CVE-2018-3640
Description
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Risk Information
Base Score
5.6
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.895
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.1 | Mac |
| Processor microcode for Intel CPUs (USN-3756-1) intel-microcode_3.20180807a.0ubuntu0.16.04.1_i386.deb | Linux |
| Processor microcode for Intel CPUs (USN-3756-1) intel-microcode_3.20180807a.0ubuntu0.16.04.1_amd64.deb | Linux |
| Processor microcode for Intel CPUs (USN-3756-1) intel-microcode_3.20180807a.0ubuntu0.18.04.1_i386.deb | Linux |
| Processor microcode for Intel CPUs (USN-3756-1) intel-microcode_3.20180807a.0ubuntu0.18.04.1_amd64.deb | Linux |
| intel-microcode security update(DSA-4273-1) intel-microcode_3.20180703.2~deb9u1_i386.deb | Linux |
| intel-microcode security update(DSA-4273-1) intel-microcode_3.20180703.2~deb9u1_amd64.deb | Linux |
| intel-microcode security update(DSA-4273-2) intel-microcode_3.20180807a.1~deb9u1_amd64.deb | Linux |
| SUSE-SU-2018:2331-1(SUSE Linux Enterprise Desktop 12-SP3 ) ucode-intel-20180807-13.29.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2331-1(SUSE Linux Enterprise Desktop 12-SP3 ) ucode-intel-debuginfo-20180807-13.29.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2331-1(SUSE Linux Enterprise Desktop 12-SP3 ) ucode-intel-debugsource-20180807-13.29.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2335-1(SUSE Linux Enterprise Server 11-SP4 ) microcode_ctl-1.17-102.83.27.1.x86_64.rpm | Linux |
| Observable Discrepancy Vulnerability (CVE-2018-3640) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-602004 | macOS Mojave 10.14.6 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234