#VU12914 Rogue System Register Read in Intel products - CVE-2018-3640
Published: May 22, 2018
Vulnerability identifier: #VU12914
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-3640
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel Xeon E7
Intel Xeon E5
Intel Xeon E3
Intel Pentium Silver N5000 Processors
Intel Pentium Silver Series J5005
Intel Pentium N4200
Intel Pentium N4100
Intel Celeron N4000 Processors
Intel Celeron J4205
Intel Celeron N3450
Intel Celeron J4105
Intel Celeron J4005
Intel Celeron J3455
Intel Celeron J3355
Intel Atom Processor Z Series
Intel Atom T5700
Intel Atom T5500
Intel Atom x7-E3950
Intel Atom x5-E3940
Intel Atom x5-E3930
Intel Atom Processor A Series
Intel Atom Processor E Series
Intel Atom C3958
Intel Atom C3955
Intel Atom C3950
Intel Atom C3858
Intel Atom C3850
Intel Atom C3830
Intel Atom C3808
Intel Atom C3758
Intel Atom C3750
Intel Atom C3708
Intel Atom C3558
Intel Atom C3538
Intel Atom C3508
Intel Atom C3338
Intel Atom C3308
Intel Xeon 7500 series
Intel Xeon 6500 series
Intel Xeon 5600 series
Intel Xeon 5500 series
Intel Xeon 3600 series
Intel Xeon 3400 series
Intel Core M 32nm
Intel Core M 45nm
Intel Core i7 32nm
Intel Core i7 45nm
Intel Core i5 32nm
Intel Core i5 45nm
Intel Core i3 32nm
Intel Core i3 45nm
Intel Xeon E7
Intel Xeon E5
Intel Xeon E3
Intel Pentium Silver N5000 Processors
Intel Pentium Silver Series J5005
Intel Pentium N4200
Intel Pentium N4100
Intel Celeron N4000 Processors
Intel Celeron J4205
Intel Celeron N3450
Intel Celeron J4105
Intel Celeron J4005
Intel Celeron J3455
Intel Celeron J3355
Intel Atom Processor Z Series
Intel Atom T5700
Intel Atom T5500
Intel Atom x7-E3950
Intel Atom x5-E3940
Intel Atom x5-E3930
Intel Atom Processor A Series
Intel Atom Processor E Series
Intel Atom C3958
Intel Atom C3955
Intel Atom C3950
Intel Atom C3858
Intel Atom C3850
Intel Atom C3830
Intel Atom C3808
Intel Atom C3758
Intel Atom C3750
Intel Atom C3708
Intel Atom C3558
Intel Atom C3538
Intel Atom C3508
Intel Atom C3338
Intel Atom C3308
Intel Xeon 7500 series
Intel Xeon 6500 series
Intel Xeon 5600 series
Intel Xeon 5500 series
Intel Xeon 3600 series
Intel Xeon 3400 series
Intel Core M 32nm
Intel Core M 45nm
Intel Core i7 32nm
Intel Core i7 45nm
Intel Core i5 32nm
Intel Core i5 45nm
Intel Core i3 32nm
Intel Core i3 45nm
Software vendor:
Intel
Intel
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers
Note: the vulnerability is referred to as "Spectre variant 3A".
The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative loading of system registers to read privileged system registers
Note: the vulnerability is referred to as "Spectre variant 3A".
Remediation
The CPU vendors are providing software and firmware updates to mitigate the applicable vulnerabilities to operating system vendors and system manufacturers.