Speculative Execution Vulnerability in Intel Processors Affects Multiple Vendors
CVE-2018-3640

5.6MEDIUM

Key Information:

Vendor

Intel
Status
Multiple
Vendor
CVE Published:
22 May 2018

What is CVE-2018-3640?

This vulnerability affects microprocessors using speculative execution and enables attackers with local user access to exploit speculative reads of system registers. By employing side-channel analysis techniques, sensitive system parameters may be disclosed, leading to potential security breaches. The issue, identified as Rogue System Register Read (RSRE), requires awareness and prompt mitigation efforts from users and administrators to protect against unauthorized information disclosure.

Affected Version(s)

Multiple Multiple

References

https://cert-portal.siemens.com/productcert/pdf/ssa-26864...
x_refsource_CONFIRM
http://support.lenovo.com/us/en/solutions/LEN-22133
x_refsource_CONFIRM
https://www.us-cert.gov/ncas/alerts/TA18-141A
third-party-advisoryx_refsource_CERT

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-3640 : Speculative Execution Vulnerability in Intel Processors Affects Multiple Vendors