Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU12911
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3639
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.
Note: the vulnerability is referred to as "Spectre variant 4".
The CPU vendors are providing software and firmware updates to mitigate the applicable vulnerabilities to operating system vendors and system manufacturers.
Vulnerable software versionsIntel Xeon E7: 1.0 - 4.0
Intel Xeon E5: 1.0 - 4.0
Intel Xeon E3: 1.0 - 6.0
Intel Pentium Silver N5000 Processors: All versions
Intel Pentium Silver Series J5005: All versions
Intel Pentium N4200: All versions
Intel Pentium N4100: All versions
Intel Celeron N4000 Processors: All versions
Intel Celeron J4205: All versions
Intel Celeron N3450: All versions
Intel Celeron J4105: All versions
Intel Celeron J4005: All versions
Intel Celeron J3455: All versions
Intel Celeron J3355: All versions
Intel Atom Processor Z Series: All versions
Intel Atom T5700: All versions
Intel Atom T5500: All versions
Intel Atom x7-E3950: All versions
Intel Atom x5-E3940: All versions
Intel Atom x5-E3930: All versions
Intel Atom Processor A Series: All versions
Intel Atom Processor E Series: All versions
Intel Atom C3958: All versions
Intel Atom C3955: All versions
Intel Atom C3950: All versions
Intel Atom C3858: All versions
Intel Atom C3850: All versions
Intel Atom C3830: All versions
Intel Atom C3808: All versions
Intel Atom C3758: All versions
Intel Atom C3750: All versions
Intel Atom C3708: All versions
Intel Atom C3558: All versions
Intel Atom C3538: All versions
Intel Atom C3508: All versions
Intel Atom C3338: All versions
Intel Atom C3308: All versions
Intel Xeon 7500 series: All versions
Intel Xeon 6500 series: All versions
Intel Xeon 5600 series: All versions
Intel Xeon 5500 series: All versions
Intel Xeon 3600 series: All versions
Intel Xeon 3400 series: All versions
Intel Core M 32nm: All versions
Intel Core M 45nm: All versions
Intel Core i7 32nm: All versions
Intel Core i7 45nm: All versions
Intel Core i5 32nm: All versions
Intel Core i5 45nm: All versions
Intel Core i3 32nm: All versions
Intel Core i3 45nm: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12914
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3640
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers
Note: the vulnerability is referred to as "Spectre variant 3A".
The CPU vendors are providing software and firmware updates to mitigate the applicable vulnerabilities to operating system vendors and system manufacturers.
Vulnerable software versionsIntel Xeon E7: 1.0 - 4.0
Intel Xeon E5: 1.0 - 4.0
Intel Xeon E3: 1.0 - 6.0
Intel Pentium Silver N5000 Processors: All versions
Intel Pentium Silver Series J5005: All versions
Intel Pentium N4200: All versions
Intel Pentium N4100: All versions
Intel Celeron N4000 Processors: All versions
Intel Celeron J4205: All versions
Intel Celeron N3450: All versions
Intel Celeron J4105: All versions
Intel Celeron J4005: All versions
Intel Celeron J3455: All versions
Intel Celeron J3355: All versions
Intel Atom Processor Z Series: All versions
Intel Atom T5700: All versions
Intel Atom T5500: All versions
Intel Atom x7-E3950: All versions
Intel Atom x5-E3940: All versions
Intel Atom x5-E3930: All versions
Intel Atom Processor A Series: All versions
Intel Atom Processor E Series: All versions
Intel Atom C3958: All versions
Intel Atom C3955: All versions
Intel Atom C3950: All versions
Intel Atom C3858: All versions
Intel Atom C3850: All versions
Intel Atom C3830: All versions
Intel Atom C3808: All versions
Intel Atom C3758: All versions
Intel Atom C3750: All versions
Intel Atom C3708: All versions
Intel Atom C3558: All versions
Intel Atom C3538: All versions
Intel Atom C3508: All versions
Intel Atom C3338: All versions
Intel Atom C3308: All versions
Intel Xeon 7500 series: All versions
Intel Xeon 6500 series: All versions
Intel Xeon 5600 series: All versions
Intel Xeon 5500 series: All versions
Intel Xeon 3600 series: All versions
Intel Xeon 3400 series: All versions
Intel Core M 32nm: All versions
Intel Core M 45nm: All versions
Intel Core i7 32nm: All versions
Intel Core i7 45nm: All versions
Intel Core i5 32nm: All versions
Intel Core i5 45nm: All versions
Intel Core i3 32nm: All versions
Intel Core i3 45nm: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.