CVE-2018-3640

5.6MEDIUM

Key Information:

Vendor: Intel
Status: Multiple
Vendor: CVE Published:; 22 May 2018

Summary

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Affected Version(s)

Multiple Multiple

References

https://cert-portal.siemens.com/productcert/pdf/ssa-26864...

x_refsource_CONFIRM

http://support.lenovo.com/us/en/solutions/LEN-22133

x_refsource_CONFIRM

https://www.us-cert.gov/ncas/alerts/TA18-141A

third-party-advisoryx_refsource_CERT

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 22, 2018
Vulnerability Reserved
Dec 28, 2017

.