csaf_redhat - rhsa-2018

rhsa-2018_2396

Vulnerability from csaf_redhat

Published

2018-08-14 20:17

Modified

2024-11-05 20:43

Summary

Red Hat Security Advisory: kernel-rt security and bug fix update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646 and Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-693.37.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1599860)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646)\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nRed Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646 and Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.37.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1599860)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2396",
        "url": "https://access.redhat.com/errata/RHSA-2018:2396"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/L1TF",
        "url": "https://access.redhat.com/security/vulnerabilities/L1TF"
      },
      {
        "category": "external",
        "summary": "1566890",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
      },
      {
        "category": "external",
        "summary": "1585005",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585005"
      },
      {
        "category": "external",
        "summary": "1599860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599860"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2396.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-05T20:43:06+00:00",
      "generator": {
        "date": "2024-11-05T20:43:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2018:2396",
      "initial_release_date": "2018-08-14T20:17:22+00:00",
      "revision_history": [
        {
          "date": "2018-08-14T20:17:22+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-08-14T20:17:22+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T20:43:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                "product": {
                  "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                  "product_id": "6Server-MRG-Realtime-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise MRG for RHEL-6"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
                  "product_id": "kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-693.37.4.rt56.629.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
                  "product_id": "kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-693.37.4.rt56.629.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-693.37.4.rt56.629.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
                "product": {
                  "name": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
                  "product_id": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.37.4.rt56.629.el6rt?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src"
        },
        "product_reference": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch"
        },
        "product_reference": "kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch"
        },
        "product_reference": "kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel OSSIRT"
          ],
          "organization": "Intel.com"
        }
      ],
      "cve": "CVE-2018-3620",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-03-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1585005"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Kernel: hw: cpu: L1 terminal fault (L1TF)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3620"
        },
        {
          "category": "external",
          "summary": "RHBZ#1585005",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585005"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3620",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3620",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3620"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/articles/3562741",
          "url": "https://access.redhat.com/articles/3562741"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/L1TF",
          "url": "https://access.redhat.com/security/vulnerabilities/L1TF"
        },
        {
          "category": "external",
          "summary": "https://foreshadowattack.eu/",
          "url": "https://foreshadowattack.eu/"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
        },
        {
          "category": "external",
          "summary": "https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow",
          "url": "https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow"
        },
        {
          "category": "external",
          "summary": "https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know",
          "url": "https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know"
        }
      ],
      "release_date": "2018-08-14T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-08-14T20:17:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Kernel: hw: cpu: L1 terminal fault (L1TF)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jann Horn"
          ],
          "organization": "Google Project Zero"
        },
        {
          "names": [
            "Ken Johnson"
          ],
          "organization": "Microsoft Security Response Center"
        }
      ],
      "cve": "CVE-2018-3639",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-03-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1566890"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: cpu: speculative store bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "RHBZ#1566890",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
          "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        }
      ],
      "release_date": "2018-05-21T21:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-08-14T20:17:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: cpu: speculative store bypass"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel OSSIRT"
          ],
          "organization": "Intel.com"
        }
      ],
      "cve": "CVE-2018-3646",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-03-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1585005"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Kernel: hw: cpu: L1 terminal fault (L1TF)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3646"
        },
        {
          "category": "external",
          "summary": "RHBZ#1585005",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585005"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3646",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3646"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/articles/3562741",
          "url": "https://access.redhat.com/articles/3562741"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/L1TF",
          "url": "https://access.redhat.com/security/vulnerabilities/L1TF"
        },
        {
          "category": "external",
          "summary": "https://foreshadowattack.eu/",
          "url": "https://foreshadowattack.eu/"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
        },
        {
          "category": "external",
          "summary": "https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow",
          "url": "https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow"
        },
        {
          "category": "external",
          "summary": "https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know",
          "url": "https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know"
        }
      ],
      "release_date": "2018-08-14T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-08-14T20:17:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Kernel: hw: cpu: L1 terminal fault (L1TF)"
    }
  ]
}

cve-2018-3639

Vulnerability from cvelistv5

Published

2018-05-22 12:00

Modified

2024-09-16 22:55

Severity ?

Summary

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2018:1689	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2162	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1641	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3680-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1997	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1665	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3407	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2164	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2001	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3423	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2003	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3654-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1645	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1643	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1652	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3424	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3402	vendor-advisory, x_refsource_REDHAT
	https://www.us-cert.gov/ncas/alerts/TA18-141A	third-party-advisory, x_refsource_CERT
	https://access.redhat.com/errata/RHSA-2018:1656	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1664	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2258	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1688	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1658	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1657	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2289	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1666	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1042004	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1675	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1660	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1965	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1661	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1633	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1636	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1854	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2006	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2250	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1040949	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:3401	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1737	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1826	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3651-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4210	vendor-advisory, x_refsource_DEBIAN
	https://www.exploit-db.com/exploits/44695/	exploit, x_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2018:1651	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1638	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1696	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2246	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1644	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1646	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:1639	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1668	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1637	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://www.kb.cert.org/vuls/id/180049	third-party-advisory, x_refsource_CERT-VN
	https://access.redhat.com/errata/RHSA-2018:1686	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2172	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1663	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3652-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1629	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1655	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1640	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1669	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1676	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://access.redhat.com/errata/RHSA-2018:3425	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2363	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1632	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1650	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2396	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2364	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2216	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3655-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1649	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2309	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/104232	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:1653	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2171	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1635	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2394	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1710	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1659	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1711	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4273	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:1738	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1674	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3396	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1667	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3654-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1662	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1630	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1647	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1967	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3655-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3399	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2060	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1690	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2161	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2328	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1648	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2387	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0148	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1654	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3679-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3777-3/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1642	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3397	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3756-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3398	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3400	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2228	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1046	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html	vendor-advisory, x_refsource_SUSE
	https://seclists.org/bugtraq/2019/Jun/36	mailing-list, x_refsource_BUGTRAQ
	http://www.openwall.com/lists/oss-security/2020/06/10/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/06/10/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/06/10/5	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-22133	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX235225	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_23	x_refsource_CONFIRM
	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	x_refsource_CONFIRM
	http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-263.html	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf	x_refsource_CONFIRM
	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us	x_refsource_CONFIRM
	https://bugs.chromium.org/p/project-zero/issues/detail?id=1528	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180521-0001/	x_refsource_CONFIRM
	https://nvidia.custhelp.com/app/answers/detail/a_id/4787	x_refsource_CONFIRM
	https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html	vendor-advisory, x_refsource_SUSE

Impacted products

▼	Vendor	Product
	Intel Corporation	Multiple

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1689",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1689"
          },
          {
            "name": "RHSA-2018:2162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2162"
          },
          {
            "name": "RHSA-2018:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1641"
          },
          {
            "name": "USN-3680-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3680-1/"
          },
          {
            "name": "RHSA-2018:1997",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1997"
          },
          {
            "name": "RHSA-2018:1665",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1665"
          },
          {
            "name": "RHSA-2018:3407",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3407"
          },
          {
            "name": "RHSA-2018:2164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2164"
          },
          {
            "name": "RHSA-2018:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2001"
          },
          {
            "name": "RHSA-2018:3423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3423"
          },
          {
            "name": "RHSA-2018:2003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2003"
          },
          {
            "name": "USN-3654-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3654-1/"
          },
          {
            "name": "RHSA-2018:1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1645"
          },
          {
            "name": "RHSA-2018:1643",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1643"
          },
          {
            "name": "RHSA-2018:1652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1652"
          },
          {
            "name": "RHSA-2018:3424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3424"
          },
          {
            "name": "RHSA-2018:3402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3402"
          },
          {
            "name": "TA18-141A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
          },
          {
            "name": "RHSA-2018:1656",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1656"
          },
          {
            "name": "RHSA-2018:1664",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1664"
          },
          {
            "name": "RHSA-2018:2258",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2258"
          },
          {
            "name": "RHSA-2018:1688",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1688"
          },
          {
            "name": "RHSA-2018:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1658"
          },
          {
            "name": "RHSA-2018:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1657"
          },
          {
            "name": "RHSA-2018:2289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2289"
          },
          {
            "name": "RHSA-2018:1666",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1666"
          },
          {
            "name": "1042004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "RHSA-2018:1675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1675"
          },
          {
            "name": "RHSA-2018:1660",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1660"
          },
          {
            "name": "RHSA-2018:1965",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1965"
          },
          {
            "name": "RHSA-2018:1661",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1661"
          },
          {
            "name": "RHSA-2018:1633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1633"
          },
          {
            "name": "RHSA-2018:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1636"
          },
          {
            "name": "RHSA-2018:1854",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1854"
          },
          {
            "name": "RHSA-2018:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2006"
          },
          {
            "name": "RHSA-2018:2250",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2250"
          },
          {
            "name": "1040949",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040949"
          },
          {
            "name": "RHSA-2018:3401",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3401"
          },
          {
            "name": "RHSA-2018:1737",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1737"
          },
          {
            "name": "RHSA-2018:1826",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1826"
          },
          {
            "name": "USN-3651-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3651-1/"
          },
          {
            "name": "DSA-4210",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4210"
          },
          {
            "name": "44695",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44695/"
          },
          {
            "name": "RHSA-2018:1651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1651"
          },
          {
            "name": "RHSA-2018:1638",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1638"
          },
          {
            "name": "RHSA-2018:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1696"
          },
          {
            "name": "RHSA-2018:2246",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2246"
          },
          {
            "name": "RHSA-2018:1644",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1644"
          },
          {
            "name": "RHSA-2018:1646",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1646"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:1639",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1639"
          },
          {
            "name": "RHSA-2018:1668",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1668"
          },
          {
            "name": "RHSA-2018:1637",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1637"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "VU#180049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/180049"
          },
          {
            "name": "RHSA-2018:1686",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1686"
          },
          {
            "name": "RHSA-2018:2172",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2172"
          },
          {
            "name": "RHSA-2018:1663",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1663"
          },
          {
            "name": "USN-3652-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3652-1/"
          },
          {
            "name": "RHSA-2018:1629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1629"
          },
          {
            "name": "RHSA-2018:1655",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1655"
          },
          {
            "name": "RHSA-2018:1640",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1640"
          },
          {
            "name": "RHSA-2018:1669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1669"
          },
          {
            "name": "RHSA-2018:1676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1676"
          },
          {
            "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
          },
          {
            "name": "RHSA-2018:3425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3425"
          },
          {
            "name": "RHSA-2018:2363",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2363"
          },
          {
            "name": "RHSA-2018:1632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1632"
          },
          {
            "name": "RHSA-2018:1650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1650"
          },
          {
            "name": "RHSA-2018:2396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2396"
          },
          {
            "name": "RHSA-2018:2364",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2364"
          },
          {
            "name": "USN-3653-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-2/"
          },
          {
            "name": "RHSA-2018:2216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2216"
          },
          {
            "name": "USN-3655-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-1/"
          },
          {
            "name": "RHSA-2018:1649",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1649"
          },
          {
            "name": "RHSA-2018:2309",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2309"
          },
          {
            "name": "104232",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104232"
          },
          {
            "name": "RHSA-2018:1653",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1653"
          },
          {
            "name": "RHSA-2018:2171",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2171"
          },
          {
            "name": "RHSA-2018:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1635"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "RHSA-2018:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2394"
          },
          {
            "name": "RHSA-2018:1710",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1710"
          },
          {
            "name": "RHSA-2018:1659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1659"
          },
          {
            "name": "RHSA-2018:1711",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1711"
          },
          {
            "name": "DSA-4273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4273"
          },
          {
            "name": "RHSA-2018:1738",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1738"
          },
          {
            "name": "RHSA-2018:1674",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1674"
          },
          {
            "name": "RHSA-2018:3396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3396"
          },
          {
            "name": "RHSA-2018:1667",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1667"
          },
          {
            "name": "USN-3654-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3654-2/"
          },
          {
            "name": "RHSA-2018:1662",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1662"
          },
          {
            "name": "RHSA-2018:1630",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1630"
          },
          {
            "name": "RHSA-2018:1647",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1647"
          },
          {
            "name": "RHSA-2018:1967",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1967"
          },
          {
            "name": "USN-3655-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-2/"
          },
          {
            "name": "RHSA-2018:3399",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3399"
          },
          {
            "name": "RHSA-2018:2060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2060"
          },
          {
            "name": "RHSA-2018:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1690"
          },
          {
            "name": "USN-3653-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-1/"
          },
          {
            "name": "RHSA-2018:2161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2161"
          },
          {
            "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
          },
          {
            "name": "RHSA-2018:2328",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2328"
          },
          {
            "name": "RHSA-2018:1648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1648"
          },
          {
            "name": "RHSA-2018:2387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2387"
          },
          {
            "name": "RHSA-2019:0148",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0148"
          },
          {
            "name": "RHSA-2018:1654",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1654"
          },
          {
            "name": "USN-3679-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3679-1/"
          },
          {
            "name": "USN-3777-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3777-3/"
          },
          {
            "name": "RHSA-2018:1642",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1642"
          },
          {
            "name": "RHSA-2018:3397",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3397"
          },
          {
            "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
          },
          {
            "name": "USN-3756-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3756-1/"
          },
          {
            "name": "RHSA-2018:3398",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3398"
          },
          {
            "name": "RHSA-2018:3400",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3400"
          },
          {
            "name": "RHSA-2018:2228",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2228"
          },
          {
            "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
          },
          {
            "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
          },
          {
            "name": "RHSA-2019:1046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1046"
          },
          {
            "name": "openSUSE-SU-2019:1439",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
          },
          {
            "name": "openSUSE-SU-2019:1438",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
          },
          {
            "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/36"
          },
          {
            "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
          },
          {
            "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
          },
          {
            "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX235225"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-263.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
          },
          {
            "name": "openSUSE-SU-2020:1325",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T20:06:27",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "RHSA-2018:1689",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1689"
        },
        {
          "name": "RHSA-2018:2162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2162"
        },
        {
          "name": "RHSA-2018:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1641"
        },
        {
          "name": "USN-3680-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3680-1/"
        },
        {
          "name": "RHSA-2018:1997",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1997"
        },
        {
          "name": "RHSA-2018:1665",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1665"
        },
        {
          "name": "RHSA-2018:3407",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3407"
        },
        {
          "name": "RHSA-2018:2164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2164"
        },
        {
          "name": "RHSA-2018:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2001"
        },
        {
          "name": "RHSA-2018:3423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3423"
        },
        {
          "name": "RHSA-2018:2003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2003"
        },
        {
          "name": "USN-3654-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3654-1/"
        },
        {
          "name": "RHSA-2018:1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1645"
        },
        {
          "name": "RHSA-2018:1643",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1643"
        },
        {
          "name": "RHSA-2018:1652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1652"
        },
        {
          "name": "RHSA-2018:3424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3424"
        },
        {
          "name": "RHSA-2018:3402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3402"
        },
        {
          "name": "TA18-141A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
        },
        {
          "name": "RHSA-2018:1656",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1656"
        },
        {
          "name": "RHSA-2018:1664",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1664"
        },
        {
          "name": "RHSA-2018:2258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2258"
        },
        {
          "name": "RHSA-2018:1688",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1688"
        },
        {
          "name": "RHSA-2018:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1658"
        },
        {
          "name": "RHSA-2018:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1657"
        },
        {
          "name": "RHSA-2018:2289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2289"
        },
        {
          "name": "RHSA-2018:1666",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1666"
        },
        {
          "name": "1042004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042004"
        },
        {
          "name": "RHSA-2018:1675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1675"
        },
        {
          "name": "RHSA-2018:1660",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1660"
        },
        {
          "name": "RHSA-2018:1965",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1965"
        },
        {
          "name": "RHSA-2018:1661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1661"
        },
        {
          "name": "RHSA-2018:1633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1633"
        },
        {
          "name": "RHSA-2018:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1636"
        },
        {
          "name": "RHSA-2018:1854",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1854"
        },
        {
          "name": "RHSA-2018:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2006"
        },
        {
          "name": "RHSA-2018:2250",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2250"
        },
        {
          "name": "1040949",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040949"
        },
        {
          "name": "RHSA-2018:3401",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3401"
        },
        {
          "name": "RHSA-2018:1737",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1737"
        },
        {
          "name": "RHSA-2018:1826",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1826"
        },
        {
          "name": "USN-3651-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3651-1/"
        },
        {
          "name": "DSA-4210",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4210"
        },
        {
          "name": "44695",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44695/"
        },
        {
          "name": "RHSA-2018:1651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1651"
        },
        {
          "name": "RHSA-2018:1638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1638"
        },
        {
          "name": "RHSA-2018:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1696"
        },
        {
          "name": "RHSA-2018:2246",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2246"
        },
        {
          "name": "RHSA-2018:1644",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1644"
        },
        {
          "name": "RHSA-2018:1646",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1646"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:1639",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1639"
        },
        {
          "name": "RHSA-2018:1668",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1668"
        },
        {
          "name": "RHSA-2018:1637",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1637"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "VU#180049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/180049"
        },
        {
          "name": "RHSA-2018:1686",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1686"
        },
        {
          "name": "RHSA-2018:2172",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2172"
        },
        {
          "name": "RHSA-2018:1663",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1663"
        },
        {
          "name": "USN-3652-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3652-1/"
        },
        {
          "name": "RHSA-2018:1629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1629"
        },
        {
          "name": "RHSA-2018:1655",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1655"
        },
        {
          "name": "RHSA-2018:1640",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1640"
        },
        {
          "name": "RHSA-2018:1669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1669"
        },
        {
          "name": "RHSA-2018:1676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1676"
        },
        {
          "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
        },
        {
          "name": "RHSA-2018:3425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3425"
        },
        {
          "name": "RHSA-2018:2363",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2363"
        },
        {
          "name": "RHSA-2018:1632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1632"
        },
        {
          "name": "RHSA-2018:1650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1650"
        },
        {
          "name": "RHSA-2018:2396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        },
        {
          "name": "RHSA-2018:2364",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2364"
        },
        {
          "name": "USN-3653-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-2/"
        },
        {
          "name": "RHSA-2018:2216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2216"
        },
        {
          "name": "USN-3655-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-1/"
        },
        {
          "name": "RHSA-2018:1649",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1649"
        },
        {
          "name": "RHSA-2018:2309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2309"
        },
        {
          "name": "104232",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104232"
        },
        {
          "name": "RHSA-2018:1653",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1653"
        },
        {
          "name": "RHSA-2018:2171",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2171"
        },
        {
          "name": "RHSA-2018:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1635"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "RHSA-2018:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2394"
        },
        {
          "name": "RHSA-2018:1710",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1710"
        },
        {
          "name": "RHSA-2018:1659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1659"
        },
        {
          "name": "RHSA-2018:1711",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1711"
        },
        {
          "name": "DSA-4273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4273"
        },
        {
          "name": "RHSA-2018:1738",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1738"
        },
        {
          "name": "RHSA-2018:1674",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1674"
        },
        {
          "name": "RHSA-2018:3396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3396"
        },
        {
          "name": "RHSA-2018:1667",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1667"
        },
        {
          "name": "USN-3654-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3654-2/"
        },
        {
          "name": "RHSA-2018:1662",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1662"
        },
        {
          "name": "RHSA-2018:1630",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1630"
        },
        {
          "name": "RHSA-2018:1647",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1647"
        },
        {
          "name": "RHSA-2018:1967",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1967"
        },
        {
          "name": "USN-3655-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-2/"
        },
        {
          "name": "RHSA-2018:3399",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3399"
        },
        {
          "name": "RHSA-2018:2060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2060"
        },
        {
          "name": "RHSA-2018:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1690"
        },
        {
          "name": "USN-3653-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-1/"
        },
        {
          "name": "RHSA-2018:2161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2161"
        },
        {
          "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
        },
        {
          "name": "RHSA-2018:2328",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2328"
        },
        {
          "name": "RHSA-2018:1648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1648"
        },
        {
          "name": "RHSA-2018:2387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2387"
        },
        {
          "name": "RHSA-2019:0148",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0148"
        },
        {
          "name": "RHSA-2018:1654",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1654"
        },
        {
          "name": "USN-3679-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3679-1/"
        },
        {
          "name": "USN-3777-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3777-3/"
        },
        {
          "name": "RHSA-2018:1642",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1642"
        },
        {
          "name": "RHSA-2018:3397",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3397"
        },
        {
          "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
        },
        {
          "name": "USN-3756-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3756-1/"
        },
        {
          "name": "RHSA-2018:3398",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3398"
        },
        {
          "name": "RHSA-2018:3400",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3400"
        },
        {
          "name": "RHSA-2018:2228",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2228"
        },
        {
          "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
        },
        {
          "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
        },
        {
          "name": "RHSA-2019:1046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1046"
        },
        {
          "name": "openSUSE-SU-2019:1439",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
        },
        {
          "name": "openSUSE-SU-2019:1438",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
        },
        {
          "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/36"
        },
        {
          "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
        },
        {
          "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
        },
        {
          "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX235225"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-263.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
        },
        {
          "name": "openSUSE-SU-2020:1325",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-05-21T00:00:00",
          "ID": "CVE-2018-3639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1689",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1689"
            },
            {
              "name": "RHSA-2018:2162",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2162"
            },
            {
              "name": "RHSA-2018:1641",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1641"
            },
            {
              "name": "USN-3680-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3680-1/"
            },
            {
              "name": "RHSA-2018:1997",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1997"
            },
            {
              "name": "RHSA-2018:1665",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1665"
            },
            {
              "name": "RHSA-2018:3407",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3407"
            },
            {
              "name": "RHSA-2018:2164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "RHSA-2018:2001",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2001"
            },
            {
              "name": "RHSA-2018:3423",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3423"
            },
            {
              "name": "RHSA-2018:2003",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2003"
            },
            {
              "name": "USN-3654-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3654-1/"
            },
            {
              "name": "RHSA-2018:1645",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1645"
            },
            {
              "name": "RHSA-2018:1643",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1643"
            },
            {
              "name": "RHSA-2018:1652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1652"
            },
            {
              "name": "RHSA-2018:3424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3424"
            },
            {
              "name": "RHSA-2018:3402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3402"
            },
            {
              "name": "TA18-141A",
              "refsource": "CERT",
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "RHSA-2018:1656",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1656"
            },
            {
              "name": "RHSA-2018:1664",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1664"
            },
            {
              "name": "RHSA-2018:2258",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2258"
            },
            {
              "name": "RHSA-2018:1688",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1688"
            },
            {
              "name": "RHSA-2018:1658",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1658"
            },
            {
              "name": "RHSA-2018:1657",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1657"
            },
            {
              "name": "RHSA-2018:2289",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2289"
            },
            {
              "name": "RHSA-2018:1666",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1666"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:1675",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1675"
            },
            {
              "name": "RHSA-2018:1660",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1660"
            },
            {
              "name": "RHSA-2018:1965",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1965"
            },
            {
