VDB
CVE-2018-3640
CVE-2018-3640
PUBLISHED
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
EPSS 1.56% · 81.8th percentile
Risk Scores
EPSS Score
1.56%
81.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | intel-microcode | 2.20140624-t-1ubuntu2, *, 0 |
| Ubuntu:16.04:LTS | intel-microcode | 3.20180425.1~ubuntu0.16.04.2, 3.20150121.1, 3.20151106.1 |
| Ubuntu:18.04:LTS | intel-microcode | 3.20180425.1~ubuntu0.18.04.2, 3.20180425.1~ubuntu0.18.04.1, 3.20180312.0~ubuntu18.04.1 |
Timeline
- Jan 4, 2018 CVE Published
- Oct 10, 2018 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-3640 third-party-advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html third-party-advisory
- https://ubuntu.com/security/notices/USN-3756-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-3640 third-party-advisory
- Multiples vulnérabilités de fuite d'informations dans des processeurs advisory