← back
CVE-2018-3639

CVE-2018-3639

CVSS 5.5 MEDIUMEPSS 60.6%CWE-203
In short

A flaw in how processors handle memory operations allows local attackers to read sensitive information that should be hidden. The processor sometimes reads data before confirming all previous write operations are complete, creating a side-channel that leaks information.

Technical detail

CVE-2018-3639 (Speculative Store Bypass) exploits speculative execution in processors that load memory before resolving prior store addresses. Local attackers can infer sensitive data through timing analysis and cache-state observation; requires local user access and leverages the processor's speculation mechanism to bypass memory ordering protections.

Summary generated and translated by AI from the official description.
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Intel Corporation · Multiple
public PoCs found6
githubgithub.com/mmxsrup/CVE-2018-363915githubgithub.com/tyhicks/ssbd-tools9githubgithub.com/Shuiliusheng/CVE-2018-3639-specter-v4-1githubgithub.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate0cve_referencewww.exploit-db.com/exploits/44695/unverifiedexploitdbwww.exploit-db.com/exploits/44695unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlhttps://access.redhat.com/errata/RHSA-2018:1629https://access.redhat.com/errata/RHSA-2018:1630https://access.redhat.com/errata/RHSA-2018:1632https://access.redhat.com/errata/RHSA-2018:1633https://access.redhat.com/errata/RHSA-2018:1635https://access.redhat.com/errata/RHSA-2018:1636https://access.redhat.com/errata/RHSA-2018:1637https://access.redhat.com/errata/RHSA-2018:1638https://access.redhat.com/errata/RHSA-2018:1639