Speculative Store Bypass Vulnerability in Intel Processors
CVE-2018-3639

5.5MEDIUM

Key Information:

Vendor
Intel
Status
Multiple
Vendor
CVE Published:
22 May 2018

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 46%

Summary

This vulnerability allows attackers with local user access to potentially expose sensitive information via a side-channel analysis. Specifically, it affects systems with microprocessors that engage in speculative execution, enabling unauthorized memory data retrieval before all prior memory writes are completed. This exploitation can lead to unauthorized information disclosure, posing significant risks in environments relying on these processors.

Affected Version(s)

Multiple Multiple

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-3639
Created by mmxsrup

ssbd-tools
Created by tyhicks

CVE-2018-3639-specter-v4-
Created by Shuiliusheng

References

https://access.redhat.com/errata/RHSA-2018:1689
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2162
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1641
vendor-advisoryx_refsource_REDHAT

EPSS Score

46% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.