637 V2 Xeon E5 2637 V3 Xeon E5 2637 V4 Xeon E5 2640 Xeon E5 2640 V2 Xeon E5 2640 V3 Xeon E5 2640 V4 Xeon E5 2643 Xeon E5 2643 V2 Xeon E5 2643 V3 Xeon E5 2643 V4 Xeon E5 2648L Xeon E5 2648L V2 Xeon E5 2648L V3 Xeon E5 2648L V4 Xeon E5 2650 Xeon E5 2650 V2 Xeon E5 2650 V3 Xeon E5 2650 V4 Xeon E5 2650L Xeon E5 2650L V2 Xeon E5 2650L V3 Xeon E7 Xeon Gold Xeon Platinum Xeon Silver Cortex A Mrg Realtime Openstack Virtualization Manager Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Debian Linux Ubuntu Linux Itc1500 Firmware Itc1500 Pro Firmware Itc1900 Firmware Itc1900 Pro Firmware Itc2200 Firmware Itc2200 Pro Firmware Local Service Management System Solaris Ruggedcom Ape Firmware Simatic Et 200 Sp Firmware Simatic Field Pg M4 Firmware Simatic Field Pg M5 Firmware Simatic Ipc3000 Smart Firmware Simatic Ipc347E Firmware Simatic Ipc427C Firmware Simatic Ipc427D Firmware Simatic Ipc427E Firmware Simatic Ipc477C Firmware Simatic Ipc477D Firmware Simatic Ipc477E Firmware Simatic Ipc477E Pro Firmware Simatic Ipc547E Firmware Simatic Ipc547G Firmware Simatic Ipc627C Firmware Simatic Ipc627D Firmware Simatic Ipc647C Firmware Simatic Ipc647D Firmware Simatic Ipc677D Firmware Simatic Ipc677C Firmware Simatic Ipc827C Firmware Simatic Ipc827D Firmware Simatic Ipc847C Firmware Simatic Ipc847D Firmware Simatic Itp1000 Firmware Simatic S7 1500 Firmware Simotion P320 4E Firmware Sinumerik 840 D Sl Firmware Sinumerik Pcu 50 5 Firmware Sinumerik Tcu 30 3 Firmware Sinema Remote Connect Firmware Micloud Management Portal Micollab Mivoic Mx One Mivoice 5000 Mivoice Border Gateway Mivoice Business Mivoice Connect Open Integration Gateway Cloud Global Management System Email Security Global Management System Secure Mobile Access Web Application Firewall Sonicosv Struxureware Data Center Expert Virtualization Jetson Tx1 Jetson Tx2 Surface Surface Book Surface Pro Surface Pro With Lte Advanced Surface Studio Windows 10 Windows 7 Windows 8 1 Windows Server 2008 Windows Server 2012 Windows Server 2016
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 22, 2018 - 12:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

AnalysisAI

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Technical ContextAI

This vulnerability is classified under CWE-203. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Affected products include: Intel Atom C, Intel Atom E, Intel Atom X5-E3930, Intel Atom X5-E3940, Intel Atom X7-E3950.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2018-3639 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy