CVE-2018-3640
Published: 21 May 2018
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Notes
Author | Note |
---|---|
tyhicks |
V3a - Rogue Register Load Will be entirely addressed by microcode updates. No kernel changes are needed. |
Priority
Status
Package | Release | Status |
---|---|---|
intel-microcode
Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Released
(3.20180807a.0ubuntu0.18.04.1)
|
|
trusty |
Released
(3.20180807a.0ubuntu0.14.04.1)
|
|
upstream |
Needed
|
|
xenial |
Released
(3.20180807a.0ubuntu0.16.04.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.6 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |