Information disclosure in Intel/AMD/ARM CPU



Published: 2018-05-22
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-3639
CVE-2018-3640
CWE-ID CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Intel Xeon E7
Client/Desktop applications / Software for system administration

Intel Xeon E5
Client/Desktop applications / Software for system administration

Intel Xeon E3
Client/Desktop applications / Software for system administration

Intel Pentium Silver N5000 Processors
Hardware solutions / Firmware

Intel Pentium Silver Series J5005
Hardware solutions / Firmware

Intel Pentium N4200
Hardware solutions / Firmware

Intel Pentium N4100
Hardware solutions / Firmware

Intel Celeron N4000 Processors
Hardware solutions / Firmware

Intel Celeron J4205
Hardware solutions / Firmware

Intel Celeron N3450
Hardware solutions / Firmware

Intel Celeron J4105
Hardware solutions / Firmware

Intel Celeron J4005
Hardware solutions / Firmware

Intel Celeron J3455
Hardware solutions / Firmware

Intel Celeron J3355
Hardware solutions / Firmware

Intel Atom Processor Z Series
Hardware solutions / Firmware

Intel Atom T5700
Hardware solutions / Firmware

Intel Atom T5500
Hardware solutions / Firmware

Intel Atom x7-E3950
Hardware solutions / Firmware

Intel Atom x5-E3940
Hardware solutions / Firmware

Intel Atom x5-E3930
Hardware solutions / Firmware

Intel Atom Processor A Series
Hardware solutions / Firmware

Intel Atom Processor E Series
Hardware solutions / Firmware

Intel Atom C3958
Hardware solutions / Firmware

Intel Atom C3955
Hardware solutions / Firmware

Intel Atom C3950
Hardware solutions / Firmware

Intel Atom C3858
Hardware solutions / Firmware

Intel Atom C3850
Hardware solutions / Firmware

Intel Atom C3830
Hardware solutions / Firmware

Intel Atom C3808
Hardware solutions / Firmware

Intel Atom C3758
Hardware solutions / Firmware

Intel Atom C3750
Hardware solutions / Firmware

Intel Atom C3708
Hardware solutions / Firmware

Intel Atom C3558
Hardware solutions / Firmware

Intel Atom C3538
Hardware solutions / Firmware

Intel Atom C3508
Hardware solutions / Firmware

Intel Atom C3338
Hardware solutions / Firmware

Intel Atom C3308
Hardware solutions / Firmware

Intel Xeon 7500 series
Hardware solutions / Firmware

Intel Xeon 6500 series
Hardware solutions / Firmware

Intel Xeon 5600 series
Hardware solutions / Firmware

Intel Xeon 5500 series
Hardware solutions / Firmware

Intel Xeon 3600 series
Hardware solutions / Firmware

Intel Xeon 3400 series
Hardware solutions / Firmware

Intel Core M 32nm
Hardware solutions / Firmware

Intel Core M 45nm
Hardware solutions / Firmware

Intel Core i7 32nm
Hardware solutions / Firmware

Intel Core i7 45nm
Hardware solutions / Firmware

Intel Core i5 32nm
Hardware solutions / Firmware

Intel Core i5 45nm
Hardware solutions / Firmware

Intel Core i3 32nm
Hardware solutions / Firmware

Intel Core i3 45nm
Hardware solutions / Firmware

Vendor Intel

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Speculative Store Bypass

EUVDB-ID: #VU12911

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.

Note: the vulnerability is referred to as "Spectre variant 4".

Mitigation

The CPU vendors are providing software and firmware updates to mitigate the applicable vulnerabilities to operating system vendors and system manufacturers.

Vulnerable software versions

Intel Xeon E7: 1.0 - 4.0

Intel Xeon E5: 1.0 - 4.0

Intel Xeon E3: 1.0 - 6.0

Intel Pentium Silver N5000 Processors: All versions

Intel Pentium Silver Series J5005: All versions

Intel Pentium N4200: All versions

Intel Pentium N4100: All versions

Intel Celeron N4000 Processors: All versions

Intel Celeron J4205: All versions

Intel Celeron N3450: All versions

Intel Celeron J4105: All versions

Intel Celeron J4005: All versions

Intel Celeron J3455: All versions

Intel Celeron J3355: All versions

Intel Atom Processor Z Series: All versions

Intel Atom T5700: All versions

Intel Atom T5500: All versions

Intel Atom x7-E3950: All versions

Intel Atom x5-E3940: All versions

Intel Atom x5-E3930: All versions

Intel Atom Processor A Series: All versions

Intel Atom Processor E Series: All versions

Intel Atom C3958: All versions

Intel Atom C3955: All versions

Intel Atom C3950: All versions

Intel Atom C3858: All versions

Intel Atom C3850: All versions

Intel Atom C3830: All versions

Intel Atom C3808: All versions

Intel Atom C3758: All versions

Intel Atom C3750: All versions

Intel Atom C3708: All versions

Intel Atom C3558: All versions

Intel Atom C3538: All versions

Intel Atom C3508: All versions

Intel Atom C3338: All versions

Intel Atom C3308: All versions

Intel Xeon 7500 series: All versions

Intel Xeon 6500 series: All versions

Intel Xeon 5600 series: All versions

Intel Xeon 5500 series: All versions

Intel Xeon 3600 series: All versions

Intel Xeon 3400 series: All versions

Intel Core M 32nm: All versions

Intel Core M 45nm: All versions

Intel Core i7 32nm: All versions

Intel Core i7 45nm: All versions

Intel Core i5 32nm: All versions

Intel Core i5 45nm: All versions

Intel Core i3 32nm: All versions

Intel Core i3 45nm: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Rogue System Register Read

EUVDB-ID: #VU12914

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3640

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers

Note: the vulnerability is referred to as "Spectre variant 3A".

Mitigation

The CPU vendors are providing software and firmware updates to mitigate the applicable vulnerabilities to operating system vendors and system manufacturers.

Vulnerable software versions

Intel Xeon E7: 1.0 - 4.0

Intel Xeon E5: 1.0 - 4.0

Intel Xeon E3: 1.0 - 6.0

Intel Pentium Silver N5000 Processors: All versions

Intel Pentium Silver Series J5005: All versions

Intel Pentium N4200: All versions

Intel Pentium N4100: All versions

Intel Celeron N4000 Processors: All versions

Intel Celeron J4205: All versions

Intel Celeron N3450: All versions

Intel Celeron J4105: All versions

Intel Celeron J4005: All versions

Intel Celeron J3455: All versions

Intel Celeron J3355: All versions

Intel Atom Processor Z Series: All versions

Intel Atom T5700: All versions

Intel Atom T5500: All versions

Intel Atom x7-E3950: All versions

Intel Atom x5-E3940: All versions

Intel Atom x5-E3930: All versions

Intel Atom Processor A Series: All versions

Intel Atom Processor E Series: All versions

Intel Atom C3958: All versions

Intel Atom C3955: All versions

Intel Atom C3950: All versions

Intel Atom C3858: All versions

Intel Atom C3850: All versions

Intel Atom C3830: All versions

Intel Atom C3808: All versions

Intel Atom C3758: All versions

Intel Atom C3750: All versions

Intel Atom C3708: All versions

Intel Atom C3558: All versions

Intel Atom C3538: All versions

Intel Atom C3508: All versions

Intel Atom C3338: All versions

Intel Atom C3308: All versions

Intel Xeon 7500 series: All versions

Intel Xeon 6500 series: All versions

Intel Xeon 5600 series: All versions

Intel Xeon 5500 series: All versions

Intel Xeon 3600 series: All versions

Intel Xeon 3400 series: All versions

Intel Core M 32nm: All versions

Intel Core M 45nm: All versions

Intel Core i7 32nm: All versions

Intel Core i7 45nm: All versions

Intel Core i5 32nm: All versions

Intel Core i5 45nm: All versions

Intel Core i3 32nm: All versions

Intel Core i3 45nm: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###