CVE-2018-3639
critical-risk
Published 2018-05-22
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Do I need to act?
!
46.0% chance of exploitation in next 30 days
EPSS score — higher than 54% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Affected Vendors
References (294)
Third Party Advisory
http://support.lenovo.com/us/en/solutions/LEN-22133
Third Party Advisory
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-...
Third Party Advisory
http://www.securityfocus.com/bid/104232
Third Party Advisory
http://www.securitytracker.com/id/1040949
Third Party Advisory
http://www.securitytracker.com/id/1042004
Third Party Advisory
http://xenbits.xen.org/xsa/advisory-263.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1629
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1630
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1632
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1633
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1635
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1636
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1637
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1638
and 274 more references
75
/ 100
critical-risk
Severity
18/34 · Moderate
Exploitability
24/34 · High
Exposure
33/34 · Critical