CVE-2018-3640

Description

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

How to fix CVE-2018-3640

To remediate CVE-2018-3640, upgrade the affected package to a fixed version below.

Debian/intel-microcode—upgrade to 3.20180703.1 or later

Is CVE-2018-3640 being exploited?

Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.20180703.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-3640