CVE-2018-3639 · threatengine.sh

Home/CVE/Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres

CVE

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

MEDIUM · CVSS 5.5 EPSS 0.46733

Schedule remediation

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 2% of all CVEs by exploitation likelihood
Public exploit or PoC is available

Sigma rules1 YARA rules0

⬡

Weakness Classification

CWE-203Observable Discrepancy

▤

Affected Products & Versions

9

intel atom call versions
intel atom eall versions
intel atom x5-e3930all versions
intel atom x5-e3940all versions
intel atom x7-e3950all versions
intel atom zall versions
intel celeron jall versions
intel celeron nall versions
Show all 9 affected productsintel core i3all versions

⚠

Public Exploits & PoCs

1

dosAMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypassverified

◈

Sigma Hunt Rules

1

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

productmediumPowershell Detect Virtualization Environment

See all related Sigma rules for this CVE

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · secure@intel.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD22 May 2018 · 12:29 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

⚑

Vendor Advisories

30

suse-csafopenSUSE-SU-2024:10633-1
suse-csafopenSUSE-SU-2024:10876-1
suse-csafopenSUSE-SU-2024:11008-1
suse-csafopenSUSE-SU-2024:11287-1
suse-csafopenSUSE-SU-2024:11520-1
Show all 30 vendor advisoriessuse-csafSUSE-SU-2023:3349-1
suse-csafSUSE-SU-2023:3324-1
suse-csafSUSE-SU-2023:3333-1
suse-csafSUSE-SU-2021:3969-1
suse-csafSUSE-SU-2021:3007-1
suse-csafSUSE-SU-2020:2605-1
suse-csafSUSE-SU-2020:2540-1
suse-csafopenSUSE-SU-2020:1325-1
suse-csafSUSE-SU-2019:2028-1
suse-csafSUSE-SU-2019:1211-2
suse-csafopenSUSE-SU-2019:1438-1
suse-csafSUSE-SU-2019:1219-1
suse-csafSUSE-SU-2019:1211-1
suse-csafSUSE-SU-2018:3064-3
suse-csafSUSE-SU-2019:0049-2
suse-csafSUSE-SU-2019:0148-1
suse-csafSUSE-SU-2019:0049-1
suse-csafSUSE-SU-2018:3555-1
usnUSN-3777-3
suse-csafSUSE-SU-2018:1362-2
suse-csafSUSE-SU-2018:1377-2
suse-csafSUSE-SU-2018:1614-2
suse-csafSUSE-SU-2018:1699-2
suse-csafSUSE-SU-2018:1935-2
suse-csafSUSE-SU-2018:2331-2

🔗

References & Sources

80

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.htmlBroken Link

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.htmlBroken Link

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlBroken Link

http://support.lenovo.com/us/en/solutions/LEN-22133Third Party Advisory

http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.htmlThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/06/10/1Mailing ListThird Party Advisory

Show all 80 references

http://www.openwall.com/lists/oss-security/2020/06/10/2Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/06/10/5Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/104232Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040949Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042004Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-263.htmlThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:1629Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1630Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1632Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1633Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1635Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1636Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1637Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1638Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1639Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1640Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1641Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1642Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1643Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1644Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1645Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1646Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1647Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1648Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1649Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1650Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1651Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1652Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1653Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1654Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1655Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1656Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1657Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1658Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1659Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1660Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1661Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1662Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1663Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1664Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1665Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1666Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1667Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1668Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1669Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1674Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1675Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1676Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1686Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1688Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1689Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1690Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1696Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1710Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1711Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1737Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1738Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1826Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1854Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1965Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1967Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1997Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2001Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2003Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2006Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2060Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2161Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2162Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2171Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2172Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2216Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2228Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2246Third Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin