PT-2018-2590 · Arm+5 · Arm+5

Published

2018-05-21

·

Updated

2024-06-15

·

CVE-2018-3640

CVSS v3.1

5.6

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Microprocessors (affected versions not specified)
Description The issue concerns systems with microprocessors that use speculative execution and perform speculative reads of system registers, potentially allowing unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. This is related to the use of speculative reading of system registers in Intel and ARM processors. An attacker could exploit this issue using a specially crafted application to reveal system parameters.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203

Related Identifiers

ALT-PU-2018-2096
ALT-PU-2018-2253
BDU:2019-01065
CVE-2018-3640
DLA-1446-1
DLA-1506-1
DSA-4273-1
DSA-4273-2
MGASA-2018-0322
OPENSUSE-SU-2018_1904-1
OPENSUSE-SU-2018_2399-1
OPENSUSE-SU-2024:11478-1
SUSE-SU-2018:1926-1
SUSE-SU-2018:1935-1
SUSE-SU-2018:1935-2
SUSE-SU-2018:2076-1
SUSE-SU-2018:2331-1
SUSE-SU-2018:2331-2
SUSE-SU-2018:2335-1
SUSE-SU-2018:2338-1
USN-3756-1

Affected Products

Alt Linux
Arm
Huawei Vrp
Intel
Suse
Ubuntu