#VU12911 Speculative Store Bypass in Intel Hardware solutions


Published: 2018-05-22

Vulnerability identifier: #VU12911

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3639

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Xeon E7
Client/Desktop applications / Software for system administration
Intel Xeon E5
Client/Desktop applications / Software for system administration
Intel Xeon E3
Client/Desktop applications / Software for system administration
Intel Pentium Silver N5000 Processors
Hardware solutions / Firmware
Intel Pentium Silver Series J5005
Hardware solutions / Firmware
Intel Pentium N4200
Hardware solutions / Firmware
Intel Pentium N4100
Hardware solutions / Firmware
Intel Celeron N4000 Processors
Hardware solutions / Firmware
Intel Celeron J4205
Hardware solutions / Firmware
Intel Celeron N3450
Hardware solutions / Firmware
Intel Celeron J4105
Hardware solutions / Firmware
Intel Celeron J4005
Hardware solutions / Firmware
Intel Celeron J3455
Hardware solutions / Firmware
Intel Celeron J3355
Hardware solutions / Firmware
Intel Atom Processor Z Series
Hardware solutions / Firmware
Intel Atom T5700
Hardware solutions / Firmware
Intel Atom T5500
Hardware solutions / Firmware
Intel Atom x7-E3950
Hardware solutions / Firmware
Intel Atom x5-E3940
Hardware solutions / Firmware
Intel Atom x5-E3930
Hardware solutions / Firmware
Intel Atom Processor A Series
Hardware solutions / Firmware
Intel Atom Processor E Series
Hardware solutions / Firmware
Intel Atom C3958
Hardware solutions / Firmware
Intel Atom C3955
Hardware solutions / Firmware
Intel Atom C3950
Hardware solutions / Firmware
Intel Atom C3858
Hardware solutions / Firmware
Intel Atom C3850
Hardware solutions / Firmware
Intel Atom C3830
Hardware solutions / Firmware
Intel Atom C3808
Hardware solutions / Firmware
Intel Atom C3758
Hardware solutions / Firmware
Intel Atom C3750
Hardware solutions / Firmware
Intel Atom C3708
Hardware solutions / Firmware
Intel Atom C3558
Hardware solutions / Firmware
Intel Atom C3538
Hardware solutions / Firmware
Intel Atom C3508
Hardware solutions / Firmware
Intel Atom C3338
Hardware solutions / Firmware
Intel Atom C3308
Hardware solutions / Firmware
Intel Xeon 7500 series
Hardware solutions / Firmware
Intel Xeon 6500 series
Hardware solutions / Firmware
Intel Xeon 5600 series
Hardware solutions / Firmware
Intel Xeon 5500 series
Hardware solutions / Firmware
Intel Xeon 3600 series
Hardware solutions / Firmware
Intel Xeon 3400 series
Hardware solutions / Firmware
Intel Core M 32nm
Hardware solutions / Firmware
Intel Core M 45nm
Hardware solutions / Firmware
Intel Core i7 32nm
Hardware solutions / Firmware
Intel Core i7 45nm
Hardware solutions / Firmware
Intel Core i5 32nm
Hardware solutions / Firmware
Intel Core i5 45nm
Hardware solutions / Firmware
Intel Core i3 32nm
Hardware solutions / Firmware
Intel Core i3 45nm
Hardware solutions / Firmware

Vendor: Intel

Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.

Note: the vulnerability is referred to as "Spectre variant 4".

Mitigation
The CPU vendors are providing software and firmware updates to mitigate the applicable vulnerabilities to operating system vendors and system manufacturers.

Vulnerable software versions

Intel Xeon E7: 1.0 - 4.0

Intel Xeon E5: 1.0 - 4.0

Intel Xeon E3: 1.0 - 6.0

Intel Pentium Silver N5000 Processors: All versions

Intel Pentium Silver Series J5005: All versions

Intel Pentium N4200: All versions

Intel Pentium N4100: All versions

Intel Celeron N4000 Processors: All versions

Intel Celeron J4205: All versions

Intel Celeron N3450: All versions

Intel Celeron J4105: All versions

Intel Celeron J4005: All versions

Intel Celeron J3455: All versions

Intel Celeron J3355: All versions

Intel Atom Processor Z Series: All versions

Intel Atom T5700: All versions

Intel Atom T5500: All versions

Intel Atom x7-E3950: All versions

Intel Atom x5-E3940: All versions

Intel Atom x5-E3930: All versions

Intel Atom Processor A Series: All versions

Intel Atom Processor E Series: All versions

Intel Atom C3958: All versions

Intel Atom C3955: All versions

Intel Atom C3950: All versions

Intel Atom C3858: All versions

Intel Atom C3850: All versions

Intel Atom C3830: All versions

Intel Atom C3808: All versions

Intel Atom C3758: All versions

Intel Atom C3750: All versions

Intel Atom C3708: All versions

Intel Atom C3558: All versions

Intel Atom C3538: All versions

Intel Atom C3508: All versions

Intel Atom C3338: All versions

Intel Atom C3308: All versions

Intel Xeon 7500 series: All versions

Intel Xeon 6500 series: All versions

Intel Xeon 5600 series: All versions

Intel Xeon 5500 series: All versions

Intel Xeon 3600 series: All versions

Intel Xeon 3400 series: All versions

Intel Core M 32nm: All versions

Intel Core M 45nm: All versions

Intel Core i7 32nm: All versions

Intel Core i7 45nm: All versions

Intel Core i5 32nm: All versions

Intel Core i5 45nm: All versions

Intel Core i3 32nm: All versions

Intel Core i3 45nm: All versions


External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability