CVE-2018-3639

MEDIUM EXPLOITED IN THE WILD RANSOMWARE

Intel Atom C/E/X5/X7/Z - Information Disclosure via Speculative Store Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-3639 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 6 public exploits from researchers including Google Security Research, mmxsrup, tyhicks.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2028-3639, demonstrating a speculative execution side-channel attack (Spectre variant) that leaks data through cache timing. It manipulates memory disambiguation to speculatively execute a gadget and infer secret data.

Description

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Google Security Research · cdoshardware
https://www.exploit-db.com/exploits/44695

This is a proof-of-concept exploit for CVE-2028-3639, demonstrating a speculative execution side-channel attack (Spectre variant) that leaks data through cache timing. It manipulates memory disambiguation to speculatively execute a gadget and infer secret data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Racy
Target: Intel and AMD CPUs (Skylake, Haswell, AMD PRO A8-9600)
No auth needed
Prerequisites: Access to a vulnerable CPU architecture · Ability to execute unprivileged code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 15 stars
by mmxsrup · local
https://github.com/mmxsrup/CVE-2018-3639

This is a proof-of-concept exploit for CVE-2018-3639 (Speculative Store Bypass), demonstrating a side-channel attack to leak a secret key via speculative execution on Linux systems.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Racy
Target: Linux kernel (x86_64) with vulnerable CPUs
No auth needed
Prerequisites: Vulnerable CPU (e.g., Intel/AMD with speculative execution) · Linux environment · Compiler with x86 intrinsics support
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 9 stars
by tyhicks · poc
https://github.com/tyhicks/ssbd-tools

This repository contains tools for testing and verifying the Speculative Store Bypass Disable (SSBD) mitigation for CVE-2018-3639. It includes utilities to toggle, verify, and execute processes with SSBD controls via prctl and seccomp.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel with x86 processors supporting SSBD
Auth required
Prerequisites: Linux kernel with SSBD support · x86 processor with updated microcode · root privileges for MSR access
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Shuiliusheng · remote
https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4-

This is a proof-of-concept exploit for CVE-2018-3639 (Spectre v4: Speculative Store Bypass). It demonstrates a side-channel attack to leak secret data via speculative execution on Linux systems.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Racy
Target: Linux kernel (x86_64) with vulnerable CPU microarchitecture
No auth needed
Prerequisites: Vulnerable CPU supporting speculative execution · Linux environment · GCC compiler
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by malindarathnayake · poc
https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate

This PowerShell script checks for the presence of a specific Windows hotfix (KB4284880) and applies registry updates to mitigate CVE-2018-3639 (Speculative Store Bypass). It also sends an email notification based on whether the mitigation was applied successfully.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Windows OS (various versions)
Auth required
Prerequisites: Administrative privileges on the target system · PowerShell execution policy allowing script execution
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Mehliug-git/PENTEST-RESEARCH

The repository contains a functional Spectre exploit for CVE-2018-3639, demonstrating speculative execution side-channel attacks to leak data. It includes a Makefile and C source code implementing the attack.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Theoretical
Target: CPUs vulnerable to Spectre (CVE-2018-3639)
No auth needed
Prerequisites: Vulnerable CPU architecture · Local execution context
devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (147)

Core 147
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3680-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1689
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2162
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1641
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1997
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1665
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3407
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2164
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2001
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3423
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2003
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3654-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1645
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1643
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1652
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3424
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3402
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
https://www.us-cert.gov/ncas/alerts/TA18-141A
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1656
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1664
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2258
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1688
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1658
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1657
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2289
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1666
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1042004
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1675
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1660
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1965
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1661
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1633
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1636
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1854
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2006
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2250
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040949
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3401
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1737
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1826
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3651-1/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4210
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44695/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1651
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1638
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1696
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2246
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1644
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1646
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1639
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1668
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1637
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/180049
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1686
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2172
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1663
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3652-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1629
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1655
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1640
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1669
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1676
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3425
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2363
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1632
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1650
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2396
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2364
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3653-2/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2216
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3655-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1649
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2309
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104232
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1653
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2171
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1635
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2394
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1710
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1659
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1711
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4273
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1738
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1674
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3396
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1667
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3654-2/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1662
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1630
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1647
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1967
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3655-2/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3399
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2060
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1690
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3653-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2161
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2328
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1648
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2387
Broken Link vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0148
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1654
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3679-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3777-3/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1642
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3397
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3756-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3398
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3400
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2228
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1046
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/36
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/06/10/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/06/10/2
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/06/10/5
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
Third Party Advisory x_refsource_confirm
http://support.lenovo.com/us/en/solutions/LEN-22133
Third Party Advisory x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004
Patch, Third Party Advisory, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
Third Party Advisory x_refsource_confirm
https://support.citrix.com/article/CTX235225
Third Party Advisory x_refsource_confirm
https://www.synology.com/support/security/Synology_SA_18_23
Third Party Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-263.html
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180521-0001/
Third Party Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4787

Scores

CVSS v3 5.5
EPSS 0.4410
EPSS Percentile 97.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2020-02-25
InTheWild.io 2022-05-25
Ransomware Use Confirmed
CWE
CWE-203
Status published
Products (50)
arm/cortex-a 15
arm/cortex-a 57
arm/cortex-a 72
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.10
canonical/ubuntu_linux 18.04
debian/debian_linux 8.0
debian/debian_linux 9.0
... and 40 more
Published May 22, 2018
Tracked Since Feb 18, 2026