CVE-2018-3639
intel-microcode - security update
5.5
MEDIUM
CVSS 3.1
EPSS 46.7%
Description
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
How to fix CVE-2018-3639
To remediate CVE-2018-3639, upgrade the affected package to a fixed version below.
- —upgrade to 4.11.0-r0 or later
- —upgrade to 3.20180703.2~deb8u1 or later
- —upgrade to 3.20180703.1 or later
- —upgrade to 3.20180703.2~deb9u1 or later
- —upgrade to 3.20180807a.1~deb9u1 or later
- —upgrade to 4.16.12-1 or later
- —upgrade to 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 or later
- —upgrade to 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 or later
Is CVE-2018-3639 being exploited?
Moderate — EPSS is 46.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (8)
- from 0, < 4.11.0-r0
- from 0, < 3.20180703.2~deb8u1
- from 0, < 3.20180703.1
- from 0, < 3.20180703.2~deb9u1
- from 0, < 3.20180807a.1~deb9u1
- from 0, < 4.16.12-1
- from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
- from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |