CVE-2018-3640
MEDIUMIntel Atom C/E/Z - Information Disclosure via Rogue System Register Read
Title source: llmDescription
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
References (22)
Core 22
Core References
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
Third Party Advisory x_refsource_confirm
http://support.lenovo.com/us/en/solutions/LEN-22133
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
https://www.us-cert.gov/ncas/alerts/TA18-141A
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042004
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040949
Various Sources x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
Third Party Advisory x_refsource_confirm
https://www.synology.com/support/security/Synology_SA_18_23
Vendor Advisory x_refsource_confirm
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/180049
Third Party Advisory x_refsource_confirm
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
Patch, Third Party Advisory, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
Various Sources x_refsource_confirm
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4273
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104228
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3756-1/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180521-0001/
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
Scores
CVSS v3
5.6
EPSS
0.0156
EPSS Percentile
81.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (50)
arm/cortex-a
15
arm/cortex-a
57
arm/cortex-a
72
intel/atom_c
c2308
intel/atom_c
c3308
intel/atom_c
c3338
intel/atom_c
c3508
intel/atom_c
c3538
intel/atom_c
c3558
intel/atom_c
c3708
... and 40 more
Published
May 22, 2018
Tracked Since
Feb 18, 2026