Published: 22/05/2018 Updated: 24/08/2020

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1

VMScore: 419

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Vulnerable Product	Search on Vulmon	Subscribe to Product
intel pentium j j4205
intel celeron n n3450
intel atom z z2560
intel atom z z2580
intel atom z z3590
intel atom z z3735d
intel atom z z3740d
intel atom z z3745
intel atom z z3795
intel atom z z2420
intel atom c c3338
intel atom c c3508
intel atom c c3830
intel atom c c3850
intel xeon silver 4110
intel xeon silver 4112
intel xeon platinum 8160
intel xeon platinum 8160f
intel xeon platinum 8176
intel xeon platinum 8176f
intel xeon gold 85120
intel pentium silver j5005
intel pentium n4100
intel celeron j j3455
intel atom z z2460
intel atom z z3480
intel atom z z3530
intel atom z z3735g
intel atom z z3736f
intel atom z z3770d
intel atom z z3775
intel atom e e3826
intel atom e e3827
intel atom e e3845
intel atom c c3708
intel atom c c3750
intel atom c c3955
intel atom c c3958
intel xeon silver 4116t
intel xeon silver 4108
intel xeon platinum 8164
intel xeon platinum 8168
intel xeon platinum 8153
intel xeon gold 85115
intel xeon gold 86126t
intel xeon gold 86128
intel xeon gold 86136
intel xeon gold 86138
intel xeon gold 86142m
intel xeon gold 86144
intel xeon e7 2820
intel xeon e7 2830
intel xeon e7 2890_v2
intel xeon e7 4807
intel xeon e7 4820_v4
intel xeon e7 4830
intel xeon e7 4860
intel xeon e7 4860_v2
intel xeon e7 8850
intel xeon e7 8850_v2
intel xeon e7 8867l
intel xeon e7 8870
intel xeon e7 8870_v2
intel xeon e7 8880l_v3
intel xeon e7 8890_v2
intel xeon e7 8893_v3
intel xeon e7 8893_v4
intel xeon e5 1620 v3 -
intel xeon e5 1620 v4 -
intel xeon e5 1630 v3 -
intel xeon e5 1660 v2 -
intel xeon e5 1660 v3 -
intel xeon e5 2407 v2 -
intel xeon e5 2408l v3 -
intel xeon e5 2428l v3 -
intel xeon e5 2430 -
intel xeon e5 2448l -
intel xeon e5 2448l v2 -
intel xeon e5 2603 -
intel xeon e5 2603 v2 -
intel xeon e5 2609 v4 -
intel xeon e5 2618l v2 -
intel xeon e5 2623 v3 -
intel xeon e5 2623 v4 -
intel xeon e5 2630 v4 -
intel xeon e5 2630l -
intel xeon e5 2640 -
intel xeon e5 2640 v2 -
intel pentium silver n5000
intel celeron j j4005
intel celeron j j4105
intel atom z z2760
intel atom z z3460
intel atom z z3735e
intel atom z z3735f
intel atom z z3745d
intel atom z z3770
intel atom e e3815
intel atom e e3825
intel atom c c3538
intel atom c c3558
intel atom c c3858
intel atom c c3950
intel xeon silver 4114
intel xeon silver 4114t
intel xeon silver 4116
intel xeon platinum 8160m
intel xeon platinum 8160t
intel xeon platinum 8176m
intel xeon platinum 8180
intel xeon gold 85122
intel xeon gold 86126
intel xeon gold 86126f
intel xeon gold 86134
intel xeon gold 86134m
intel xeon gold 86142
intel xeon gold 86142f
intel xeon gold 86154
intel xeon gold 5115
intel xeon e7 2870_v2
intel xeon e7 2880_v2
intel xeon e7 4820_v2
intel xeon e7 4820_v3
intel xeon e7 4850_v3
intel xeon e7 4850_v4
intel xeon e7 8830
intel xeon e7 8837
intel xeon e7 8867_v3
intel xeon e7 8867_v4
intel xeon e7 8880_v4
intel xeon e7 8880l_v2
intel xeon e7 8891_v4
intel xeon e7 8893_v2
intel xeon e5 1620 -
intel xeon e5 1620 v2 -
intel xeon e5 1650 v4 -
intel xeon e5 1660 -
intel xeon e5 2403 v2 -
intel xeon e5 2407 -
intel xeon e5 2420 v2 -
intel xeon e5 2428l -
intel xeon e5 2428l v2 -
intel xeon e5 2440 -
intel xeon e5 2440 v2 -
intel xeon e5 2470 -
intel xeon e5 2470 v2 -
intel xeon e5 2609 v2 -
intel xeon e5 2609 v3 -
intel xeon e5 2620 v3 -
intel xeon e5 2620 v4 -
intel xeon e5 2630 v2 -
intel xeon e5 2630 v3 -
intel xeon e5 2637 v3 -
intel xeon e5 2637 v4 -
intel xeon e5 2643 v3 -
intel xeon e5 2643 v4 -
intel xeon e5 2650 v3 -
intel xeon e5 2650 v4 -
intel xeon gold 85120t
intel xeon gold 86130t
intel xeon gold 86132
intel xeon gold 86140
intel xeon gold 86140m
intel xeon gold 86148f
intel xeon gold 86150
intel xeon gold 86152
intel xeon e7 2860
intel xeon e7 2870
intel xeon e7 4809_v4
intel xeon e7 4820
intel xeon e7 4850
intel xeon e7 4850_v2
intel xeon e7 4880_v2
intel xeon e7 4890_v2
intel xeon e7 8860_v3
intel xeon e7 8860_v4
intel xeon e7 8880_v2
intel xeon e7 8880_v3
intel xeon e7 8891_v2
intel xeon e7 8891_v3
intel xeon e5 1428l v2 -
intel xeon e5 1428l v3 -
intel xeon e5 1650 v2 -
intel xeon e5 1650 v3 -
intel xeon e5 1680 v4 -
intel xeon e5 2403 -
intel xeon e5 2418l v3 -
intel xeon e5 2420 -
intel xeon e5 2430l v2 -
intel xeon e5 2438l v3 -
intel xeon e5 2450l -
intel xeon e5 2450l v2 -
intel xeon e5 2608l v3 -
intel xeon e5 2608l v4 -
intel xeon e5 2609 -
intel xeon e5 2620 -
intel xeon e5 2620 v2 -
intel xeon e5 2628l v4 -
intel xeon e5 2630 -
intel xeon e5 2637 -
intel xeon e5 2637 v2 -
intel xeon e5 2643 -
intel xeon e5 2643 v2 -
intel xeon e5 2650 -
intel xeon e5 2650 v2 -
intel xeon e5 2658_v2
intel xeon e5 2658_v3
intel xeon e5 2665
intel xeon e5 2667
intel xeon e5 2680
intel xeon e5 2680_v2
intel xeon e5 2687w_v4
intel xeon e5 2690
intel xeon e5 2697_v2
intel xeon e5 2697_v3
intel xeon e5 2699a_v4
intel xeon e5 2699r_v4
intel xeon e5 4610_v4
intel xeon e5 4617
intel xeon e5 4627_v3
intel xeon e5 4627_v4
intel xeon e5 4650
intel xeon e5 4650_v2
intel xeon e5 4650_v3
intel xeon e5 4660_v4
intel xeon e5 4667_v3
intel xeon e3 1125c v2 -
intel xeon e3 1220_
intel xeon e3 1225 -
intel xeon e3 1225 v2 -
intel xeon e3 1230 v3 -
intel xeon e3 1230 v5 -
intel xeon e3 1240 v2 -
intel xeon e3 1240 v3 -
intel xeon e3 1245 v3 -
intel xeon e3 1245 v5 -
intel xeon e3 1265l v3 -
intel xeon e5 2648l -
intel xeon e5 2648l v2 -
intel xeon e5 2650l -
intel xeon e5 2650l v2 -
intel xeon e5 2650l v3 -
intel xeon e5 2660
intel xeon e5 2660_v2
intel xeon e5 2667_v4
intel xeon e5 2670
intel xeon e5 2683_v3
intel xeon e5 2683_v4
intel xeon e5 2687w
intel xeon e5 2690_v4
intel xeon e5 2695_v2
intel xeon e5 2698_v3
intel xeon e5 2698_v4
intel xeon e5 4607_v2
intel xeon e5 4610
intel xeon e5 4620_v3
intel xeon e5 4620_v4
intel xeon e5 4640_v2
intel xeon e5 4640_v3
intel xeon e5 4655_v3
intel xeon e5 4655_v4
intel xeon e5 4669_v4
intel xeon e5 1428l -
intel xeon e3 1220 v5 -
intel xeon e3 1220 v6 -
intel xeon e3 1225 v6 -
intel xeon e3 1226 v3 -
intel xeon e3 1231 v3 -
intel xeon e3 1235 -
intel xeon e3 1240l v3 -
intel xeon e3 1240l v5 -
intel xeon e3 1258l v4 -
intel xeon e3 1260l -
intel xeon e3 1270 -
intel xeon e3 1270 v2 -
intel xeon e3 1275 v3 -
intel xeon e3 1275 v5 -
intel xeon e3 1275 v6 -
intel xeon e3 1280 v5 -
intel xeon e3 1280 v6 -
intel xeon e3 1286 v3 -
intel xeon e3 1286l v3 -
intel xeon e3 1505m_v6
intel xeon e3 1515m_v5
intel xeon e3 1578l_v5
intel xeon e3 1585_v5
intel xeon e3 x3440
intel xeon e3 x3450
intel xeon e3 l5520
intel xeon e3 l5530
intel xeon e3 e5530
intel xeon e3 e5540
intel xeon e3 e6510
intel xeon e3 e6540
intel core i5 45nm
intel core i3 45nm
intel xeon e5 2658_v4
intel xeon e5 2658a_v3
intel xeon e5 2667_v2
intel xeon e5 2667_v3
intel xeon e5 2680_v3
intel xeon e5 2680_v4
intel xeon e5 2690_v2
intel xeon e5 2690_v3
intel xeon e5 2697_v4
intel xeon e5 2697a_v4
intel xeon e5 4603
intel xeon e5 4603_v2
intel xeon e5 4607
intel xeon e5 4620
intel xeon e5 4620_v2
intel xeon e5 4628l_v4
intel xeon e5 4640
intel xeon e5 4650_v4
intel xeon e5 4650l
intel xeon e5 4667_v4
intel xeon e5 4669_v3
intel xeon e3 1220 v2 -
intel xeon e3 1220 v3 -
intel xeon e3 1225 v3 -
intel xeon e3 1225 v5 -
intel xeon e3 1230 v6 -
intel xeon e3 1230l v3 -
intel xeon e3 1240 v5 -
intel xeon e3 1240 v6 -
intel xeon e3 1245 v6 -
intel xeon e3 1246 v3 -
intel xeon e3 1268l v3 -
intel xeon e3 1268l v5 -
intel xeon e3 1275_
intel xeon e3 1275 v2 -
intel xeon e3 1280 v2 -
intel xeon e3 1280 v3 -
intel xeon e3 1285l v3 -
intel xeon e3 1285l v4 -
intel xeon e3 1505l v5 -
intel xeon e3 1505l v6 -
intel xeon e3 1505m v5 -
intel xeon e3 1565l_v5
intel xeon e3 1575m_v5
intel xeon e3 l3426
intel xeon e3 x3430
intel xeon e3 l5508_
intel xeon e3 l5518_
intel xeon e3 e5507
intel xeon e3 e5520
intel xeon e3 w5590
intel xeon e3 5600
intel core i7 32nm
intel core i5 32nm
intel xeon e3 1265l v4 -
intel xeon e3 1270 v6 -
intel xeon e3 1271 v3 -
intel xeon e3 1278l v4 -
intel xeon e3 1280 -
intel xeon e3 1285 v4 -
intel xeon e3 1285 v6 -
intel xeon e3 1501l v6 -
intel xeon e3 1501m v6 -
intel xeon e3 1545m_v5
intel xeon e3 1558l_v5
intel xeon e3 l3403
intel xeon e3 l3406
intel xeon e3 x3480
intel xeon e3 3600
intel xeon e3 l5506
intel xeon e3 e5504
intel xeon e3 e5506
intel xeon e3 x5570
intel xeon e3 w5580
intel core m 45nm
intel core i7 45nm
intel pentium n4200
intel pentium n4000
intel atom z z2480
intel atom z z2520
intel atom z z3560
intel atom z z3570
intel atom z z3580
intel atom z z3736g
intel atom z z3740
intel atom z z3775d
intel atom z z3785
intel atom e e3805
intel atom c c3308
intel atom c c3758
intel atom c c3808
intel atom c c2308
intel xeon silver 4109t
intel xeon platinum 8156
intel xeon platinum 8158
intel xeon platinum 8170
intel xeon platinum 8170m
intel xeon gold 85118
intel xeon gold 85119t
intel xeon gold 86130
intel xeon gold 86130f
intel xeon gold 86138f
intel xeon gold 86138t
intel xeon gold 86146
intel xeon gold 86148
intel xeon e7 2850
intel xeon e7 2850_v2
intel xeon e7 4809_v2
intel xeon e7 4809_v3
intel xeon e7 4830_v2
intel xeon e7 4830_v3
intel xeon e7 4830_v4
intel xeon e7 4870
intel xeon e7 4870_v2
intel xeon e7 8857_v2
intel xeon e7 8860
intel xeon e7 8870_v3
intel xeon e7 8870_v4
intel xeon e7 8890_v3
intel xeon e7 8890_v4
intel xeon e7 8894_v4
intel xeon e7 2803
intel xeon e5 1630 v4 -
intel xeon e5 1650 -
intel xeon e5 1660 v4 -
intel xeon e5 1680 v3 -
intel xeon e5 2418l -
intel xeon e5 2418l v2 -
intel xeon e5 2430 v2 -
intel xeon e5 2430l -
intel xeon e5 2450 -
intel xeon e5 2450 v2 -
intel xeon e5 2603 v3 -
intel xeon e5 2603 v4 -
intel xeon e5 2618l v3 -
intel xeon e5 2618l v4 -
intel xeon e5 2628l v2 -
intel xeon e5 2628l v3 -
intel xeon e5 2630l v2 -
intel xeon e5 2630l v3 -
intel xeon e5 2630l v4 -
intel xeon e5 2640 v3 -
intel xeon e5 2640 v4 -
intel xeon e5 2648l v3 -
intel xeon e5 2648l v4 -
intel xeon e5 2650l_v4
intel xeon e5 2658
intel xeon e5 2660_v3
intel xeon e5 2660_v4
intel xeon e5 2670_v2
intel xeon e5 2670_v3
intel xeon e5 2687w_v2
intel xeon e5 2687w_v3
intel xeon e5 2695_v3
intel xeon e5 2695_v4
intel xeon e5 2699_v3
intel xeon e5 2699_v4
intel xeon e5 4610_v2
intel xeon e5 4610_v3
intel xeon e5 4624l_v2
intel xeon e5 4627_v2
intel xeon e5 4640_v4
intel xeon e5 4648_v3
intel xeon e5 4657l_v2
intel xeon e5 4660_v3
intel xeon e3 1105c v2 -
intel xeon e3 125c_
intel xeon e3 12201 -
intel xeon e3 12201 v2 -
intel xeon e3 1220l v3 -
intel xeon e3 1230 -
intel xeon e3 1230 v2 -
intel xeon e3 1235l v5 -
intel xeon e3 1240 -
intel xeon e3 1241 v3 -
intel xeon e3 1245 -
intel xeon e3 1245 v2 -
intel xeon e3 1260l v5 -
intel xeon e3 1265l v2 -
intel xeon e3 1270 v3 -
intel xeon e3 1270 v5 -
intel xeon e3 1275l v3 -
intel xeon e3 1276 v3 -
intel xeon e3 1281 v3 -
intel xeon e3 1285 v3 -
intel xeon e3 1290 -
intel xeon e3 1290 v2 -
intel xeon e3 1535m_v5
intel xeon e3 1535m_v6
intel xeon e3 1585l_v5
intel xeon e-1105c -
intel xeon e3 x3460
intel xeon e3 x3470
intel xeon e3 e5502
intel xeon e3 e5503
intel xeon e3 x5550
intel xeon e3 x5560
intel xeon e3 e6550
intel xeon e3 7500
intel core m 32nm
intel core i3 32nm
arm cortex-a 72
arm cortex-a 57
arm cortex-a 15

The system could be made to expose sensitive information ...

This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address Spectre v4) and fixes for Spectre v3a For the stable distribution (stretch), these problems have been fixed in version 3201807032~deb9u1 We recommend that you upgrade your intel-microcode packages For the detailed security status o ...

An industry-wide issue was found in the way many modern microprocessor handle speculative access of system registers inaccessible to unprivileged user It relies on the presence of a precisely-defined instruction sequence in the privileged code which allows speculative load of system registers and that such register value could be subsequently used ...

On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privil ...

Derivatives of speculative execution side-channel analysis methods publicly disclosed in January 2018 can be exploited to facilitate the unauthorized exposure of privileged data from memory More information is available at the following links: Intel’s Security Advisory (in English) AMD’s Security Advisory (in English) Microsoft’s ...

Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown These variants known as 3A （CVE-2018-3640）and 4 （CVE-2018-3639), local attackers may exploit these vulnerabilities to cause information leak on the affected system (Vulnerability ID: HWPSIRT-2018-051 ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra <!-- ...

utility to make links to CVE detail sites

CVElinker $$\ $$\ $$\ $$ |\__| $$ | $$$$$$$\ $$\ $$\ $$$$$$\ $$ |$$\ $$$$$$$\ $$ | $$\ $$$$$$\ $$$$$$\ $$ _____|\$$\ $$ |$$ __$$\ $$ |$$ |$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\ $$ / \$$\$$ / $$$$$$$$ |$$ |$$ |$$ | $$ |$$$$$$ / $$$$$$$$ |$$ | \__| $$ | \$$$ / $$

utility to make links to CVE detail sites

A collection of tips to harden your Windows computer and Chrome browser.

Windows and Chrome Hardening Introduction This document contains a collection of tips and scripts to harden your Windows computer and Chrome browser against attackers Unfortunately, both of these pieces of software need to be treated adversarially with a hardened security posture Any tips and well-composed content that people would like to add to this document v

Virus screener goes down, Intel patches more chips, Pegasus government spying code spreads across globe

The Register • Shaun Nichols in San Francisco • 22 Sep 2018

Plus: Gov pay sites take a dive, and more

Roundup When we weren't dealing with malware bricked-breweries, poorly-wiped servers or litigious vendors, we had a number of other security headaches to keep busy with. Here's a few of them. Government pay portals were in the crosshairs of cybercriminals this week. First, there was GovPayNow, who got the dreaded Brian Krebs treatment. The internet security sleuth reported that GovPayNow.com had been relieved by hackers of some 14m records. These include payment receipts for government fees and ...

The Register • Richard Chirgwin • 26 Jun 2018

Oracle Linux and VM get their innoculations

Oracle has released fixes for Spectre v3a, Spectre v4, and the “Lazy FPU” vulnerability. The two Spectre patches cover CVE-2018-3640 and CVE-2018-3640. As Oracle's director of security assurance Eric Maurice explained, the patches apply to both Oracle Linux and Oracle VM and the associated Intel microcode. The company was also busy on Friday with fixes for admins with systems that use its Ksplice no-reboot patches. The one everyone was waiting for patches Oracle Linux RHCK 7 against the Inte...

The Register • Simon Sharwood • 15 Jun 2018

Guest register states are readable, but the patch cavalry has arrived

UPDATE The Xen Project has revealed that its hypervisor is susceptible to the Lazy FPU flaw found in Intel’s x86 CPUs. An advisory says ‘Systems running all versions of Xen are affected”, provided they employ “Intel Core based processors (from at least Nehalem onwards)”. Xen said the impact of the flow is as follows: Thankfully there’s both a fix and a mitigation that works “by using cpupools or cpu pinning to isolate the vCPUs from different VMs to separate pCPUs.” The fix can b...

The Register • Chris Williams, Editor in Chief • 21 May 2018

Design blunder exists in Intel, AMD, Arm, Power processors Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign We need to go deeper: Meltdown and Spectre flaws will force security further down the stack

A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers. These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, depending on the circumstances. Variants 1 and 2 are known as Spectre (CVE-2017-5753, CVE...

Get Started

CVE-2018-3640

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect