4.7
CVSSv2

CVE-2018-3693

Published: 10/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 419
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

Vulnerability Trend

Affected Products

Vendor Product Versions
NetappSolidfire Element Os Management Node-
OracleCommunications Eagle Application Processor16.1.0, 16.2.0
Schneider-electricStruxureware Data Center Expert7.6.0
ArmCortex-a8, 9, 12, 15, 17, 57, 72, 73, 75, 76
ArmCortex-r7, 8
IntelAtom CC2308, C2316, C2338, C2350, C2358, C2508, C2516, C2518, C2530, C2538, C2550, C2558, C2718, C2730, C2738, C2750, C2758, C3308, C3338, C3508, C3538, C3558, C3708, C3750, C3758, C3808, C3830, C3850, C3858, C3950, C3955, C3958
IntelAtom EE3805, E3815, E3825, E3826, E3827, E3845
IntelAtom X3C3130, C3200rk, C3205rk, C3230rk, C3235rk, C3265rk, C3295rk, C3405, C3445
IntelAtom ZZ2420, Z2460, Z2480, Z2520, Z2560, Z2580, Z2760, Z3460, Z3480, Z3530, Z3560, Z3570, Z3580, Z3590, Z3735d, Z3735e, Z3735f, Z3735g, Z3736f, Z3736g, Z3740, Z3740d, Z3745, Z3745d, Z3770, Z3770d, Z3775, Z3775d, Z3785, Z3795
IntelCeleron JJ1750, J1800, J1850, J1900, J3060, J3160, J3355, J3455, J4005, J4105
IntelCeleron NN2805, N2806, N2807, N2808, N2810, N2815, N2820, N2830, N2840, N2910, N2920, N2930, N2940, N3000, N3010, N3050, N3060, N3150, N3160, N3350, N3450, N4000, N4100
IntelCore I3330e, 330m, 330um, 350m, 370m, 380m, 380um, 390m, 530, 540, 550, 560, 2100, 2100t, 2102, 2105, 2115c, 2120, 2120t, 2125, 2130, 2310e, 2310m, 2312m, 2328m, 2330e, 2330m, 2340ue, 2348m, 2350m, 2357m, 2365m, 2367m, 2370m, 2375m, 2377m, 3110m, 3115c, 3120m, 3120me, 3130m, 3210, 3217u, 3217ue, 3220, 3220t, 3225, 3227u, 3229y, 3240, 3240t, 3245, 3250, 3250t, 4000m, 4005u, 4010u, 4010y, 4012y, 4020y, 4025u, 4030u, 4030y, 4100e, 4100m, 4100u, 4102e, 4110e, 4110m, 4112e, 4120u, 4130, 4130t, 4150, 4150t, 4158u, 4160, 4160t, 4170, 4170t, 4330, 4330t, 4330te, 4340, 4340te, 4350, 4350t, 4360, 4360t, 4370, 4370t, 5005u, 5010u, 5015u, 5020u, 5157u, 6006u, 6098p, 6100, 6100e, 6100h, 6100t, 6100te, 6100u, 6102e, 6157u, 6167u, 6300, 6300t, 6320, 8100, 8350k
IntelCore I5430m, 430um, 450m, 460m, 470um, 480m, 520e, 520m, 520um, 540m, 540um, 560m, 560um, 580m, 650, 655k, 660, 661, 670, 680, 750, 750s, 760, 2300, 2310, 2320, 2380p, 2390t, 2400, 2400s, 2405s, 2410m, 2430m, 2435m, 2450m, 2450p, 2467m, 2500, 2500k, 2500s, 2500t, 2510e, 2515e, 2520m, 2537m, 2540m, 2550k, 2557m, 3210m, 3230m, 3317u, 3320m, 3330, 3330s, 3337u, 3339y, 3340, 3340m, 3340s, 3350p, 3360m, 3380m, 3427u, 3437u, 3439y, 3450, 3450s, 3470, 3470s, 3470t, 3475s, 3550, 3550s, 3570, 3570k, 3570s, 3570t, 3610me, 4200h, 4200m, 4200u, 4200y, 4202y, 4210h, 4210m, 4210u, 4210y, 4220y, 4250u, 4258u, 4260u, 4278u, 4288u, 4300m, 4300u, 4300y, 4302y, 4308u, 4310m, 4310u, 4330m, 4340m, 4350u, 4360u, 4400e, 4402e, 4402ec, 4410e, 4422e, 4430, 4430s, 4440, 4440s, 4460, 4460s, 4460t, 4570, 4570r, 4570s, 4570t, 4570te, 4590, 4590s, 4590t, 4670, 4670k, 4670r, 4670s, 4670t, 4690, 4690k, 4690s, 4690t, 5200u, 5250u, 5257u, 5287u, 5300u, 5350h, 5350u, 5575r, 5675c, 5675r, 6200u, 6260u, 6267u, 6287u, 6300hq, 6300u, 6350hq, 6360u, 6400, 6400t, 6402p, 6440eq, 6440hq, 6442eq, 6500, 6500t, 6500te, 6585r, 6600, 6600k, 6600t, 6685r, 8250u, 8350u, 8400, 8600k
IntelCore I77y75, 610e, 620le, 620lm, 620m, 620ue, 620um, 640lm, 640m, 640um, 660lm, 660ue, 660um, 680um, 720qm, 740qm, 820qm, 840qm, 860, 860s, 870, 870s, 875k, 880, 920, 920xm, 930, 940, 940xm, 950, 960, 965, 970, 975, 980, 980x, 990x, 2600, 2600k, 2600s, 2610ue, 2617m, 2620m, 2629m, 2630qm, 2635qm, 2637m, 2640m, 2649m, 2655le, 2657m, 2670qm, 2675qm, 2677m, 2700k, 2710qe, 2715qe, 2720qm, 2760qm, 2820qm, 2860qm, 2920xm, 2960xm, 3517u, 3517ue, 3520m, 3537u, 3540m, 3555le, 3610qe, 3610qm, 3612qe, 3612qm, 3615qe, 3615qm, 3630qm, 3632qm, 3635qm, 3667u, 3687u, 3689y, 3720qm, 3740qm, 3770, 3770k, 3770s, 3770t, 3820qm, 3840qm, 4500u, 4510u, 4550u, 4558u, 4578u, 4600m, 4600u, 4610m, 4610y, 4650u, 4700ec, 4700eq, 4700hq, 4700mq, 4702ec, 4702hq, 4702mq, 4710hq, 4710mq, 4712hq, 4712mq, 4720hq, 4722hq, 4750hq, 4760hq, 4765t, 4770, 4770hq, 4770k, 4770r, 4770s, 4770t, 4770te, 4771, 4785t, 4790, 4790k, 4790s, 4790t, 4800mq, 4810mq, 4850hq, 4860hq, 4870hq, 4900mq, 4910mq, 4950hq, 4960hq, 4980hq, 5500u, 5550u, 5557u, 5600u, 5650u, 5700eq, 5700hq, 5750hq, 5775c, 5775r, 5850eq, 5850hq, 5950hq, 7500u, 7560u, 7567u, 7600u, 7660u, 7700, 7700hq, 7700k, 7700t, 7820eq, 7820hk, 7820hq, 7920hq, 8550u, 8650u, 8700, 8700k
IntelCore M5y10, 5y10a, 5y10c, 5y31, 5y51, 5y70, 5y71
IntelCore M36y30, 7y30, 7y32
IntelCore M56y54, 6y57
IntelCore M76y75
IntelPentium JJ2850, J2900, J3710, J4205
IntelPentium NN3510, N3520, N3530, N3540, N3700, N3710, N4200
IntelXeonE5502, E5503, E5504, E5506, E5507, E5520, E5530, E5540, E5603, E5606, E5607, E5620, E5630, E5640, E5645, E5649, E6510, E6540, E7520, E7530, E7540, Ec5509, Ec5539, Ec5549, L3406, L3426, L5506, L5508, L5518, L5520, L5530, L5609, L5618, L5630, L5638, L5640, L7545, L7555, Lc5518, Lc5528, W3670, W3680, W3690, W5580, W5590, X3430, X3440, X3450, X3460, X3470, X3480, X5550, X5560, X5570, X5647, X5650, X5660, X5667, X5670, X5672, X5675, X5677, X5680, X5687, X5690, X6550, X7542, X7550, X7560
IntelXeon Bronze3104, 3106
IntelXeon E31105c, 1105c V2, 1125c, 1125c V2, 1220, 1220 V2, 1220 V3, 1220 V5, 1220 V6, 1220l, 1220l V2, 1220l V3, 1225, 1225 V2, 1225 V3, 1225 V5, 1225 V6, 1226 V3, 1230, 1230 V2, 1230 V3, 1230 V5, 1230 V6, 1230l V3, 1231 V3, 1235, 1235l V5, 1240, 1240 V2, 1240 V3, 1240 V5, 1240 V6, 1240l V3, 1240l V5, 1241 V3, 1245, 1245 V2, 1245 V3, 1245 V5, 1245 V6, 1246 V3, 1258l V4, 1260l, 1260l V5, 1265l V2, 1265l V3, 1265l V4, 1268l V3, 1268l V5, 1270, 1270 V2, 1270 V3, 1270 V5, 1270 V6, 1271 V3, 1275, 1275 V2, 1275 V3, 1275 V5, 1275 V6, 1275l V3, 1276 V3, 1278l V4, 1280, 1280 V2, 1280 V3, 1280 V5, 1280 V6, 1281 V3, 1285 V3, 1285 V4, 1285 V6, 1285l V3, 1285l V4, 1286 V3, 1286l V3, 1290, 1290 V2, 1501l V6, 1501m V6, 1505l V5, 1505l V6, 1505m V5, 1505m V6, 1515m V5, 1535m V5, 1535m V6, 1545m V5, 1558l V5, 1565l V5, 1575m V5, 1578l V5, 1585 V5, 1585l V5
IntelXeon E51428l, 1428l V2, 1428l V3, 1620, 1620 V2, 1620 V3, 1620 V4, 1630 V3, 1630 V4, 1650, 1650 V2, 1650 V3, 1650 V4, 1660, 1660 V2, 1660 V3, 1660 V4, 1680 V3, 1680 V4, 2403, 2403 V2, 2407, 2407 V2, 2408l V3, 2418l, 2418l V2, 2418l V3, 2420, 2420 V2, 2428l, 2428l V2, 2428l V3, 2430, 2430 V2, 2430l, 2430l V2, 2438l V3, 2440, 2440 V2, 2448l, 2448l V2, 2450, 2450 V2, 2450l, 2450l V2, 2470, 2470 V2, 2603, 2603 V2, 2603 V3, 2603 V4, 2608l V3, 2608l V4, 2609, 2609 V2, 2609 V3, 2609 V4, 2618l V2, 2618l V3, 2618l V4, 2620, 2620 V2, 2620 V3, 2620 V4, 2623 V3, 2623 V4, 2628l V2, 2628l V3, 2628l V4, 2630, 2630 V2, 2630 V3, 2630 V4, 2630l, 2630l V2, 2630l V3, 2630l V4, 2637, 2637 V2, 2637 V3, 2637 V4, 2640, 2640 V2, 2640 V3, 2640 V4, 2643, 2643 V2, 2643 V3, 2643 V4, 2648l, 2648l V2, 2648l V3, 2648l V4, 2650, 2650 V2, 2650 V3, 2650 V4, 2650l, 2650l V2, 2650l V3, 2650l V4, 2658, 2658 V2, 2658 V3, 2658 V4, 2658a V3, 2660, 2660 V2, 2660 V3, 2660 V4, 2665, 2667, 2667 V2, 2667 V3, 2667 V4, 2670, 2670 V2, 2670 V3, 2680, 2680 V2, 2680 V3, 2680 V4, 2683 V3, 2683 V4, 2687w, 2687w V2, 2687w V3, 2687w V4, 2690, 2690 V2, 2690 V3, 2690 V4, 2695 V2, 2695 V3, 2695 V4, 2697 V2, 2697 V3, 2697 V4, 2697a V4, 2698 V3, 2698 V4, 2699 V3, 2699 V4, 2699a V4, 2699r V4, 4603, 4603 V2, 4607, 4607 V2, 4610, 4610 V2, 4610 V3, 4610 V4, 4617, 4620, 4620 V2, 4620 V3, 4620 V4, 4624l V2, 4627 V2, 4627 V3, 4627 V4, 4628l V4, 4640, 4640 V2, 4640 V3, 4640 V4, 4648 V3, 4650, 4650 V2, 4650 V3, 4650 V4, 4650l, 4655 V3, 4655 V4, 4657l V2, 4660 V3, 4660 V4, 4667 V3, 4667 V4, 4669 V3, 4669 V4
IntelXeon E72803, 2820, 2830, 2850, 2850 V2, 2860, 2870, 2870 V2, 2880 V2, 2890 V2, 4807, 4809 V2, 4809 V3, 4809 V4, 4820, 4820 V2, 4820 V3, 4820 V4, 4830, 4830 V2, 4830 V3, 4830 V4, 4850, 4850 V2, 4850 V3, 4850 V4, 4860, 4860 V2, 4870, 4870 V2, 4880 V2, 4890 V2, 8830, 8837, 8850, 8850 V2, 8857 V2, 8860, 8860 V3, 8860 V4, 8867 V3, 8867 V4, 8867l, 8870, 8870 V2, 8870 V3, 8870 V4, 8880 V2, 8880 V3, 8880 V4, 8880l V2, 8880l V3, 8890 V2, 8890 V3, 8890 V4, 8891 V2, 8891 V3, 8891 V4, 8893 V2, 8893 V3, 8893 V4, 8894 V4
IntelXeon Gold5115, 5118, 5119t, 5120, 5120t, 5122, 6126, 6126f, 6126t, 6128, 6130, 6130f, 6130t, 6132, 6134, 6134m, 6136, 6138, 6138f, 6138t, 6140, 6140m, 6142, 6142f, 6142m, 6144, 6146, 6148, 6148f, 6150, 6152, 6154
IntelXeon Phi7210, 7210f, 7230, 7230f, 7235, 7250, 7250f, 7285, 7290, 7290f, 7295
IntelXeon Platinum8153, 8156, 8158, 8160, 8160f, 8160m, 8160t, 8164, 8168, 8170, 8170m, 8176, 8176f, 8176m, 8180
IntelXeon Silver4108, 4109t, 4110, 4112, 4114, 4114t, 4116, 4116t
RedhatEnterprise Linux7.0
RedhatEnterprise Linux Desktop6.0, 7.0
RedhatEnterprise Linux Server6.0, 7.0
RedhatEnterprise Linux Server Aus7.6
RedhatEnterprise Linux Server Eus7.5, 7.6
RedhatEnterprise Linux Server Tus7.6
RedhatEnterprise Linux Workstation6.0, 7.0
RedhatVirtualization4.0

Vendor Advisories

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Comm ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value Such wri ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization) It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a r ...
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization) It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a r ...
Oracle Linux Bulletin - July 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
IBM Security Guardium has addressed the following vulnerabilities ...
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc These attacks allow malicious userspace processes to read kernel memory, thus potentially causing kernel sensitive information to leak These attacks are referred to as Meltdown and Spectre class vulnerabilities, and variants of them: o CVE-2017-5753 Variant ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click jacking attacks ...

Github Repositories

Spectre and Meltdown Guidance Table of Contents About this Repository General Guidance Affected Processors Additional Processor Flaw Guidance SpectrePrime and MeltdownPrime SgxPectre Total Meltdown BranchScope Ryzenfall, Chimera, Fallout, and Masterkey License Contributing Disclaimer About This Repository This repository provides content for aiding DoD administrators in ve

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Temporarily Disable Intel Hyper-Threading 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Kaspersky Security Bulletin 2018. Top security stories
Securelist • David Emm Victor Chebyshev • 03 Dec 2018

The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of data, disruption, damage, reputational damage or simply ‘for the lulz’. The result is a threat landscape that ranges from highly sophisticated targeted...