              "name": "RHSA-2018:1661",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1661"
            },
            {
              "name": "RHSA-2018:1633",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1633"
            },
            {
              "name": "RHSA-2018:1636",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1636"
            },
            {
              "name": "RHSA-2018:1854",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1854"
            },
            {
              "name": "RHSA-2018:2006",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2006"
            },
            {
              "name": "RHSA-2018:2250",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2250"
            },
            {
              "name": "1040949",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "RHSA-2018:3401",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3401"
            },
            {
              "name": "RHSA-2018:1737",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "name": "RHSA-2018:1826",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1826"
            },
            {
              "name": "USN-3651-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3651-1/"
            },
            {
              "name": "DSA-4210",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4210"
            },
            {
              "name": "44695",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44695/"
            },
            {
              "name": "RHSA-2018:1651",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1651"
            },
            {
              "name": "RHSA-2018:1638",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1638"
            },
            {
              "name": "RHSA-2018:1696",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1696"
            },
            {
              "name": "RHSA-2018:2246",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2246"
            },
            {
              "name": "RHSA-2018:1644",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1644"
            },
            {
              "name": "RHSA-2018:1646",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1646"
            },
            {
              "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
            },
            {
              "name": "RHSA-2018:1639",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1639"
            },
            {
              "name": "RHSA-2018:1668",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1668"
            },
            {
              "name": "RHSA-2018:1637",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1637"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "VU#180049",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "RHSA-2018:1686",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1686"
            },
            {
              "name": "RHSA-2018:2172",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2172"
            },
            {
              "name": "RHSA-2018:1663",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1663"
            },
            {
              "name": "USN-3652-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3652-1/"
            },
            {
              "name": "RHSA-2018:1629",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1629"
            },
            {
              "name": "RHSA-2018:1655",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1655"
            },
            {
              "name": "RHSA-2018:1640",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1640"
            },
            {
              "name": "RHSA-2018:1669",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1669"
            },
            {
              "name": "RHSA-2018:1676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1676"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "RHSA-2018:3425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3425"
            },
            {
              "name": "RHSA-2018:2363",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2363"
            },
            {
              "name": "RHSA-2018:1632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1632"
            },
            {
              "name": "RHSA-2018:1650",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1650"
            },
            {
              "name": "RHSA-2018:2396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "RHSA-2018:2364",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2364"
            },
            {
              "name": "USN-3653-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "RHSA-2018:2216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2216"
            },
            {
              "name": "USN-3655-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "RHSA-2018:1649",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1649"
            },
            {
              "name": "RHSA-2018:2309",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2309"
            },
            {
              "name": "104232",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104232"
            },
            {
              "name": "RHSA-2018:1653",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1653"
            },
            {
              "name": "RHSA-2018:2171",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2171"
            },
            {
              "name": "RHSA-2018:1635",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1635"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:1710",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1710"
            },
            {
              "name": "RHSA-2018:1659",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1659"
            },
            {
              "name": "RHSA-2018:1711",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1711"
            },
            {
              "name": "DSA-4273",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "RHSA-2018:1738",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1738"
            },
            {
              "name": "RHSA-2018:1674",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1674"
            },
            {
              "name": "RHSA-2018:3396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3396"
            },
            {
              "name": "RHSA-2018:1667",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1667"
            },
            {
              "name": "USN-3654-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3654-2/"
            },
            {
              "name": "RHSA-2018:1662",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1662"
            },
            {
              "name": "RHSA-2018:1630",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1630"
            },
            {
              "name": "RHSA-2018:1647",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1647"
            },
            {
              "name": "RHSA-2018:1967",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1967"
            },
            {
              "name": "USN-3655-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "RHSA-2018:3399",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3399"
            },
            {
              "name": "RHSA-2018:2060",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2060"
            },
            {
              "name": "RHSA-2018:1690",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1690"
            },
            {
              "name": "USN-3653-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "RHSA-2018:2161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2161"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "RHSA-2018:2328",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2328"
            },
            {
              "name": "RHSA-2018:1648",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1648"
            },
            {
              "name": "RHSA-2018:2387",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "RHSA-2019:0148",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0148"
            },
            {
              "name": "RHSA-2018:1654",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1654"
            },
            {
              "name": "USN-3679-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3679-1/"
            },
            {
              "name": "USN-3777-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "RHSA-2018:1642",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1642"
            },
            {
              "name": "RHSA-2018:3397",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3397"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "USN-3756-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "RHSA-2018:3398",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3398"
            },
            {
              "name": "RHSA-2018:3400",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3400"
            },
            {
              "name": "RHSA-2018:2228",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2228"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "RHSA-2019:1046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1046"
            },
            {
              "name": "openSUSE-SU-2019:1439",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1438",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
            },
            {
              "name": "https://support.citrix.com/article/CTX235225",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX235225"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_23",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-263.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-263.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
              "refsource": "CONFIRM",
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
              "refsource": "CONFIRM",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            },
            {
              "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
              "refsource": "CONFIRM",
              "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
            },
            {
              "name": "openSUSE-SU-2020:1325",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3639",
    "datePublished": "2018-05-22T12:00:00Z",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-09-16T22:55:27.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-3646

Vulnerability from cvelistv5

Published

2018-08-14 19:00

Modified

2024-09-17 02:27

Severity ?

Summary

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

References

▼	URL	Tags
	https://www.kb.cert.org/vuls/id/982149	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id/1041451	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201810-06	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/3741-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2393	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3823-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2389	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1042004	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:2390	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2403	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/105080	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-2/	vendor-advisory, x_refsource_UBUNTU
	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc	vendor-advisory, x_refsource_FREEBSD
	https://www.debian.org/security/2018/dsa-4274	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2018:2388	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3741-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2603	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2402	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/3742-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2404	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2391	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2396	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4279	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2392	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3742-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2602	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2394	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2387	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3756-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-273.html	x_refsource_CONFIRM
	https://foreshadowattack.eu/	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180815-0001/	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-24163	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_45	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	x_refsource_CONFIRM
	https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2018-0020.html	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K31300402	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	Intel Corporation	Multiple

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#982149",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/982149"
          },
          {
            "name": "1041451",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041451"
          },
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "name": "USN-3741-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-2/"
          },
          {
            "name": "RHSA-2018:2393",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2393"
          },
          {
            "name": "USN-3823-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3823-1/"
          },
          {
            "name": "RHSA-2018:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2389"
          },
          {
            "name": "1042004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "RHSA-2018:2403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2403"
          },
          {
            "name": "105080",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105080"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3740-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-2/"
          },
          {
            "name": "FreeBSD-SA-18:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
          },
          {
            "name": "DSA-4274",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4274"
          },
          {
            "name": "FEDORA-2018-1c80fea1cd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
          },
          {
            "name": "RHSA-2018:2388",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2388"
          },
          {
            "name": "USN-3741-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-1/"
          },
          {
            "name": "RHSA-2018:2603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2603"
          },
          {
            "name": "RHSA-2018:2402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2402"
          },
          {
            "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
          },
          {
            "name": "FEDORA-2018-f8cba144ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "RHSA-2018:2404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2404"
          },
          {
            "name": "USN-3740-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-1/"
          },
          {
            "name": "RHSA-2018:2391",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2391"
          },
          {
            "name": "RHSA-2018:2396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2396"
          },
          {
            "name": "DSA-4279",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4279"
          },
          {
            "name": "RHSA-2018:2392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2392"
          },
          {
            "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:2602",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2602"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "RHSA-2018:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2394"
          },
          {
            "name": "RHSA-2018:2387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2387"
          },
          {
            "name": "USN-3756-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3756-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-273.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://foreshadowattack.eu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_45"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K31300402"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:59",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "VU#982149",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/982149"
        },
        {
          "name": "1041451",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041451"
        },
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "name": "USN-3741-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-2/"
        },
        {
          "name": "RHSA-2018:2393",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2393"
        },
        {
          "name": "USN-3823-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3823-1/"
        },
        {
          "name": "RHSA-2018:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2389"
        },
        {
          "name": "1042004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042004"
        },
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "RHSA-2018:2403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2403"
        },
        {
          "name": "105080",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105080"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3740-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-2/"
        },
        {
          "name": "FreeBSD-SA-18:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
        },
        {
          "name": "DSA-4274",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4274"
        },
        {
          "name": "FEDORA-2018-1c80fea1cd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
        },
        {
          "name": "RHSA-2018:2388",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2388"
        },
        {
          "name": "USN-3741-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-1/"
        },
        {
          "name": "RHSA-2018:2603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2603"
        },
        {
          "name": "RHSA-2018:2402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2402"
        },
        {
          "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
        },
        {
          "name": "FEDORA-2018-f8cba144ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "RHSA-2018:2404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2404"
        },
        {
          "name": "USN-3740-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-1/"
        },
        {
          "name": "RHSA-2018:2391",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2391"
        },
        {
          "name": "RHSA-2018:2396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        },
        {
          "name": "DSA-4279",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4279"
        },
        {
          "name": "RHSA-2018:2392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2392"
        },
        {
          "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:2602",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2602"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "RHSA-2018:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2394"
        },
        {
          "name": "RHSA-2018:2387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2387"
        },
        {
          "name": "USN-3756-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3756-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-273.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://foreshadowattack.eu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_45"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K31300402"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-08-14T00:00:00",
          "ID": "CVE-2018-3646",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#982149",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/982149"
            },
            {
              "name": "1041451",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041451"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "USN-3741-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2393",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2393"
            },
            {
              "name": "USN-3823-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3823-1/"
            },
            {
              "name": "RHSA-2018:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2389"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "105080",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105080"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3740-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-2/"
            },
            {
              "name": "FreeBSD-SA-18:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
            },
            {
              "name": "DSA-4274",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4274"
            },
            {
              "name": "FEDORA-2018-1c80fea1cd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
            },
            {
              "name": "RHSA-2018:2388",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2388"
            },
            {
              "name": "USN-3741-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2603",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2603"
            },
            {
              "name": "RHSA-2018:2402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
            },
            {
              "name": "FEDORA-2018-f8cba144ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "RHSA-2018:2404",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2404"
            },
            {
              "name": "USN-3740-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-1/"
            },
            {
              "name": "RHSA-2018:2391",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2391"
            },
            {
              "name": "RHSA-2018:2396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "DSA-4279",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4279"
            },
            {
              "name": "RHSA-2018:2392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2392"
            },
            {
              "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2602",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2602"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:2387",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "USN-3756-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-273.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-273.html"
            },
            {
              "name": "https://foreshadowattack.eu/",
              "refsource": "MISC",
              "url": "https://foreshadowattack.eu/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-24163",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_45",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_45"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
            },
            {
              "name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
              "refsource": "CONFIRM",
              "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K31300402",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K31300402"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3646",
    "datePublished": "2018-08-14T19:00:00Z",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-09-17T02:27:21.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-3620

Vulnerability from cvelistv5

Published

2018-08-14 19:00

Modified

2024-09-17 01:01

Severity ?

Summary

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

References

▼	URL	Tags
	https://www.kb.cert.org/vuls/id/982149	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id/1041451	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201810-06	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/3741-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2393	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3823-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2389	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2390	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2403	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/105080	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-2/	vendor-advisory, x_refsource_UBUNTU
	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc	vendor-advisory, x_refsource_FREEBSD
	https://www.debian.org/security/2018/dsa-4274	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2018:2388	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3741-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2603	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2402	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/3742-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2404	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2391	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2396	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4279	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2392	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3742-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2602	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2394	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2387	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-273.html	x_refsource_CONFIRM
	https://foreshadowattack.eu/	x_refsource_MISC
	http://www.vmware.com/security/advisories/VMSA-2018-0021.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180815-0001/	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K95275140	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-24163	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_45	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	x_refsource_CONFIRM
	https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	Intel Corporation	Multiple

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:29.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#982149",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/982149"
          },
          {
            "name": "1041451",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041451"
          },
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "name": "USN-3741-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-2/"
          },
          {
            "name": "RHSA-2018:2393",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2393"
          },
          {
            "name": "USN-3823-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3823-1/"
          },
          {
            "name": "RHSA-2018:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2389"
          },
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "RHSA-2018:2403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2403"
          },
          {
            "name": "105080",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105080"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3740-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-2/"
          },
          {
            "name": "FreeBSD-SA-18:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
          },
          {
            "name": "DSA-4274",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4274"
          },
          {
            "name": "FEDORA-2018-1c80fea1cd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
          },
          {
            "name": "RHSA-2018:2388",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2388"
          },
          {
            "name": "USN-3741-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-1/"
          },
          {
            "name": "RHSA-2018:2603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2603"
          },
          {
            "name": "RHSA-2018:2402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2402"
          },
          {
            "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
          },
          {
            "name": "FEDORA-2018-f8cba144ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "RHSA-2018:2404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2404"
          },
          {
            "name": "USN-3740-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-1/"
          },
          {
            "name": "RHSA-2018:2391",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2391"
          },
          {
            "name": "RHSA-2018:2396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2396"
          },
          {
            "name": "DSA-4279",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4279"
          },
          {
            "name": "RHSA-2018:2392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2392"
          },
          {
            "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:2602",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2602"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "RHSA-2018:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2394"
          },
          {
            "name": "RHSA-2018:2387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2387"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-273.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://foreshadowattack.eu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95275140"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_45"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:58",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "VU#982149",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/982149"
        },
        {
          "name": "1041451",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041451"
        },
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "name": "USN-3741-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-2/"
        },
        {
          "name": "RHSA-2018:2393",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2393"
        },
        {
          "name": "USN-3823-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3823-1/"
        },
        {
          "name": "RHSA-2018:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2389"
        },
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "RHSA-2018:2403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2403"
        },
        {
          "name": "105080",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105080"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3740-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-2/"
        },
        {
          "name": "FreeBSD-SA-18:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
        },
        {
          "name": "DSA-4274",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4274"
        },
        {
          "name": "FEDORA-2018-1c80fea1cd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
        },
        {
          "name": "RHSA-2018:2388",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2388"
        },
        {
          "name": "USN-3741-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-1/"
        },
        {
          "name": "RHSA-2018:2603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2603"
        },
        {
          "name": "RHSA-2018:2402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2402"
        },
        {
          "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
        },
        {
          "name": "FEDORA-2018-f8cba144ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "RHSA-2018:2404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2404"
        },
        {
          "name": "USN-3740-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-1/"
        },
        {
          "name": "RHSA-2018:2391",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2391"
        },
        {
          "name": "RHSA-2018:2396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        },
        {
          "name": "DSA-4279",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4279"
        },
        {
          "name": "RHSA-2018:2392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2392"
        },
        {
          "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:2602",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2602"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "RHSA-2018:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2394"
        },
        {
          "name": "RHSA-2018:2387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2387"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-273.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://foreshadowattack.eu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95275140"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_45"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-08-14T00:00:00",
          "ID": "CVE-2018-3620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#982149",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/982149"
            },
            {
              "name": "1041451",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041451"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "USN-3741-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2393",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2393"
            },
            {
              "name": "USN-3823-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3823-1/"
            },
            {
              "name": "RHSA-2018:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2389"
            },
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "105080",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105080"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3740-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-2/"
            },
            {
              "name": "FreeBSD-SA-18:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
            },
            {
              "name": "DSA-4274",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4274"
            },
            {
              "name": "FEDORA-2018-1c80fea1cd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
            },
            {
              "name": "RHSA-2018:2388",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2388"
            },
            {
              "name": "USN-3741-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2603",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2603"
            },
            {
              "name": "RHSA-2018:2402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
            },
            {
              "name": "FEDORA-2018-f8cba144ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "RHSA-2018:2404",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2404"
            },
            {
              "name": "USN-3740-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-1/"
            },
            {
              "name": "RHSA-2018:2391",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2391"
            },
            {
              "name": "RHSA-2018:2396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "DSA-4279",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4279"
            },
            {
              "name": "RHSA-2018:2392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2392"
            },
            {
              "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2602",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2602"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:2387",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-273.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-273.html"
            },
            {
              "name": "https://foreshadowattack.eu/",
              "refsource": "MISC",
              "url": "https://foreshadowattack.eu/"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
            },
            {
              "name": "https://support.f5.com/csp/article/K95275140",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95275140"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-24163",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_45",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_45"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
            },
            {
              "name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
              "refsource": "CONFIRM",
              "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3620",
    "datePublished": "2018-08-14T19:00:00Z",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-09-17T01:01:22.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2018_2396

Vulnerability from csaf_redhat

cve-2018-3639

Vulnerability from cvelistv5

cve-2018-3646

Vulnerability from cvelistv5

cve-2018-3620

Vulnerability from cvelistv5

Tags