Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-3640 (GCVE-0-2018-3640)
Vulnerability from cvelistv5
Published
2018-05-22 12:00
Modified
2024-09-16 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Multiple |
Version: Multiple |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "104228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T12:06:05",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "104228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-3640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "TA18-141A",
"refsource": "CERT",
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1040949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_23",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "DSA-4273",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "104228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "USN-3756-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3640",
"datePublished": "2018-05-22T12:00:00Z",
"dateReserved": "2017-12-28T00:00:00",
"dateUpdated": "2024-09-16T19:31:35.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-3640\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2018-05-22T12:29:00.327\",\"lastModified\":\"2024-11-21T04:05:49.447\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.\"},{\"lang\":\"es\",\"value\":\"Los sistemas con microprocesadores que emplean la ejecuci\u00f3n especulativa y que realizan lecturas especulativas de registros del sistema podr\u00edan permitir la divulgaci\u00f3n no autorizada de par\u00e1metros del sistema a un atacante con acceso de usuario local mediante un an\u00e1lisis de canal lateral. Esto tambi\u00e9n se conoce como Rogue System Register Read (RSRE), Variant 3a.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":4.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD028C10-FD07-4206-A732-CCAC1B6D043D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A93010C0-33B3-438F-94F6-8DA7A9D7B451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A988A78-6B3D-4599-A85C-42B4A294D86D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"246AA1B0-B6C8-406B-817D-26113DC63858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00EE5B42-FF05-447C-BACC-0E650E773E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F0E3C4-7E9B-435F-907E-4BF4F12AF314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D616C72-0863-478C-9E87-3963C83B87E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC333B0D-3A0E-4629-8016-68C060343874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6655535C-FF64-4F9E-8168-253AABCC4F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBD68F3F-7E38-40B9-A20B-B9BB45E8D042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EACEF19-83BC-4579-9274-BE367F914432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24128A7F-2B0B-4923-BA9E-9F5093D29423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0990DD71-9E83-499D-9DAF-A466CF896CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B7FEDEF-9772-4FB1-9261-020487A795AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE7B0F72-DEDF-40C4-887C-83725C52C92E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9568C222-9816-4520-B01C-C1DC2A79002D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53A1F23D-7226-4479-B51F-36376CC80B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65AAC7A7-77CA-4C6C-BD96-92A253512F09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD16C07-0050-495A-8722-7AC46F5920F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01423706-C82C-4457-9638-1A2380DE3826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A881E2D3-A668-465F-862B-F8C145BD5E8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6602DD69-E59A-417D-B19F-CA16B01E652C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED96AC16-12CC-43F6-ACC8-009A06CDD8F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CE9DC29-C192-4553-AF29-D39290976F47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F625E647-B47E-404C-9C5B-72F3EB1C46F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5878612-9825-4737-85A5-8227BA97CBA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F453D348-28CE-402B-9D40-A29436A24ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36322F4B-83D7-468A-BB34-1C03729E9BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A2A50E-94FA-44E9-A45D-3016750CFBDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5625CAD8-4A62-4747-B6D9-90E56F09B731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78DE1A01-3AEF-41E6-97EE-CB93429C4A1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"410184AF-B932-4AC9-984F-73FD58BB4CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B265F073-9E0A-4CA0-8296-AB52DEB1C323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F664223-1CBC-4D8A-921B-F03AACA6672B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987A8470-08BA-45DE-8EC0-CD2B4451EECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBC9542-FB77-4769-BF67-D42829703920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74FDC18B-4662-422E-A86A-48FE821C056F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"723E7155-493D-4B5A-99E2-AB261838190E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E37264-E4BA-4D9D-92E7-56DE6B5F918F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8704BE6D-2857-4328-9298-E0273376F2CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1289B9E-5725-42EF-8848-F545421A29E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:32nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50287A9B-366F-41F2-BEBD-D4C64EF93035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:45nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCB79F2F-5522-45D3-A1D1-DC2F5A016D99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:32nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9749C2B0-B919-4172-A2AD-04C99A479F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:45nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F1F45A1-A17D-4895-8A71-00010C7E55D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:32nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D46BF41F-C44C-4D87-862E-0D156A2298DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:45nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5927D78A-EE05-4246-A141-4A8815AB228B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:32nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"579FC479-DEA0-415D-8E8F-18A81A85A471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:45nm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEECAA34-57F4-4B01-857C-C8454E1EDCAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium:n4000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"967252A4-EC1F-4B31-97B8-8D25A3D82070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium:n4100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3205757B-07DB-4115-B3E0-4DF9D0EA2061\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium:n4200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AF8ABFA-BBFD-42F5-9769-00F8CD67F7FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88AF1366-8A14-4741-8146-886C31D8D347\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver:j5005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEAA43A-4D97-4E13-82E1-895F3B368B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver:n5000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB6BAE0B-103D-430E-BAE9-429881620DE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2832E8BF-7AC7-444C-B297-66F770860571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:125c_:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9D0A534-1749-4ED3-8F18-BF826D84EB56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1220_:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B581515E-29CC-462F-BB10-4EA6DE2D6637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1275_:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036D395E-AFE8-4D61-91CC-E9B3CD8B6380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44AA72FB-E78D-419E-AA82-B0538C6504D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687C3BF3-D71A-49AD-8A05-EAC07CBCD949\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90AF90D9-16C4-4F8A-9868-3E2823E3445C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C063C53-8970-45B1-85F8-FB2080BF4695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64596ED7-794A-4D23-987B-D9AD59D48EA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FDA48F0-0F35-4A8F-8117-B0B28E00AB95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A561A8E8-79E2-4071-B57D-590C22EF86A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E46658-60AB-4758-9236-3AC0E6464383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"207B8FBA-E2FF-485A-9AD9-E604AE0FB903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F99640-C753-40BE-A0A1-4C2D92E7DB09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:3600:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36609915-9E0D-4204-B544-4832E1195BA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:5600:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3612AC78-4904-4830-85DF-38A38F617379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:7500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B79CC0FA-3DA1-4812-8E73-B0FF0752E31E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5502:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12F3759-48D2-4208-AD5B-3AC8B012D061\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5503:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7C61D9B-2733-4A67-9D6A-2290123C0405\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5504:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44C3C383-6927-44AD-9488-8B916D5959ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5506:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FC1E41C-7A17-42B7-936D-09A236D9C4D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5507:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E814CB3E-4542-4E3E-91E8-D97EA17C0B1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5520:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FD43D7C-932B-463F-8EB2-3A115FBED4BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5530:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CCD70F8-D81D-467B-8042-5D3B9AC513E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e5540:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D05C68D0-4771-4338-9761-6428195F0318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e6510:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FC2878-389F-4687-8377-E192A1C519BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e6540:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B24CEBE-51B1-4EC5-8770-BFDB0625193A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:e6550:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61BD85A8-39D9-4248-96FE-CAEF4BC7CD44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l3403:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8320D28B-B10D-47AE-9B65-51304F93F9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l3406:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35AD843A-EBB1-42BE-A305-595C23881404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l3426:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D457B8B-50A6-411C-8528-96915B697C1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l5506:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3934C421-BD11-4174-83F4-3E20176F03F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l5508_:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45EE1BA7-5356-4421-9CF2-48DA09EBAE3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l5518_:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92FE452A-EE8B-4ACE-96B1-B6BD81FAC9B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l5520:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47195FE7-3692-42C4-B29E-679A6FE0E220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:l5530:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C033BBFA-67F4-4F24-A042-FF996B327976\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:w5580:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBF7A770-3E90-4466-8595-8E523D82BC62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:w5590:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7922C0-AB84-4331-BE8F-71A0D95D4F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x3430:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"648CB034-89BF-48FF-A3BF-C84C08FE09E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x3440:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A7DC164-65FF-483A-AD69-3E23E449E52C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x3450:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D3DCB95-5139-44C6-8151-8CEFD37F9DAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x3460:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5FEA46-49A2-4082-98D2-56E698A56909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x3470:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B85D7F3-1FA5-4FE1-AAFF-CEE8DF822CC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x3480:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80607FEB-8908-40F6-B702-FD56D849E2D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x5550:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F20575-82C0-466D-8FDD-AAC034247D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x5560:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"648E21A8-6B5F-4C97-A71A-44B97DBB4FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3:x5570:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"172EA906-A08F-4D2A-9814-937C07F77C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDBA35BD-1048-4B6E-96B2-1CFF615EB49A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"979FEE9F-A957-43B6-BB6D-1A851D6FA11C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A7AF59D-D05E-47F9-B493-B5CD6781FDDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF7EC93-0170-45A9-86C7-5460320B2AE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8A7B1C2-D2CE-485A-9376-27E14F3FA05A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F803AC-DCC7-43FC-BEB3-AA7984E0506C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"560993AA-299D-42B7-B77F-1BD0D2114CCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C582B1C-1DAC-48FD-82DD-7334C10A2175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7862B0C-2C44-4110-A62A-083116129612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"048C5996-F719-4338-B148-0DD1C13E02FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9FF7FB-AB5A-4549-8C15-E69458C649E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CEF6608-B650-4C77-9823-0AD57B3484F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BE6A2D7-901C-45F9-B487-D674047D522E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ADCB509-5B0E-4592-8B23-EC25A3F79D41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB51691F-089F-4016-B25E-238074B06C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBAAC728-6A0F-4675-9677-AAF7DD5D38ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EA37503-FD3D-4220-933C-234631D6EDEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72992831-2A76-456B-A80C-944BDD8591E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79C2131-5566-4CC2-B6ED-38E3F6964500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BFDAA6-3DFC-4908-BC33-B05BAB462F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6266056-770A-4E2D-A4FC-F1475257648E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"929AA8F3-8BDF-4614-9806-6D4231735616\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"605D7552-8184-4B11-96FD-FE501A6C97DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3144BBDE-CC96-4408-AA02-ECC3BF902A34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B8BA77A-34E3-4B9E-822A-7B7A90D35790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7165B43-ED22-4714-8FA4-1E201D1BFA69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67CFB133-FAF0-431A-9765-8A9738D6D87C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2975B0F2-DB7C-4257-985A-482ED2725883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70221E07-3C2E-4A82-8259-AD583EB5CDDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"427DFD78-56CD-43C4-948E-F53AF9D669F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75AD7649-3FEA-4971-9886-6C9312B937A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4EE972C-6BAE-4342-BA01-1D685487F9C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27CDFE3B-C064-49A9-BD43-3F7612257A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD0EEC1-D695-41A5-8CD6-9E987A547CC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBF25B8-D474-4C6B-8E45-F57DDC7074E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DF18FD1-6670-4C3C-8000-A079C69D575E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"921EB5A5-F911-4FCE-A6F1-C66818B34678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13878C13-1C7C-4B83-AF27-4998E8F659DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"023063E1-2DD7-487C-A8A7-939FAEE666A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77255CE6-D7B7-4B48-993C-7100A1170BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40AC368-3A14-4EFF-A8D0-7EFB4C83045D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C07E80D5-70A5-49C9-9044-D683C7ECCFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63668AF4-F29C-4424-8EC5-2F0A5950DD58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09C1C7CD-538D-4D7A-A81C-10DF5376A479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5922F749-2B23-44B8-8A46-F31BCAEAD279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C48BBAF-6B27-43D6-B86B-40CD8E7BA056\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D75D0EEB-707C-4C86-A569-E91E9F00BA77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FB0E20-0243-40A1-8DEF-37150791222E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CFF26D-8AD3-4179-9E4C-F06D7C858C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7541572C-229F-4963-B7F0-06EB3323E53B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"479F7C77-D16F-4E40-9026-3EB8422E0401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04DB08C8-0018-4A8E-A206-097BDDF83B08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7193E85-30BE-42D5-A26B-3F88817F3574\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"446E8515-45FC-4B8B-8D12-60643D64C07F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBBDF6B2-D388-4639-87D8-064AA3F6B6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00AAB8B6-B614-4EAA-BA90-C5326CB5D07A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A371DF9-E224-404F-99C2-C2A4607E62D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F40E356-365D-44B7-8C38-A0C89DDD6D3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3132029-89F8-4359-A0DC-A275785266A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02F5685-0636-48AB-B222-434CA1F3B336\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ED4693C-DECF-4434-90C0-56158F102E7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB408A6B-0842-43DA-9180-B0A299FCBCE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6215EBAC-7C75-4647-9970-482120897F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B1BD2B6-1AF6-4AD4-94FA-94B453A21908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D1FD6E8-80EC-461F-9ED1-CE5912399E80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96F585E-BDEF-45EE-B0AB-94FE23753AC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3279C067-3058-4D46-A739-05404FD0E9B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0855225-F501-486A-BD03-2A86FD252B5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"214C7B0C-C438-4000-9F9B-6D83294243AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C91AA2E-4BB2-49C8-9364-4E363DF42CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA26781F-5A1C-4DA5-835E-D984D697F22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EEA4222-F25D-4457-80AA-6D05CA918D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6777AC35-9D1F-4153-94AC-B25627D730E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F063F4-8994-4E46-BA7B-A12A112009BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D6F2DE5-AF11-439A-8D37-30CB882ECD58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E213DD86-5419-42C8-BF38-7795DDB3C582\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A972291E-5231-439D-873B-2F87BCAF800A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C089CC54-3229-43D7-AA15-73CFA1A43EE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF268D83-C15D-4559-A46F-844E1D9264F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE97C0D-3EA1-4314-A74A-7845C7778FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34293F29-F327-4ADD-BF62-78F63F79BB96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528C0A46-1CC4-4882-985A-0BB41525BC6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"643F3522-A452-4927-944D-532574EC4243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F40B78-4DBA-44EE-8420-086789EFF53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"423BFD8F-4B50-43DA-9979-75FD18FBC953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BAD4A68-0481-476F-BBBD-3D515331368C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"838CEB7C-7C4C-416C-86CE-6E8DD47EF25B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC7D021F-3C97-45B3-B1F7-0AC26959F22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A31AEF3-448D-417B-9589-4BA0A06F2FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7A1D96F-7FFD-413F-ABCE-4530C3D63040\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B8343FE-1320-40AE-A37F-70EF1A4AC4B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD42BA5A-7DA0-409D-8685-E43CF9B61D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5FF80E9-CF28-4EF6-9CFE-4B500A434674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"647B77A4-2F49-4989-AF43-961D69037370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"805B1E33-F279-4303-9DF3-C81039A40C1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE7E0AAE-6539-4024-9055-BE0BAD702143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F1A8828-0765-4799-AD6C-143F45FAAD23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D34618-1CCA-405B-A49C-EB384A09C2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"575D6061-66BC-4862-BC84-ECD82D436E2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56B6EE64-1AD4-46B2-BA65-BB6282E56EB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11650B45-0BDA-42BF-AEF3-83B48DD6A71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3C92BA-827B-48AF-BBB3-FB60A9053C22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EB44CA7-DFE6-4B1A-9A63-97AE30017E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B305EFA-6226-412C-90EE-F0691F2DDDE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F3874FA-63CB-4B5D-8B64-CE920320A4E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0800ED17-50E4-43F3-B46C-591DFA818BA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A46B0405-F301-4209-8766-6E12EAFAD157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F99F9F1F-A967-4884-96CF-4488102DC0A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA9B37AD-4599-425B-B39F-E571F4975266\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5A5F1CF-A1E6-45F1-8B09-36566778DB57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"698C8A49-888B-4675-B3B0-25EDE2FD515E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70D98F97-8EF4-48B5-84BE-C3CC27031FDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B473D1FA-909B-492E-9C5B-94B0E20E1C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD5EA7E-322E-4CE6-89D4-7DB1055C9034\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67836379-4E1A-45CD-9506-7D3F612E47C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1BBC61-8664-4452-93A7-DDB4D2E4C802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"044F0375-DF2F-4D9B-AD7E-473D34165E8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A0655CA-A88C-4632-9A18-560E3F63B2F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6965851-3B29-4C21-9556-97FD731EAA85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52984FD2-44E0-4E91-B290-0376737EEF6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF933366-7503-4F8D-B7AA-F6A16210EC37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E2DAF5D-5BB7-49C6-8426-8B547505B6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EABB21D-D021-434B-B147-CAF687097A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7609424D-95F1-4493-A20C-B1BA4EC6439D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966DC636-C802-4D9F-8162-652AFB931203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A75794EB-A5AF-43F0-985F-D9E36F04C6D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C2CFF0-98FD-4A0D-8949-D554B2FE53D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05F9217F-5028-4659-AA8E-F60548DE4D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AC769DC-CF2E-4A3C-A610-264F024E6279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B2B1CBF-D155-49BC-81A4-4172F177A5C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"370B2B32-519E-4373-8A04-5C5025D688BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83D9B562-C279-4A55-A347-F28FC4F9CD12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A8C2BA0-48A8-4107-8681-A7C34C553D8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1B009DE-A82F-4569-9B42-EC1EC4DA8A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"683B6E83-37FF-4F9B-915F-059EBB29DB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E218718F-4BE6-48B0-A204-9DD4A932A654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB0AB327-B60A-473C-9D36-97766EE62D7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA249EE-4786-4E27-8787-5E8B88C2AEB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBD0529-1CF3-44E5-85B3-19A3323C9493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D664EE97-07EC-410F-94C3-AEAB2C6A627D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31DB981-03B1-4A84-8D87-CD407C3C149F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CBD155D-89D9-4677-A621-4D7613BE65C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D02BD0D4-FFFD-4355-97D8-170362F10B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6635781A-2651-4EF2-A5AC-AEEEE63FDE6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DCE6930-760A-48C0-B964-1E3ED6A8517C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E52DE90-DF96-4CE7-B8D1-226BA50E4D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8EB40E7-9B91-4106-B303-2B70AF395BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB0D5CD-8AF3-409D-96A7-718641D4B90D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E420B0B-0CD5-41C7-B25A-3DB856055F9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B0C295B-0D63-4BE7-830D-D927E00C301C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"605C340D-2220-4669-B827-9009CB099E8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8791879D-2908-4F57-8DB3-6D24100A9108\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E823DC5B-98BE-4656-BFBF-3A7018F8F213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E8D558-ADE0-4358-9C76-7BD77BF23AA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7973B3D0-F244-4E26-88F5-A2D9BF2E4503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5CB567-4F86-4466-BE4D-BFF557ACAE0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A52611B-6583-4660-90D7-C9472728072B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E80C6E89-B57C-47BB-8B95-50C03DFB3B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9AB685B-FEE1-41EF-A046-1B34619E12A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB9F6724-967A-4AF0-9896-12BF6164B2CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1116BF-12D7-47CC-98DB-18B200CF9C16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FBB28DE-726B-4AF0-88A5-35987E1E648B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1880E2B8-5E0E-4603-8D17-3ABA43D28179\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FAFBB92-1917-4238-832B-195FBE418271\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91DFDF3F-9A3F-42B8-99A1-A3F76B198358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8778F972-BF34-482F-9FA7-71A77F6138E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F288BB0-FE7A-4900-B227-BE80E4F4AADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E16338-A094-4CA9-B77F-6FE42D3B422C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E07AB33-5351-487D-9602-495489C7C0B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22115ED6-1707-4840-B0D1-AD36BC0C75A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C633BC-831F-4CB7-9D62-16693444B216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DD501E1-E78F-44C6-8A13-C29337B07EBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9085BA0B-B7E2-4908-90C0-B4183891C718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81971C2F-137A-4F11-8C93-3B99D4CD1B58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98E0BDAC-398E-406B-B2DB-AE049D6E98B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86AFDE6C-DE58-4C4D-882E-474EF6C3D934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950C6BF9-AA47-4287-AC01-D183237490FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2355181D-D8EE-4F80-8280-13D5CBCF4779\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5209343F-66B0-4DC0-9111-E2E64CFF7409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"720109A6-B79E-48E1-9AE7-7708B154788E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82FF0DBD-AE13-4232-80F7-F4C2E2CC9721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5E944ED-8C02-46B8-BF95-0CE4C352753B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77AEA3D1-4846-46E2-9B80-20B19F00DC11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1576978F-E93D-4A47-90B6-6A4E3A7DE558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D339FE5-001F-4005-88A5-CFFE37F9B63E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BDABA86-497E-497E-A5BA-46F913A4840A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD886F4C-DB6F-4DDD-9807-8BCBB625C226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C454B7-E5F4-4AAE-B577-FD71FA002C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38BE2781-3A06-4D62-AC8B-68B721DA526B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DA23772-2EB8-4BEE-8703-26D967EC4503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72DC766A-B1F9-4B83-9F9B-CF603EE476BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA594740-43C5-4F42-BA5B-00CA8AE7BB60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"572B16E2-8118-43A0-9A80-5D96831D55FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FB5C551-BADC-4A3A-93E5-2EBCA0704C51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5383B7A3-1569-4FEB-B299-B87CE8C8A87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A05BBDE0-6C47-4489-9455-7DA7D230ECA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1789AA69-EA31-44D1-82E6-228E48E18586\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A7D5FF-3B1F-4C64-BB81-7A349765520D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F0498B3-393A-4C32-B338-E6014B956755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C451F752-6869-4AFA-BAE5-5C9A54427BF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83710FD1-099B-436D-9640-061D515E10BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"517B71CE-6156-40E1-B068-A2B733E205E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DEEEE5-5055-4CE1-962C-C5F075F4CC02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8718DDAB-3208-48CF-9BCE-54DA1257C16A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1AA901-E822-4240-9D82-C9311E4F87B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1CDE3DF-8E79-4997-94EB-B517FFCAE55C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A0DE13-EB0B-493B-BC84-3AEB3D454776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1727697B-1F59-4E29-B036-C32E9076C523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E69E827C-C0D0-46C7-913A-1C1E02CEAACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2528F3F9-34DC-41DA-8926-382CB3EF5560\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E452C262-5A8D-4D97-BC7F-A4F5FF53A659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D57BF69-D750-4278-98AA-976B0D28E347\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76ADAE30-6CAD-4F5B-B6F7-C18953144C63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A25D792-E21D-43EE-8B9D-67DE066DE5DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C669783-C058-4B4F-BB9A-84B2C4682247\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"159B088B-9A85-4CAA-854A-AA080E528F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBE74A94-FE8F-4749-A35A-AB7D57E24913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"990AC341-0E67-4A81-87E9-EE3EFD9E847E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53BC18B0-58F1-4477-9978-CA7383C197FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"474992FB-842D-4661-A565-44AF2CD78693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"476E1B79-5342-4895-96D7-E97DFC1F5334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBD318D5-89A6-4E28-939C-C5B61396806B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A32C7E89-32ED-4328-9313-FA7D3DDBDC58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2792EED8-2CBD-478E-BC09-05FE830B3147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97B1AF2F-6E48-4DBD-A60E-3088CA4C3771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34E1691D-65B3-45E4-A544-8B29E38D569D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E42F2703-B8AB-410E-AF7B-CD0BE777F061\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31244C94-00A3-499C-A91A-1BEF2FB0E6B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"878FF6E8-8A6D-44CE-9DD1-2C912AB8A193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5078A95B-2BD8-4A37-A356-F53D1A53CB37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BFE67CD-DE53-4C4E-8245-35902AEFA6E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F231D31-3AAD-4C5D-A225-D2DF94486718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5998DF5D-E785-45EC-B8D0-1F4EC4F96D50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EADFD013-0BFB-427C-98E6-F9E4774DCBC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58620B10-FEA6-456D-B6B5-2745F5DBE82D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4858A1F0-97F2-4258-AB98-027BF1EC5117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C961A8B-EAFD-4F66-9432-BCC0D154ECCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"052DE6CD-A1E7-4E81-B476-66EF451061C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"751B3AC8-D45E-46B6-83D5-311B693F3C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9588277A-0B97-4408-9CF7-11271CDAADD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"479FE854-85E5-4ED0-BFAF-2618C9053082\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E048B9BF-77C8-49F7-9F2D-9999F79BA264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD16D4D-E816-486D-96F4-5A2BF75B959F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"169C558E-1A83-47D5-A66B-035BD1DD56FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D683E509-3FB2-4175-BCAB-4EB1B5C04958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCFA915-5445-4732-9F8F-D7561BA4177F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63A9FD98-C22D-48F6-87A1-60791C818A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85F99F24-1783-4E6E-BE61-04C2E80356ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85289E4C-C813-4677-867D-EE8E98F4A1A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27C8150F-BEFA-406D-9F0D-E7CB187E26AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E807F90-819F-4103-B1F7-4CE46971BD63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD93203F-71B9-4F87-B5D8-FD273451C8A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E652C74-C48D-4F29-9E85-09325632443F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99158191-3013-4182-8A53-5DFCA1E2C60A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7E39A3E-7EAE-47C9-930B-58A980B73FC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFDA54BA-C00D-4890-9B7F-328257607B21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5EFB1E-334C-4B55-8E2E-6AE19B34774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8260DCA-2F0C-45F7-B35F-D489AF5639F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7778F81B-6D05-4666-B1D4-53DB0EC16858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DC6706A-61F7-4AA0-B2FF-0FFDF739A644\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF1B16B-02F2-4ECA-938E-B5CDCFC67816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5501D8-1B0D-4F5A-AFD7-C63181D3281F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1751F0CE-A0D3-40E2-8EEC-D31141FE33A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FF9AFA7-BBE8-4229-94CB-5A9596728BA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23A777F-68A4-4217-A75A-4D8A27E6451A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"392A4337-11F6-4980-A138-4FDBCAD0EBA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2E9BB67-F1FF-4190-889F-78B965CCE934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35607317-0928-4297-A33E-D44BEE1BBEC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D48323B1-7FEB-451F-A064-23E7CE7F6403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5763189-7980-4A72-92C9-1908FE9E15EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C53ACD49-DA21-4DDE-A0AA-FCCD59D29886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4326D350-EBC2-48E6-A2C6-0499F6826CEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8594E6FE-B6DB-4343-B3DD-AEC19923DAF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BCADA00-E453-414D-9933-FCB43D21BBC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E62212D9-F707-4A8E-AB2A-A3985E7A4049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"561755A8-8AAD-4F41-8266-747EFDAF2D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6F4BB0F-DAF4-479B-B78A-7929C151AA1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A207312E-1D35-4464-A111-22C4C793E146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9B16E32-07D5-445B-BAA5-4E4A0881BFC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CF08F6B-2ECB-414C-82D7-C06085BF8B10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21032BE3-74D8-4C3F-B461-158F475B6853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F9AC992-59B7-44EE-9FF3-567AC48938AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:85115:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DB6A2ED-D433-4A8E-8044-02571D0BBD92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:85118:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F819519-61B6-4ED0-8A23-509D6B26ACE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:85119t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2D81C40-4BD0-4D25-95B4-44BE2011F117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:85120:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85C3A39E-29D3-4C02-89A6-D5B3475EF592\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:85120t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C70340A2-71DC-4D4D-BA2E-2B2E9ACDBE5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:85122:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"586DB792-9FF6-4253-9DAE-F3ACA3F1C489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86126:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"330576E9-3A92-4E22-BBC0-94A12ACE1032\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86126f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C644430-A075-40E1-8E35-15B97D8E9078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86126t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAC094AC-0A3A-43F3-823A-089235D04A7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86128:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5835FB20-922D-4478-8E4B-A53CCEE46198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86130:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667A34BF-8699-477D-B30A-CEF0A36FC81B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86130f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE586938-ED60-40EA-8177-30267C7A3E58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86130t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF902C36-0708-4B93-9504-5EA7EEDD628F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86132:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0BC5EBB-2F1A-45C4-A8A7-122FBE4CBC93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86134:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795F5800-8C06-426B-80AA-20F8E402ACAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86134m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"173E49AF-95A9-4DAE-8C74-13CFCA8F0726\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86136:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECE96391-4F25-4505-B757-D1F15ABD9FAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86138:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D037E4BA-35B9-42CB-9DDE-BED3DF49B958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86138f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43288516-FA4D-4D8F-9E69-EA27115EB43B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86138t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13EF19E9-FE9A-4ED7-8D9E-848F10C088B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86140:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB72D0E-0E34-4EF3-98FB-52BE4A135D2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86140m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDE7F94-D938-40BA-A1F6-CE52D0B74ECB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86142:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0E39247-337C-49D1-BF1B-504F2DA4EBA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86142f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A45FA7CB-6523-4042-8832-193D87102F57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86142m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E350A6-9EC7-4E14-9790-040F154CE15D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86144:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8D70B4E-6B85-459C-AACA-59AB5CCC0B38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86146:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565EB5E9-3B86-4353-BFF6-3F5D27140B42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86148:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A32CBB5D-392A-4CD1-82D3-A97D822FADFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86148f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"383E08FE-EE7A-4E41-9AAD-786779D4B5E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86150:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D50C6D5-3452-4214-B3FF-9F8009D75C3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86152:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A93954C6-9B01-4CEB-8925-5D3F415AFC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_gold:86154:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7D54E5-6EDE-44DE-AEA6-F7F76E3EC36F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CB2949C-4699-49EF-83EB-31199E0CE2DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66C169DC-EEFE-4DE6-A3D0-65B606527240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD28227A-8888-43B2-BC41-8D54B49DA58C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7984BAEA-4518-4E17-830E-B34D09648BD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C2214E5-491E-448F-A4B6-A497FB44D722\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AE93013-C262-46A5-8E77-D647881EE632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85B53CEC-943F-4966-8EC1-CB2C6AD6A15B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEAC04A3-EBE3-406B-B784-A3547162ECE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15720FFE-B2A4-4347-BCD7-DFA6774C0B8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F46B0E-C746-44B4-B343-E3DCAB4B98DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AE30903-4F75-4D71-A8BB-44D1099E9837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98311EAA-26C8-4092-8BE5-4E7BEAA68DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB8CF348-811C-4342-ACB9-AFCABCC34331\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71998EC5-EC0F-496C-B658-3CD91D824944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F19B2A-E7A1-4B97-AC40-02B0D3673555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6387C9-C0A8-4B26-BC62-802775CD0AD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFEB0164-77C2-4EC2-92FD-5FCE246119CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB20210-337C-4220-8CA1-F4B2BC54EBC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F699569F-4F52-4CC0-90D9-CC4CBC32428A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBAED22B-D097-49C4-ADDF-4B3F3E1262D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7756B588-5A63-4508-8BDD-92DB8CB0F4AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"316E26AE-67A5-4E75-8F9B-ECF4A03AED51\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"001AB619-157E-40B4-B86C-5DB18245D62F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38D51E27-28A3-47A1-9C36-1A223858E352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"365DF3EF-E7D1-41FC-8382-D3B095542D59\"}]}]}],\"references\":[{\"url\":\"http://support.lenovo.com/us/en/solutions/LEN-22133\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104228\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040949\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1042004\",\"source\":\"secure@intel.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf\",\"source\":\"secure@intel.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\",\"source\":\"secure@intel.com\"},{\"url\":\"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html\",\"source\":\"secure@intel.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html\",\"source\":\"secure@intel.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013\",\"source\":\"secure@intel.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005\",\"source\":\"secure@intel.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180521-0001/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3756-1/\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4273\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/180049\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_23\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.us-cert.gov/ncas/alerts/TA18-141A\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://support.lenovo.com/us/en/solutions/LEN-22133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1042004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180521-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3756-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4273\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/180049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.us-cert.gov/ncas/alerts/TA18-141A\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CERTFR-2018-ALE-001
Vulnerability from certfr_alerte
[Mise à jour du 25/05/2018 : ajout de bulletins Microsoft (cf. section Documentation)]
[Mise à jour du 22/05/2018 : publications de nouvelles variantes]
[Mise à jour du 23/02/2018 : annonce d'Intel sur la sortie des mises à jour des micrologiciels (cf. section Solution)]
[Mise à jour du 12/02/2018 : ajout des bulletins de sécurité VMware, RedHat et SUSE (cf. section Solution)]
[Mise à jour du 23/01/2018 : modification des recommandations suite au communiqué d'Intel (cf. section Solution)]
Le 4 janvier 2018, deux vulnérabilités affectant plusieurs familles de processeurs et pouvant conduire à des fuites d'informations ont été rendues publiques [1][2]. Intitulées Spectre et Meltdown, ces deux vulnérabilités ont reçu les identifiants CVE-2017-5715, CVE-2017-5753 pour Spectre et CVE-2017-5754 pour Meltdown. Le 21 mai 2018, deux nouvelles vulnérabilités identifiées CVE-2018-3639 et CVE-2018-3640, reposant sur des principes similaires, ont également été publiées [42].
Vulnérabilité Meltdown
Les processeurs modernes intègrent plusieurs fonctionnalités visant à améliorer leurs performances. Parmi celles-ci, l'exécution dite out-of-order permet d'exécuter les instructions d'un programme en fonction de la disponibilité des ressources de calculs et plus nécessairement de façon séquentielle. Une faiblesse de ce mécanisme peut cependant conduire à l'exécution d'une instruction sans que le niveau de privilèges requis par celle-ci ne soit correctement vérifié. Bien que le résultat de l'exécution d'une telle instruction ne soit pas validé par la suite, il peut être possible de récupérer l'information en utilisant une attaque par canaux cachés.
La vulnérabilité CVE-2017-5754 exploite l’exécution out-of-order sur des instructions requérant un haut niveau de privilège pour permettre l'accès en lecture à des zones mémoires propres au système d’exploitation depuis du code s’exécutant de façon non-privilégiée. En particulier, l'exploitation de cette vulnérabilité permet d'accéder depuis un programme utilisateur à la mémoire du système d'exploitation. Cela peut conduire à des fuites de données sensibles présentes en mémoire et peut inclure des informations d'autres programmes ou encore des clés de chiffrement. Cette fuite d'informations peut aussi être mise en œuvre pour faciliter la compromission d'un système.
La vulnérabilité CVE-2018-3640 exploite l’exécution out-of-order sur des instructions requérant un haut niveau de privilège pour permettre l'accès en lecture à des registres propres au système d’exploitation depuis du code s’exécutant de façon non-privilégiée. En particulier, l'exploitation de cette vulnérabilité permet d'accéder depuis un programme utilisateur à des paramètres de configuration du processeur. Cette fuite d'informations peut aussi être mise en œuvre pour faciliter la compromission d'un système.
Vulnérabilité Spectre
L'exécution spéculative est une seconde technique d'optimisation utilisée par les processeurs modernes. Les dépendances entre les instructions limitent les possibilités d'exécution out-of-order. Pour remédier à cette limitation, le processeur émet des hypothèses concernant les résultats non encore disponibles. Ceci lui permet de poursuivre l’exécution out-of-order en utilisant ces hypothèses en remplacement des résultats attendus. On parle alors d'exécution spéculative. Ces hypothèses sont vérifiées par le processeur dès que les résultats auxquels elles se rapportent deviennent disponibles. Si elles se révèlent correctes, le processeur valide l'exécution spéculative. Mais inversement, si elles se révèlent erronées, les effets de l'exécution spéculative doivent être annulés et l'exécution doit reprendre au point on les hypothèses erronées avaient été émises, c'est à dire là où l'exécution spéculative avait débutée.
Cependant les effets d'une exécution spéculative erronée sur le cache perdurent. Or, en mesurant des temps d'accès à des zones mémoires, il est possible de connaître l'état du cache. Par conséquent, un attaquant sera capable de déterminer les résultats intermédiaires d'une exécution spéculative erronée si ceux-ci influent sur l'état du cache. Cette utilisation du cache pour mener à bien l'exploitation est commune aux trois variantes de Spectre.
Variante 1 (CVE-2017-5753)
Le prédicteur de branches est un composant du processeur utilisé pour émettre des hypothèses concernant l'adresse de la prochaine instruction à exécuter. En particulier, il est utilisé pour prédire l'issue des sauts conditionnels. D'autre part, ce composant est partagé entre des codes s'exécutant dans des cloisonnements de sécurité différents (processus, niveaux de privilège).
Dans la variante 1 de Spectre, un attaquant influe sur les heuristiques du prédicteur de branches pour fausser la prédiction d'un saut conditionnel s’exécutant dans un autre cloisonnement de sécurité, ce qui a pour effet de déclencher une exécution spéculative erronée. Un code est vulnérable si cette exécution spéculative erronée modifie le cache de façon qui dépende d'une valeur secrète (c'est à dire non directement accessible depuis le cloisonnement dans lequel se situe l'attaquant).
Exemple de code vulnérable fourni dans l'article:
[pastacode lang="c" manual="if%20(x%20%3C%20array1_size)%0Ay%20%3D%20array2%5Barray1%5Bx%5D%20*%20256%5D%3B" message="" highlight="" provider="manual"/]
Un attaquant maîtrisant la valeur de x peut obtenir une lecture arbitraire dans l'espace d'adressage du processus exécutant le code ci-dessus. Pour cela, l'attaquant commence par soumettre un grand nombre de x valides (c'est à dire vérifiant la condition de la ligne 1) pour faire croire au prédicteur de branches que la condition ligne 1 est toujours vraie. Puis il soumet un x pointant à une adresse arbitraire. Le prédicteur de branches estime néanmoins que la condition est vraie, ce qui déclenche l'exécution spéculative de la ligne 2. La valeur secrète pointée par x est récupérée puis utilisée pour former l'adresse d'une seconde lecture mémoire. Cette seconde lecture aura un effet sur le cache décelable par l'attaquant qui sera alors en mesure de retrouver la valeur secrète.
Variante 2 (CVE-2017-5715)
Le prédicteur de branches est également utilisé pour prédire l'issue des sauts indirects. Dans la variante 2 de Spectre, un attaquant influe sur les heuristiques du prédicteur de branches pour fausser la prédiction d'un saut indirect s’exécutant dans un autre cloisonnement de sécurité, ce qui a pour effet de déclencher une exécution spéculative erronée à une adresse arbitraire maîtrisée par l'attaquant. En choisissant correctement le code exécuté spéculativement, l'attaquant est alors capable d'obtenir une lecture arbitraire dans l'espace d'adressage du processus victime.
Variante 3 (CVE-2018-3639)
Les processeurs émettent également des hypothèses concernant l'adresse de certains accès mémoire. Pour bénéficier de plus de libertés dans l'ordre d'exécution d'opérations de lecture mémoire, le processeur va devoir prédire si celles-ci chevauchent des opérations d'écriture en attente d'exécution. Si une opération de lecture ne chevauche aucune opération d'écriture en attente d'exécution, rien ne s'oppose à qu'elle puisse être exécutée de façon anticipée.
Dans la variante 3 de Spectre, un attaquant influe sur les heuristiques du processeur utilisées pour la prédiction d'adresses, ce qui a pour effet de déclencher une exécution spéculative erronée d'une opération de lecture mémoire et des instructions qui en dépendent. Un code est vulnérable si cette exécution spéculative erronée manipule une valeur secrète et la laisse fuir à travers un état observable du cache
Microsoft (une des parties ayant découvert la vulnérabilité) [43] affirme ne pas avoir identifié de code vulnérable dans leurs produits, ce qui laisse penser que les codes vulnérables sont peu fréquents.
Impact
Les vulnérabilités décrites dans cette alerte peuvent impacter tous les systèmes utilisant un processeur vulnérable et donc de façon indépendante du système d'exploitation. Selon les chercheurs à l'origine de la découverte de ces failles, il est ainsi possible d'accéder à l'intégralité de la mémoire physique sur des systèmes Linux et OSX et à une part importante de la mémoire sur un système Windows.
On notera que l'impact peut être plus particulièrement important dans des systèmes de ressources partagés de type conteneur (Docker, LXC) où il serait possible depuis un environnement restreint d'accéder à toutes les données présentes sur la machine physique dans lequel s'exécute le conteneur ou encore dans des environnements virtualisés utilisant la para-virtualisation de type Xen.
Preuve de concept
Le CERT-FR constate que des preuves de concept fonctionnelles pour Meltdown sont désormais publiques. Les règles Yara suivantes servent à détecter les binaires liés à la bibliothèque publiée par l'Institute of Applied Information Processing and Communications (IAIK) :
[pastacode lang="c" manual="rule%20meltdown_iaik_libkdump_meltdown_nonull%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_nonull%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F*%0A%0A.text%3A00000000000018A6%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018A9%0A%0A.text%3A00000000000018A9%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18A9%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B48j%0A%0A.text%3A00000000000018A9%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018AB%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018AF%2074%20F8%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18A9%0A%0A.text%3A00000000000018B1%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F8%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%20%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown_fast%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_fast%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%20%20%20%20%2F*%0A%0A.text%3A000000000000184F%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20%20rax%2C%20rax%0A%0A.text%3A0000000000001852%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A0000000000001854%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A0000000000001858%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A*%2F%0A%0A%24asm%20%3D%20%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F*%0A%0A.text%3A00000000000018A8%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018AB%0A%0A.text%3A00000000000018AB%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18AB%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B4Dj%0A%0A.text%3A00000000000018AB%2048%208B%2036%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20rsi%2C%20%5Brsi%5D%0A%0A.text%3A00000000000018AE%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018B0%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018B4%2074%20F5%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18AB%0A%0A.text%3A00000000000018B6%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A48%208B%2036%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F5%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D" message="" highlight="" provider="manual"/]
Campagne de pourriels
Le CERT-FR constate qu'une campagne de pourriels visant à distribuer des logiciels malveillants a été lancée afin de profiter de la situation autour des vulnérabilité Spectre et Meltdown [32]. Des attaquants se faisant passer pour la Bundesamt für Sicherheit in der Informationstechnik (BSI), l'équivalent allemand de l'ANSSI, ont envoyé des courriers électroniques invitant leurs destinataires à se rendre sur une copie du site de la BSI. La différence avec le site officiel était une modification de l'alerte concernant les vulnérabilités: l'utilisateur était invité à installer un correctif qui se trouvait être un logiciel malveillant.
Le CERT-FR rappelle de faire preuve de la plus grande vigilance quand à l'ouverture des courriers électroniques ainsi que d'installer les correctifs de sécurité dans les plus brefs délais, et ce uniquement depuis les sources officielles des éditeurs.
Solution
Correctifs disponibles
Plusieurs éditeurs ont publiés des correctifs partiels pour les vulnérabilités Meltdown et Spectre. Le CERT-FR recommande l'application des correctifs disponibles dès que possible.
Apple
Apple indique dans une communication du 4 janvier 2017 que les systèmes iOS 11.2, macOS 10.13.2 et tvOS 11.2 profitent de correctifs contre la vulnérabilité Meltdown [9].
Le 8 janvier 2018, Apple a publié des correctifs pour ses produits iOS, Safari et macOS High Sierra [26].
Mozilla
Mozilla a publié une communication annonçant que la version 57.0.4 de Firefox intègre deux correctifs de sécurité liés aux vulnérabilités décrites dans cette alerte [25].
Microsoft
Microsoft a annoncé dans un communiqué [10] que ses navigateurs Internet Explorer et Edge avaient bénéficié d'un correctif contre la vulnérabilité Spectre sur les systèmes Windows 10 et Windows Server 2016 [11][12]. Les correctifs de sécurité fournis par Microsoft sont néanmoins dépendants des logiciels anti-virus installés sur le système. Pour tous détails sur l'application de ces correctifs le CERT-FR recommande de se reporter au site de l'éditeur. Pour les systèmes 32 bits des versions antérieures à Windows 10 et Windows Server 2016, un correctif sera déployé à l'occasion de la mise à jour mensuelle, le 9 janvier 2018. Pour Windows Server, une simple mise à jour ne suffit par pour se prémunir du problème. Microsoft a publié une série de mesures à mettre en oeuvre pour se protéger [22]. Dans tous les cas, Microsoft conseille de mettre à jour le micrologiciel de son processeur lorsque des correctifs seront disponibles.
SUSE
Des correctifs pour les vulnérabilités Spectre et Meltdown ont été distribués par SUSE [13].
Le 11 janvier 2018, SUSE a publié des correctifs pour le noyau Linux ainsi que pour le microgiciel Intel utilisés par ses produits [29][30].
Red Hat
Des correctifs pour les vulnérabilités Spectre et Meltdown ont été distribués par Red Hat [23].
Ubuntu
Le mardi 9 janvier 2018, Ubuntu a publié plusieurs bulletins de sécurité concernant des correctifs pour la vulnérabilité Meltdown [27]. Le 11 janvier 2018, Ubuntu a publié un bulletin de sécurité annonçant la mise à disposition d'un correctif pour le microgiciel Intel [31].
VMware
Des correctifs contre la vulnérabilité Spectre ont été apportés par VMware pour leurs produits ESXi, Workstation et Fusion sous OS X. Il est à noter que les plateformes ESXi en version 5.5 reçoivent un correctif seulement pour la variante CVE-2017-5715 de Spectre [14].
Android
Dans leur bulletin de sécurité pour les correctifs du mois de janvier 2018 [16], Android annonce ne pas détenir d'informations sur une reproduction des vulnérabilités Spectre et Meltdown sur leurs appareils. Cependant, les correctifs disponibles pour ce mois de janvier 2018 intègrent des mesures permettant de limiter le risque de tels attaques [15].
Dans un communiqué sur l'état de ses produits face aux vulnérabilités Meltdown et Spectre, Google annonce que Chrome OS sous Intel profite de la fonctionnalité KPTI (correctif limitant les effets de la vulnérabilité Meltdown) pour les noyaux en versions 3.18 et 4.4 à partir de la version 63 du système d'exploitation [17].
Citrix
Dans un avis de sécurité daté du 4 janvier 2018 Citrix annonce apporter un correctif de sécurité pour les produits Citrix XenServer 7.1 LTSR CU1 [19].
Amazon AWS
Dans un communiqué du 4 janvier 2018 [20], Amazon indique que les instances disposant d'une configuration par défaut (Amazon Linux AMI) vont bénéficier d'une mise à jour du noyau Linux pour adresser les effets de la vulnérabilité CVE-2017-5754 (Meltdown) [21].
Debian
Le 10 janvier 2018, un bulletin de sécurité publié par Debian propose un correctif pour la vulnérabilité Meltdown [28].
Pour la semaine du 15 au 21 janvier 2018, les éditeurs suivants ont publiés des correctifs pour Meldown et Spectre:
- SUSE [33]
- Oracle [34] [35]
- Red Hat [36]
- Moxa [37] (l'éditeur annonce que d'autres correctifs sont à venir)
Le 22 janvier 2018, Intel a publié un communiqué [38] pour annoncer qu'ils avaient trouvé la cause des dysfonctionnements liés à leur correctif. Dans certains cas, le correctif apporté à leur microgiciel provoquait des redémarrages intempestifs. La situation n'est toutefois pas encore résolue. Intel conseille donc de retarder l'installation du correctif pour le microprocesseur.
Le CERT-FR rappelle qu'il est important d'installer les correctifs de sécurité dans les plus brefs délais. Concernant Spectre et Meldown, il est nécessaire de mettre à jour en priorité les navigateurs puis les systèmes d'exploitation. Toutefois, il est également important de tester ces correctifs dans des environnements contrôlés avant de les pousser en production. Concernant les microgiciels d'Intel, le CERT-FR recommande une prudence accrue dans leurs déploiements voir d'attendre la version finale de ces mises à jour. En matière de risques, l'exploitation de la vulnérabilité Spectre est particulièrement complexe et est la seule à être couverte par la mise à jour du micrologiciel.
Les 8 et 9 février 2018, plusieurs éditeurs ont publiés des correctifs supplémentaires:
- VMware [39]
- Red Hat [40]
- SUSE [41]
Le 20 février 2018, Intel a annoncé que les mises à jour de sécurité des micrologiciels pour certaines familles de processeurs étaient disponibles. Sont concernés les processeurs de type Kaby Lake, Coffee Lake ainsi que certains Skylake ( cf. https://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/). Intel a également mis à jour son calendrier prévisionnel des sorties futures (cf. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf).
Les éditeurs suivants ont également publiés de nouveaux correctifs :
- Ubuntu (cf. )
- SUSE (cf. , et )
- Siemens (cf. )
Contournement provisoire
Dans leur article sur la vulnérabilité Meltdown, les auteurs de la publication indiquent que la fonctionnalité de sécurité KAISER [5] permet de limiter les implications dues à l'exploitation de Meltdown. Ce mécanisme a été intégré dans les dernières versions du noyau Linux sous le nom de Kernel page-table isolation (KPTI) [6] et est en cours d'intégration dans les versions précédentes du noyau.
Cette fonctionnalité renforce la séparation entre les zones mémoires accessibles en mode utilisateur et celles accessibles en mode noyau. De ce fait il n'est donc plus possible de d'accéder lors de l'utilisation de la vulnérabilité Meltdown aux informations noyau.
Systèmes de virtualisation
Les systèmes virtualisés de type Xen sont vulnérables aux failles présentés dans cette alerte. Concernant Meltdown un contournement pouvant être mis en œuvre est d'utiliser une virtualisation matérielle. En effet, d'après un avis de sécurité de l'éditeur [18], la CVE-2017-5754 n'affecte que les systèmes Xen en architecture Intel 64 bits utilisant la para-virtualisation.
D'une façon globale, l'ANSSI a émis un guide relatif à la virtualisation précisant que « les systèmes invités présents sur une même machine physique [doivent manipuler] des données qui ont une sensibilité similaire » [7].
Vérifications des correctifs disponibles
Windows
Microsoft a mis à disposition un script PowerShell qui permet de vérifier si un correctif pour les vulnérabilités a été appliqué sur un système Windows [4].
Linux
Afin de s'assurer de la présence du mécanisme de sécurité KPTI sur un système utilisant un noyau Linux il est possible d'exécuter la commande suivante :
[pastacode lang="bash" manual="dmesg%20%7C%20grep%20'Kernel%2FUser%20page%20tables%20isolation'" message="" highlight="" provider="manual"/]
Dans le cas où KPTI est activé un message sera affiché en sortie.
- Processeurs Intel
- La liste des processeurs vulnérables est fournie dans la section documentation.
- Processeurs AMD
- AMD est vulnérable à Spectre, mais pas à Meltdown.
- Processeurs ARM :
- ARM Cortex-R7
- ARM Cortex-R8
- ARM Cortex-A8
- ARM Cortex-A9
- ARM Cortex-A15
- ARM Cortex-A17
- ARM Cortex-A57
- ARM Cortex-A72
- ARM Cortex-A73
- ARM Cortex-A75
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eProcesseurs Intel \u003cul\u003e \u003cli\u003eLa liste des processeurs vuln\u00e9rables est fournie dans la section documentation.\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eProcesseurs AMD \u003cul\u003e \u003cli\u003eAMD est vuln\u00e9rable \u00e0 Spectre, mais pas \u00e0 Meltdown.\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eProcesseurs ARM : \u003cul\u003e \u003cli\u003eARM Cortex-R7\u003c/li\u003e \u003cli\u003eARM Cortex-R8\u003c/li\u003e \u003cli\u003eARM Cortex-A8\u003c/li\u003e \u003cli\u003eARM Cortex-A9\u003c/li\u003e \u003cli\u003eARM Cortex-A15\u003c/li\u003e \u003cli\u003eARM Cortex-A17\u003c/li\u003e \u003cli\u003eARM Cortex-A57\u003c/li\u003e \u003cli\u003eARM Cortex-A72\u003c/li\u003e \u003cli\u003eARM Cortex-A73\u003c/li\u003e \u003cli\u003eARM Cortex-A75\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u0026nbsp;\u003c/p\u003e ",
"closed_at": "2018-10-10",
"content": "## Solution\n\n### Correctifs disponibles\n\nPlusieurs \u00e9diteurs ont publi\u00e9s des correctifs partiels pour les\nvuln\u00e9rabilit\u00e9s Meltdown et Spectre. Le CERT-FR recommande l\u0027application\ndes correctifs disponibles d\u00e8s que possible.\n\n#### Apple\n\nApple indique dans une communication du 4 janvier 2017 que les syst\u00e8mes\niOS 11.2, macOS 10.13.2 et tvOS 11.2 profitent de correctifs contre la\nvuln\u00e9rabilit\u00e9 Meltdown \\[9\\].\n\nLe 8 janvier 2018, Apple a publi\u00e9 des correctifs pour ses produits iOS,\nSafari et macOS High Sierra \\[26\\].\n\n#### Mozilla\n\nMozilla a publi\u00e9 une communication annon\u00e7ant que la version 57.0.4 de\nFirefox int\u00e8gre deux correctifs de s\u00e9curit\u00e9 li\u00e9s aux vuln\u00e9rabilit\u00e9s\nd\u00e9crites dans cette alerte \\[25\\].\n\n#### Microsoft\n\nMicrosoft a annonc\u00e9 dans un communiqu\u00e9 \\[10\\] que ses navigateurs\nInternet Explorer et Edge avaient b\u00e9n\u00e9fici\u00e9 d\u0027un correctif contre la\nvuln\u00e9rabilit\u00e9 Spectre sur les syst\u00e8mes Windows 10 et Windows Server 2016\n\\[11\\]\\[12\\]. Les correctifs de s\u00e9curit\u00e9 fournis par Microsoft sont\nn\u00e9anmoins d\u00e9pendants des logiciels anti-virus install\u00e9s sur le syst\u00e8me.\nPour tous d\u00e9tails sur l\u0027application de ces correctifs le CERT-FR\nrecommande de se reporter au site de l\u0027\u00e9diteur. Pour les syst\u00e8mes 32\nbits des versions ant\u00e9rieures \u00e0 Windows 10 et Windows Server 2016, un\ncorrectif sera d\u00e9ploy\u00e9 \u00e0 l\u0027occasion de la mise \u00e0 jour mensuelle, le 9\njanvier 2018. Pour Windows Server, une simple mise \u00e0 jour ne suffit par\npour se pr\u00e9munir du probl\u00e8me. Microsoft a publi\u00e9 une s\u00e9rie de mesures \u00e0\nmettre en oeuvre pour se prot\u00e9ger \\[22\\]. Dans tous les cas, Microsoft\nconseille de mettre \u00e0 jour le micrologiciel de son processeur lorsque\ndes correctifs seront disponibles.\n\n#### SUSE\n\nDes correctifs pour les vuln\u00e9rabilit\u00e9s Spectre et Meltdown ont \u00e9t\u00e9\ndistribu\u00e9s par SUSE \\[13\\].\n\nLe 11 janvier 2018, SUSE a publi\u00e9 des correctifs pour le noyau Linux\nainsi que pour le microgiciel Intel utilis\u00e9s par ses produits\n\\[29\\]\\[30\\].\n\n#### Red Hat\n\nDes correctifs\u00a0pour les vuln\u00e9rabilit\u00e9s Spectre et Meltdown ont \u00e9t\u00e9\ndistribu\u00e9s par Red Hat \\[23\\].\n\n#### Ubuntu\n\nLe mardi 9 janvier 2018, Ubuntu a publi\u00e9 plusieurs bulletins de s\u00e9curit\u00e9\nconcernant des correctifs pour la vuln\u00e9rabilit\u00e9 Meltdown \\[27\\]. Le 11\njanvier 2018, Ubuntu a publi\u00e9 un bulletin de s\u00e9curit\u00e9 annon\u00e7ant la mise\n\u00e0 disposition d\u0027un correctif pour le microgiciel Intel \\[31\\].\n\n#### VMware\n\nDes correctifs contre la vuln\u00e9rabilit\u00e9 Spectre ont \u00e9t\u00e9 apport\u00e9s par\nVMware pour leurs produits ESXi, Workstation et Fusion sous OS X. Il est\n\u00e0 noter que les plateformes ESXi en version 5.5 re\u00e7oivent un correctif\nseulement pour la variante CVE-2017-5715 de Spectre \\[14\\].\n\n#### Android\n\nDans leur bulletin de s\u00e9curit\u00e9 pour les correctifs du mois de janvier\n2018 \\[16\\], Android annonce ne pas d\u00e9tenir d\u0027informations sur une\nreproduction des vuln\u00e9rabilit\u00e9s Spectre et Meltdown sur leurs appareils.\nCependant, les correctifs disponibles pour ce mois de janvier 2018\nint\u00e8grent des mesures permettant de limiter le risque de tels attaques\n\\[15\\].\n\n#### Google\n\nDans un communiqu\u00e9 sur l\u0027\u00e9tat de ses produits face aux vuln\u00e9rabilit\u00e9s\nMeltdown et Spectre, Google annonce que Chrome OS sous Intel profite de\nla fonctionnalit\u00e9 KPTI (correctif limitant les effets de la\nvuln\u00e9rabilit\u00e9 Meltdown) pour les noyaux en versions 3.18 et 4.4 \u00e0 partir\nde la version 63 du syst\u00e8me d\u0027exploitation \\[17\\].\n\n#### Citrix\n\nDans un avis de s\u00e9curit\u00e9 dat\u00e9 du 4 janvier 2018 Citrix annonce apporter\nun correctif de s\u00e9curit\u00e9 pour les produits Citrix XenServer 7.1 LTSR CU1\n\\[19\\].\n\n#### Amazon AWS\n\nDans un communiqu\u00e9 du 4 janvier 2018 \\[20\\], Amazon indique que les\ninstances disposant d\u0027une configuration par d\u00e9faut (Amazon Linux AMI)\u00a0\nvont b\u00e9n\u00e9ficier d\u0027une mise \u00e0 jour du noyau Linux pour adresser les\neffets de la vuln\u00e9rabilit\u00e9 CVE-2017-5754 (Meltdown) \\[21\\].\n\n#### Debian\n\nLe 10 janvier 2018, un bulletin de s\u00e9curit\u00e9 publi\u00e9 par Debian propose un\ncorrectif pour la vuln\u00e9rabilit\u00e9 Meltdown \\[28\\].\n\n\u00a0\n\nPour la semaine du 15 au 21 janvier 2018, les \u00e9diteurs suivants ont\npubli\u00e9s des correctifs pour Meldown et Spectre:\n\n- SUSE \\[33\\]\n- Oracle \\[34\\] \\[35\\]\n- Red Hat \\[36\\]\n- Moxa \\[37\\] (l\u0027\u00e9diteur annonce que d\u0027autres correctifs sont \u00e0 venir)\n\n**Le 22 janvier 2018, Intel a publi\u00e9 un communiqu\u00e9 \\[38\\] pour annoncer\nqu\u0027ils avaient trouv\u00e9 la cause des dysfonctionnements li\u00e9s \u00e0 leur\ncorrectif. Dans certains cas, le correctif apport\u00e9 \u00e0 leur microgiciel\nprovoquait des red\u00e9marrages intempestifs. La situation n\u0027est toutefois\npas encore r\u00e9solue. Intel conseille donc de retarder l\u0027installation du\ncorrectif pour le microprocesseur.**\n\n**Le CERT-FR rappelle qu\u0027il est important d\u0027installer les correctifs de\ns\u00e9curit\u00e9 dans les plus brefs d\u00e9lais. Concernant Spectre et Meldown, il\nest n\u00e9cessaire de mettre \u00e0 jour en priorit\u00e9 les navigateurs puis les\nsyst\u00e8mes d\u0027exploitation.\u00a0Toutefois, il est \u00e9galement important de tester\nces correctifs dans des environnements contr\u00f4l\u00e9s avant de les pousser en\nproduction. Concernant les microgiciels d\u0027Intel, le CERT-FR\u00a0recommande\nune prudence accrue dans leurs d\u00e9ploiements voir d\u0027attendre la version\nfinale de ces mises \u00e0 jour. En mati\u00e8re de risques, l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9 Spectre est particuli\u00e8rement\u00a0complexe et est la seule \u00e0\n\u00eatre couverte par la mise \u00e0 jour du micrologiciel.**\n\nLes 8 et 9 f\u00e9vrier 2018, plusieurs \u00e9diteurs ont publi\u00e9s des correctifs\nsuppl\u00e9mentaires:\n\n- VMware \\[39\\]\n- Red Hat \\[40\\]\n- SUSE \\[41\\]\n\nLe 20 f\u00e9vrier 2018, Intel a annonc\u00e9 que les mises \u00e0 jour de s\u00e9curit\u00e9 des\nmicrologiciels pour certaines familles de processeurs \u00e9taient\ndisponibles. Sont concern\u00e9s les processeurs de type Kaby Lake, Coffee\nLake ainsi que certains Skylake (\ncf.\u00a0\u003chttps://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/\u003e).\nIntel a \u00e9galement mis \u00e0 jour son calendrier pr\u00e9visionnel des sorties\nfutures (cf.\n\u003chttps://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf\u003e).\n\nLes \u00e9diteurs suivants ont \u00e9galement publi\u00e9s de nouveaux correctifs :\n\n- Ubuntu\n (cf.\u00a0\u003c/avis/CERTFR-2018-AVI-094/\u003e)\n- SUSE (cf. \u003c/avis/CERTFR-2018-AVI-080/\u003e,\n \u003c/avis/CERTFR-2018-AVI-083/\u003e\u00a0et\n \u003c/avis/CERTFR-2018-AVI-091/\u003e)\n- Siemens (cf.\n \u003c/avis/CERTFR-2018-AVI-095/\u003e)\n\n\u00a0\n\n## Contournement provisoire\n\nDans leur article sur la vuln\u00e9rabilit\u00e9 Meltdown, les auteurs de la\npublication indiquent que la fonctionnalit\u00e9 de s\u00e9curit\u00e9 KAISER \\[5\\]\npermet de limiter les implications dues \u00e0 l\u0027exploitation de Meltdown.\u00a0Ce\nm\u00e9canisme a \u00e9t\u00e9 int\u00e9gr\u00e9 dans les derni\u00e8res versions du noyau Linux sous\nle nom de Kernel page-table isolation (KPTI) \\[6\\] et est en cours\nd\u0027int\u00e9gration dans les versions pr\u00e9c\u00e9dentes du noyau.\n\nCette fonctionnalit\u00e9 renforce la s\u00e9paration entre les zones m\u00e9moires\naccessibles en mode utilisateur et celles accessibles en mode noyau. De\nce fait il n\u0027est donc plus possible de d\u0027acc\u00e9der lors de l\u0027utilisation\nde la vuln\u00e9rabilit\u00e9 Meltdown aux informations noyau.\n\n### Syst\u00e8mes de virtualisation\n\nLes syst\u00e8mes virtualis\u00e9s de type Xen sont vuln\u00e9rables aux failles\npr\u00e9sent\u00e9s dans cette alerte. Concernant Meltdown un contournement\npouvant \u00eatre mis en \u0153uvre est d\u0027utiliser une virtualisation mat\u00e9rielle.\nEn effet, d\u0027apr\u00e8s un avis de s\u00e9curit\u00e9 de l\u0027\u00e9diteur \\[18\\], la\nCVE-2017-5754 n\u0027affecte que les syst\u00e8mes Xen en architecture Intel 64\nbits utilisant la para-virtualisation.\n\nD\u0027une fa\u00e7on globale, l\u0027ANSSI a \u00e9mis un guide relatif \u00e0 la virtualisation\npr\u00e9cisant que \u003cspan class=\"citation\"\u003e\u00ab\u003c/span\u003e les syst\u00e8mes invit\u00e9s\npr\u00e9sents sur une m\u00eame machine physique \\[doivent manipuler\\] des donn\u00e9es\nqui ont une \u003cspan class=\"highlight selected\"\u003esensibilit\u00e9\u003c/span\u003e\nsimilaire \u003cspan class=\"citation\"\u003e\u00bb\u003c/span\u003e \\[7\\].\n\n### V\u00e9rifications des correctifs disponibles\n\n#### Windows\n\nMicrosoft a mis \u00e0 disposition un script PowerShell qui permet de\nv\u00e9rifier si un correctif pour les vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 appliqu\u00e9 sur un\nsyst\u00e8me Windows \\[4\\].\n\n#### Linux\n\nAfin de s\u0027assurer de la pr\u00e9sence du m\u00e9canisme de s\u00e9curit\u00e9 KPTI sur un\nsyst\u00e8me utilisant un noyau Linux il est possible d\u0027ex\u00e9cuter la commande\nsuivante :\n\n\\[pastacode lang=\"bash\"\nmanual=\"dmesg%20%7C%20grep%20\u0027Kernel%2FUser%20page%20tables%20isolation\u0027\"\nmessage=\"\" highlight=\"\" provider=\"manual\"/\\]\n\nDans le cas o\u00f9 KPTI est activ\u00e9 un message sera affich\u00e9 en sortie.\n",
"cves": [
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2018-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
}
],
"initial_release_date": "2018-01-04T00:00:00",
"last_revision_date": "2018-10-10T00:00:00",
"links": [
{
"title": "Avis CERT-FR CERTFR-2018-AVI-005 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-005"
},
{
"title": "Billet de blogue de Microsoft du 3 janvier 2018 sur un correctif pour Internet Explorer et Edge",
"url": "https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de Microsoft KB4056890 du 3 janvier 2018",
"url": "https://support.microsoft.com/en-us/help/4056890/windows-10-update-kb4056890"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-032 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-032/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208394 du 4 janvier 2018",
"url": "https://support.apple.com/en-us/HT208394"
},
{
"title": "Communiqu\u00e9 Ubuntu",
"url": "https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/"
},
{
"title": "CERT KB",
"url": "https://www.kb.cert.org/vuls/id/584653"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de Microsoft KB4056892 du 3 janvier 2018",
"url": "https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892"
},
{
"title": "Avis de s\u00e9curit\u00e9 Amazon ALAS-2018-939 du 4 janvier 2018",
"url": "https://alas.aws.amazon.com/ALAS-2018-939.html"
},
{
"title": "Article ARM d\u00e9taillant les vuln\u00e9rabilit\u00e9s ainsi que les contre-mesures envisag\u00e9es",
"url": "https://developer.arm.com/support/security-update"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Id=8786151194\u0026p_File_Name=SEVD-2018-005-01+-Spectre+and+Meltdown.pdf\u0026p_Reference=SEVD-2018-005-01"
},
{
"title": "Avis de s\u00e9curit\u00e9 ARM du 3 janvier 2017",
"url": "https://developer.arm.com/support/security-update"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-006 Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-006"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180002",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"title": "Avis de vuln\u00e9rabilit\u00e9 d\u0027Intel et liste des processeurs vuln\u00e9rables",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
},
{
"title": "Security Advisory 115 Intel",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft concernant les vuln\u00e9rabilit\u00e9s d\u0027attaques par canaux auxiliaires d\u0027ex\u00e9cution sp\u00e9culative",
"url": "https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s"
},
{
"title": "Billet de blogue Mozilla",
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180013 du 21 mai 2018",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180012 du 21 mai 2018",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180012"
},
{
"title": "Site d\u00e9taillant le principe de la vuln\u00e9rabilit\u00e9",
"url": "https://spectreattack.com/"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-028 Vuln\u00e9rabilit\u00e9 dans le microgiciel Intel pour SUSE",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-028"
},
{
"title": "Commentaires d\u0027AMD sur une \u00e9ventuelle vuln\u00e9rabilit\u00e9 de leurs processeurs",
"url": "https://www.amd.com/en/corporate/speculative-execution"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Juniper",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10842\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-254 du 3 janvier 2018",
"url": "https://xenbits.xen.org/xsa/advisory-254.html"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-017 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-017"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Android du 2 janvier 2018",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-008 Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-008"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-013 Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-013"
},
{
"title": "Site d\u00e9taillant le principe de la vuln\u00e9rabilit\u00e9",
"url": "https://meltdownattack.com/"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-030 Vuln\u00e9rabilit\u00e9 dans le microgiciel Intel pour Ubuntu",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-029"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-030 Vuln\u00e9rabilit\u00e9 dans le microgiciel Intel pour Ubuntu",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-030"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-079 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-079"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-039 Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-039/"
},
{
"title": "Communiqu\u00e9 Intel",
"url": "https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/"
},
{
"title": "Billet de blogue Google Project Zero",
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-077 Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-077"
},
{
"title": "Communiqu\u00e9 de la BSI",
"url": "https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Gefaelschte_BSI-Mails_12012018.html"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-038 Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems Products Suite",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-038/"
},
{
"title": "Article du 15 novembre 2017 sur le m\u00e9canisme de s\u00e9curit\u00e9 KAISER",
"url": "https://lwn.net/Articles/738975/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX231390 du 4 janvier 2018",
"url": "https://support.citrix.com/article/CTX231390"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-080 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-080"
},
{
"title": "Guide relatif \u00e0 la s\u00e9curit\u00e9 des syst\u00e8mes de virtualisation",
"url": "https://www.ssi.gouv.fr/guide/problematiques-de-securite-associees-a-la-virtualisation-des-systemes-dinformation"
},
{
"title": "Article de blog publi\u00e9 par Microsoft au sujet de CVE-2018-3639",
"url": "https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-002",
"url": "https://fortiguard.com/psirt/FG-IR-18-002"
},
{
"title": "Mise \u00e0 jour du microgiciel Intel pour Linux relatif \u00e0 la CVE-2017-5715",
"url": "https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-018 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-018"
},
{
"title": "Communication de Microsoft sur les d\u00e9pendances entre la mise \u00e0 jour et les logiciels anti-virus",
"url": "https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-029 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-029"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Xen",
"url": "https://xenbits.xen.org/xsa/advisory-254.html"
},
{
"title": "Article Intel d\u00e9taillant les vuln\u00e9rabilit\u00e9s ainsi que les contre-mesures envisag\u00e9es",
"url": "https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf"
},
{
"title": "Article du 30 d\u00e9cembre 2017 sur l\u0027int\u00e9gration du correctif KPTI dans le noyau Linux",
"url": "https://lwn.net/Articles/742404/"
},
{
"title": "Mesures \u00e0 mettre en oeuvre pour prot\u00e9ger son Windows Server",
"url": "https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-004 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-004"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-002 Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-002"
},
{
"title": "Communiqu\u00e9 de Google sur les attaques utilisant une m\u00e9thode d\u0027ex\u00e9cution sp\u00e9culative",
"url": "https://support.google.com/faqs/answer/7622138"
},
{
"title": "Communiqu\u00e9 d\u0027Amazon\u00a0AWS-2018-013 en lien avec les vuln\u00e9rabilit\u00e9s d\u0027ex\u00e9cution sp\u00e9culative",
"url": "https://aws.amazon.com/fr/security/security-bulletins/AWS-2018-013/"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-040 Vuln\u00e9rabilit\u00e9 dans le micrologiciel processeur pour Red Hat",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-040/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft pour les professionnels concernant les vuln\u00e9rabilit\u00e9s d\u0027attaques par canaux auxiliaires d\u0027ex\u00e9cution sp\u00e9culative",
"url": "https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe"
},
{
"title": "Avis CERT-FR CERTFR-2018-AVI-044 Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-044"
}
],
"reference": "CERTFR-2018-ALE-001",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-04T00:00:00.000000"
},
{
"description": "Ajout et correction de liens",
"revision_date": "2018-01-04T00:00:00.000000"
},
{
"description": "Ajout de liens",
"revision_date": "2018-01-05T00:00:00.000000"
},
{
"description": "Ajout de d\u00e9tails sur les correctifs disponibles",
"revision_date": "2018-01-05T00:00:00.000000"
},
{
"description": "Ajout de d\u00e9tails sur les correctifs disponibles",
"revision_date": "2018-01-05T00:00:00.000000"
},
{
"description": "Ajout de d\u00e9tails sur les correctifs disponibles et sur les contournements possibles",
"revision_date": "2018-01-05T00:00:00.000000"
},
{
"description": "Ajout de liens et de recommandations pour Windows Server",
"revision_date": "2018-01-05T00:00:00.000000"
},
{
"description": "Ajout de d\u00e9tails sur les correctifs disponibles",
"revision_date": "2018-01-09T00:00:00.000000"
},
{
"description": "Ajout de liens et ajout de la section Preuve de concept",
"revision_date": "2018-01-09T00:00:00.000000"
},
{
"description": "Ajout de r\u00e8gles Yara",
"revision_date": "2018-01-09T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des correctifs disponibles",
"revision_date": "2018-01-10T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des correctifs disponibles",
"revision_date": "2018-01-12T00:00:00.000000"
},
{
"description": "Ajout de la section Campagne de pourriel",
"revision_date": "2018-01-12T00:00:00.000000"
},
{
"description": "Ajout de correctifs disponibles en semaine 03",
"revision_date": "2018-01-19T00:00:00.000000"
},
{
"description": "modification des recommandations suite au communiqu\u00e9 d\u0027Intel",
"revision_date": "2018-01-23T00:00:00.000000"
},
{
"description": "ajout des bulletins de s\u00e9curit\u00e9 VMware, RedHat et SUSE",
"revision_date": "2018-02-12T00:00:00.000000"
},
{
"description": "Ajout de l\u0027annonce d\u0027Intel sur la sortie des derniers correctifs de s\u00e9curit\u00e9.",
"revision_date": "2018-02-23T00:00:00.000000"
},
{
"description": "Ajout des vuln\u00e9rabilit\u00e9s 3a et 4",
"revision_date": "2018-05-23T00:00:00.000000"
},
{
"description": "Correction mise en page et ajout de liens",
"revision_date": "2018-05-23T00:00:00.000000"
},
{
"description": "Ajout de bulletins Microsoft",
"revision_date": "2018-05-25T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte.",
"revision_date": "2018-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "\u003cstrong\u003e\\[Mise \u00e0 jour du 25/05/2018 : ajout de bulletins Microsoft (cf.\nsection Documentation)\\]\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 22/05/2018 : publications de nouvelles variantes\\] \n\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 23/02/2018 : annonce d\u0027Intel sur la sortie des mises\n\u00e0 jour des micrologiciels (cf. section Solution)\\]\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 12/02/2018 : ajout des bulletins de s\u00e9curit\u00e9 VMware,\nRedHat et SUSE (cf. section Solution)\\]\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 23/01/2018 : modification des recommandations suite\nau communiqu\u00e9 d\u0027Intel (cf. section Solution)\\]\u003c/strong\u003e\n\nLe 4 janvier 2018, deux vuln\u00e9rabilit\u00e9s affectant plusieurs familles de\nprocesseurs et pouvant conduire \u00e0 des fuites d\u0027informations ont \u00e9t\u00e9\nrendues publiques \\[1\\]\\[2\\]. Intitul\u00e9es Spectre et Meltdown, ces deux\nvuln\u00e9rabilit\u00e9s ont re\u00e7u les identifiants CVE-2017-5715, CVE-2017-5753\npour Spectre et CVE-2017-5754 pour Meltdown. Le 21 mai 2018, deux\nnouvelles vuln\u00e9rabilit\u00e9s identifi\u00e9es CVE-2018-3639 et CVE-2018-3640,\nreposant sur des principes similaires, ont \u00e9galement \u00e9t\u00e9 publi\u00e9es\n\\[42\\].\n\n### Vuln\u00e9rabilit\u00e9 Meltdown\n\nLes processeurs modernes int\u00e8grent plusieurs fonctionnalit\u00e9s visant \u00e0\nam\u00e9liorer leurs performances. Parmi celles-ci, l\u0027ex\u00e9cution dite\n*out-of-order* permet d\u0027ex\u00e9cuter les instructions d\u0027un programme en\nfonction de la disponibilit\u00e9 des ressources de calculs et plus\nn\u00e9cessairement de fa\u00e7on s\u00e9quentielle. Une faiblesse de ce m\u00e9canisme peut\ncependant conduire \u00e0 l\u0027ex\u00e9cution d\u0027une instruction sans que le niveau de\nprivil\u00e8ges requis par celle-ci ne soit correctement v\u00e9rifi\u00e9. Bien que le\nr\u00e9sultat de l\u0027ex\u00e9cution d\u0027une telle instruction ne soit pas valid\u00e9 par\nla suite, il peut \u00eatre possible de r\u00e9cup\u00e9rer l\u0027information en utilisant\nune attaque par canaux cach\u00e9s.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2017-5754 exploite l\u2019ex\u00e9cution *out-of-order* sur\ndes instructions requ\u00e9rant un haut niveau de privil\u00e8ge pour permettre\nl\u0027acc\u00e8s en lecture \u00e0 des zones m\u00e9moires propres au syst\u00e8me\nd\u2019exploitation depuis du code s\u2019ex\u00e9cutant de fa\u00e7on non-privil\u00e9gi\u00e9e. En\nparticulier, l\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet d\u0027acc\u00e9der\ndepuis un programme utilisateur \u00e0 la m\u00e9moire du syst\u00e8me d\u0027exploitation.\nCela peut conduire \u00e0 des fuites de donn\u00e9es sensibles pr\u00e9sentes en\nm\u00e9moire et peut inclure des informations d\u0027autres programmes ou encore\ndes cl\u00e9s de chiffrement. Cette fuite d\u0027informations peut aussi \u00eatre mise\nen \u0153uvre pour faciliter la compromission d\u0027un syst\u00e8me.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2018-3640 exploite l\u2019ex\u00e9cution *out-of-order* sur\ndes instructions requ\u00e9rant un haut niveau de privil\u00e8ge pour permettre\nl\u0027acc\u00e8s en lecture \u00e0 des registres propres au syst\u00e8me d\u2019exploitation\ndepuis du code s\u2019ex\u00e9cutant de fa\u00e7on non-privil\u00e9gi\u00e9e. En particulier,\nl\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet d\u0027acc\u00e9der depuis un\nprogramme utilisateur \u00e0 des param\u00e8tres de configuration du processeur.\nCette fuite d\u0027informations peut aussi \u00eatre mise en \u0153uvre pour faciliter\nla compromission d\u0027un syst\u00e8me.\n\n### Vuln\u00e9rabilit\u00e9 Spectre\n\nL\u0027ex\u00e9cution sp\u00e9culative est une seconde technique d\u0027optimisation\nutilis\u00e9e par les processeurs modernes. Les d\u00e9pendances entre les\ninstructions limitent les possibilit\u00e9s d\u0027ex\u00e9cution *out-of-order*. Pour\nrem\u00e9dier \u00e0 cette limitation, le processeur \u00e9met des hypoth\u00e8ses\nconcernant les r\u00e9sultats non encore disponibles. Ceci lui permet de\npoursuivre l\u2019ex\u00e9cution *out-of-order* en utilisant ces hypoth\u00e8ses en\nremplacement des r\u00e9sultats attendus. On parle alors d\u0027ex\u00e9cution\nsp\u00e9culative. Ces hypoth\u00e8ses sont v\u00e9rifi\u00e9es par le processeur d\u00e8s que les\nr\u00e9sultats auxquels elles se rapportent deviennent disponibles. Si elles\nse r\u00e9v\u00e8lent correctes, le processeur valide l\u0027ex\u00e9cution sp\u00e9culative.\nMais inversement, si elles se r\u00e9v\u00e8lent erron\u00e9es, les effets de\nl\u0027ex\u00e9cution sp\u00e9culative doivent \u00eatre annul\u00e9s et l\u0027ex\u00e9cution doit\nreprendre au point on les hypoth\u00e8ses erron\u00e9es avaient \u00e9t\u00e9 \u00e9mises, c\u0027est\n\u00e0 dire l\u00e0 o\u00f9 l\u0027ex\u00e9cution sp\u00e9culative avait d\u00e9but\u00e9e.\n\nCependant les effets d\u0027une ex\u00e9cution sp\u00e9culative erron\u00e9e sur le cache\nperdurent. Or, en mesurant des temps d\u0027acc\u00e8s \u00e0 des zones m\u00e9moires, il\nest possible de conna\u00eetre l\u0027\u00e9tat du cache. Par cons\u00e9quent, un attaquant\nsera capable de d\u00e9terminer les r\u00e9sultats interm\u00e9diaires d\u0027une ex\u00e9cution\nsp\u00e9culative erron\u00e9e si ceux-ci influent sur l\u0027\u00e9tat du cache. Cette\nutilisation du cache pour mener \u00e0 bien l\u0027exploitation est commune aux\ntrois variantes de Spectre.\n\n#### Variante 1 (CVE-2017-5753)\n\nLe pr\u00e9dicteur de branches est un composant du processeur utilis\u00e9 pour\n\u00e9mettre des hypoth\u00e8ses concernant l\u0027adresse de la prochaine instruction\n\u00e0 ex\u00e9cuter. En particulier, il est utilis\u00e9 pour pr\u00e9dire l\u0027issue des\nsauts conditionnels. D\u0027autre part, ce composant est partag\u00e9 entre des\ncodes s\u0027ex\u00e9cutant dans des cloisonnements de s\u00e9curit\u00e9 diff\u00e9rents\n(processus, niveaux de privil\u00e8ge).\n\nDans la variante 1 de Spectre, un attaquant influe sur les heuristiques\ndu pr\u00e9dicteur de branches pour fausser la pr\u00e9diction d\u0027un saut\nconditionnel s\u2019ex\u00e9cutant dans un autre cloisonnement de s\u00e9curit\u00e9, ce qui\na pour effet de d\u00e9clencher une ex\u00e9cution sp\u00e9culative erron\u00e9e. Un code\nest vuln\u00e9rable si cette ex\u00e9cution sp\u00e9culative erron\u00e9e modifie le cache\nde fa\u00e7on qui d\u00e9pende d\u0027une valeur secr\u00e8te (c\u0027est \u00e0 dire non directement\naccessible depuis le cloisonnement dans lequel se situe l\u0027attaquant).\n\nExemple de code vuln\u00e9rable fourni dans l\u0027article:\n\n\\[pastacode lang=\"c\"\nmanual=\"if%20(x%20%3C%20array1_size)%0Ay%20%3D%20array2%5Barray1%5Bx%5D%20\\*%20256%5D%3B\"\nmessage=\"\" highlight=\"\" provider=\"manual\"/\\]\n\nUn attaquant ma\u00eetrisant la valeur de x peut obtenir une lecture\narbitraire dans l\u0027espace d\u0027adressage du processus ex\u00e9cutant le code\nci-dessus. Pour cela, l\u0027attaquant commence par soumettre un grand nombre\nde x valides (c\u0027est \u00e0 dire v\u00e9rifiant la condition de la ligne 1) pour\nfaire croire au pr\u00e9dicteur de branches que la condition ligne 1 est\ntoujours vraie. Puis il soumet un x pointant \u00e0 une adresse arbitraire.\nLe pr\u00e9dicteur de branches estime n\u00e9anmoins que la condition est vraie,\nce qui d\u00e9clenche l\u0027ex\u00e9cution sp\u00e9culative de la ligne 2. La valeur\nsecr\u00e8te point\u00e9e par x est r\u00e9cup\u00e9r\u00e9e puis utilis\u00e9e pour former l\u0027adresse\nd\u0027une seconde lecture m\u00e9moire. Cette seconde lecture aura un effet sur\nle cache d\u00e9celable par l\u0027attaquant qui sera alors en mesure de retrouver\nla valeur secr\u00e8te.\n\n#### Variante 2 (CVE-2017-5715)\n\nLe pr\u00e9dicteur de branches est \u00e9galement utilis\u00e9 pour pr\u00e9dire l\u0027issue des\nsauts indirects. Dans la variante 2 de Spectre, un attaquant influe sur\nles heuristiques du pr\u00e9dicteur de branches pour fausser la pr\u00e9diction\nd\u0027un saut indirect s\u2019ex\u00e9cutant dans un autre cloisonnement de s\u00e9curit\u00e9,\nce qui a pour effet de d\u00e9clencher une ex\u00e9cution sp\u00e9culative erron\u00e9e \u00e0\nune adresse arbitraire ma\u00eetris\u00e9e par l\u0027attaquant. En choisissant\ncorrectement le code ex\u00e9cut\u00e9 sp\u00e9culativement, l\u0027attaquant est alors\ncapable d\u0027obtenir une lecture arbitraire dans l\u0027espace d\u0027adressage du\nprocessus victime.\n\n#### Variante 3 (CVE-2018-3639)\n\nLes processeurs \u00e9mettent \u00e9galement des hypoth\u00e8ses concernant l\u0027adresse\nde certains acc\u00e8s m\u00e9moire. Pour b\u00e9n\u00e9ficier de plus de libert\u00e9s dans\nl\u0027ordre d\u0027ex\u00e9cution d\u0027op\u00e9rations de lecture m\u00e9moire, le processeur va\ndevoir pr\u00e9dire si celles-ci chevauchent des op\u00e9rations d\u0027\u00e9criture en\nattente d\u0027ex\u00e9cution. Si une op\u00e9ration de lecture ne chevauche aucune\nop\u00e9ration d\u0027\u00e9criture en attente d\u0027ex\u00e9cution, rien ne s\u0027oppose \u00e0 qu\u0027elle\npuisse \u00eatre ex\u00e9cut\u00e9e de fa\u00e7on anticip\u00e9e.\n\nDans la variante 3 de Spectre, un attaquant influe sur les heuristiques\ndu processeur utilis\u00e9es pour la pr\u00e9diction d\u0027adresses, ce qui a pour\neffet de d\u00e9clencher une ex\u00e9cution sp\u00e9culative erron\u00e9e d\u0027une op\u00e9ration de\nlecture m\u00e9moire et des instructions qui en d\u00e9pendent. Un code est\nvuln\u00e9rable si cette ex\u00e9cution sp\u00e9culative erron\u00e9e manipule une valeur\nsecr\u00e8te et la laisse fuir \u00e0 travers un \u00e9tat observable du cache\n\nMicrosoft (une des parties ayant d\u00e9couvert la vuln\u00e9rabilit\u00e9) \\[43\\]\naffirme ne pas avoir identifi\u00e9 de code vuln\u00e9rable dans leurs produits,\nce qui laisse penser que les codes vuln\u00e9rables sont peu fr\u00e9quents.\n\n### Impact\n\nLes vuln\u00e9rabilit\u00e9s d\u00e9crites dans cette alerte peuvent impacter tous les\nsyst\u00e8mes utilisant un processeur vuln\u00e9rable et donc de fa\u00e7on\nind\u00e9pendante du syst\u00e8me d\u0027exploitation. Selon les chercheurs \u00e0 l\u0027origine\nde la d\u00e9couverte de ces failles, il est ainsi possible d\u0027acc\u00e9der \u00e0\nl\u0027int\u00e9gralit\u00e9 de la m\u00e9moire physique sur des syst\u00e8mes Linux et OSX et \u00e0\nune part importante de la m\u00e9moire sur un syst\u00e8me Windows.\n\nOn notera que l\u0027impact peut \u00eatre plus particuli\u00e8rement important dans\ndes syst\u00e8mes de ressources partag\u00e9s de type conteneur (Docker, LXC) o\u00f9\nil serait possible depuis un environnement restreint d\u0027acc\u00e9der \u00e0 toutes\nles donn\u00e9es pr\u00e9sentes sur la machine physique dans lequel s\u0027ex\u00e9cute le\nconteneur ou encore dans des environnements virtualis\u00e9s utilisant la\npara-virtualisation de type Xen.\n\n### Preuve de concept\n\nLe CERT-FR constate que des preuves de concept fonctionnelles pour\nMeltdown sont d\u00e9sormais publiques. Les r\u00e8gles Yara suivantes servent \u00e0\nd\u00e9tecter les binaires li\u00e9s \u00e0 la biblioth\u00e8que publi\u00e9e par l\u0027Institute of\nApplied Information Processing and Communications (IAIK) :\n\n\\[pastacode lang=\"c\"\nmanual=\"rule%20meltdown_iaik_libkdump_meltdown_nonull%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_nonull%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F\\*%0A%0A.text%3A00000000000018A6%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018A9%0A%0A.text%3A00000000000018A9%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18A9%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B48j%0A%0A.text%3A00000000000018A9%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018AB%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018AF%2074%20F8%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18A9%0A%0A.text%3A00000000000018B1%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A\\*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F8%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%20%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown_fast%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_fast%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%20%20%20%20%2F\\*%0A%0A.text%3A000000000000184F%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20%20rax%2C%20rax%0A%0A.text%3A0000000000001852%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A0000000000001854%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A0000000000001858%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A\\*%2F%0A%0A%24asm%20%3D%20%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F\\*%0A%0A.text%3A00000000000018A8%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018AB%0A%0A.text%3A00000000000018AB%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18AB%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B4Dj%0A%0A.text%3A00000000000018AB%2048%208B%2036%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20rsi%2C%20%5Brsi%5D%0A%0A.text%3A00000000000018AE%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018B0%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018B4%2074%20F5%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18AB%0A%0A.text%3A00000000000018B6%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A\\*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A48%208B%2036%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F5%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D\"\nmessage=\"\" highlight=\"\" provider=\"manual\"/\\]\n\n### Campagne de pourriels\n\nLe CERT-FR constate qu\u0027une campagne de pourriels visant \u00e0 distribuer des\nlogiciels malveillants a \u00e9t\u00e9 lanc\u00e9e afin de profiter de la situation\nautour des vuln\u00e9rabilit\u00e9 Spectre et Meltdown \\[32\\]. Des attaquants se\nfaisant passer pour la *\u003cspan lang=\"de\"\u003eBundesamt f\u00fcr Sicherheit in der\nInformationstechnik \u003c/span\u003e*\u003cspan lang=\"de\"\u003e(BSI), l\u0027\u00e9quivalent allemand\nde l\u0027ANSSI, ont envoy\u00e9 des courriers \u00e9lectroniques invitant leurs\ndestinataires \u00e0 se rendre sur une copie du site de la BSI. La diff\u00e9rence\navec le site officiel \u00e9tait une modification de l\u0027alerte concernant les\nvuln\u00e9rabilit\u00e9s: l\u0027utilisateur \u00e9tait invit\u00e9 \u00e0 installer un correctif qui\nse trouvait \u00eatre un logiciel malveillant.\u003c/span\u003e\n\nLe CERT-FR rappelle de faire preuve de la plus grande vigilance quand \u00e0\nl\u0027ouverture des courriers \u00e9lectroniques ainsi que d\u0027installer les\ncorrectifs de s\u00e9curit\u00e9 dans les plus brefs d\u00e9lais, et ce uniquement\ndepuis les sources officielles des \u00e9diteurs.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de fuite d\u0027informations dans des processeurs",
"vendor_advisories": [
{
"published_at": null,
"title": "Sites d\u00e9taillant le principe de la vuln\u00e9rabilit\u00e9",
"url": null
}
]
}
cnvd-2018-13356
Vulnerability from cnvd
Title
多款CPU Hardwares信息泄露漏洞
Description
CPU hardware是运行在中央处理器中用于管理和控制CPU的固件。
多款CPU Hardwares存在信息泄露漏洞。该漏洞产生的原因是CPU高速缓存处理存在竞争条件。本地攻击者可以利用漏洞通过侧信道分析获取敏感信息。
Severity
中
VLAI Severity ?
Patch Name
多款CPU Hardwares信息泄露漏洞的补丁
Patch Description
CPU hardware是运行在中央处理器中用于管理和控制CPU的固件。
多款CPU Hardwares存在信息泄露漏洞。该漏洞产生的原因是CPU高速缓存处理存在竞争条件。本地攻击者可以利用漏洞通过侧信道分析获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
Reference
https://securitytracker.com/id/1040949
Impacted products
| Name | ['ARM Cortex A57', 'Intel 5th generation Core Processors 无', 'ARM Cortex A72', 'Intel 6th generation Core processors 0', 'Intel 5th generation Core processors 0', 'Intel 4th generation Core processors 0', 'Intel 3rd generation Core processors 0', 'Intel 2nd generation Core processors 0', 'Intel 8th generation Core processors 0', 'Intel 7th generation Core processors 0', 'Intel Atom Processor A Series 0', 'Intel Atom Processor C Series 0', 'Intel Atom Processor E Series 0', 'Intel Atom Processor T Series 0', 'Intel Atom Processor X Series 0', 'Intel Atom Processor Z Series 0', 'Intel Core X-series Processor Family for Intel X99 platforms 0', 'Intel Celeron Processor J Series 0', 'Intel Celeron Processor N Series 0', 'Intel Core M processor family 0', 'Intel Core X-series Processor Family for Intel X299 platforms 0', 'Intel Pentium Processor N Series 0', 'Intel Pentium Processor Silver Series 0', 'Intel Xeon processor 3400 series 0', 'Intel Xeon processor 3600 series 0', 'Intel Xeon processor 5500 series 0', 'Intel Xeon processor 5600 series 0', 'Intel Xeon processor 7500 series 0', 'Intel Xeon processor 6500 series 0', 'Intel Pentium Processor J Series 0', 'Intel Xeon Processor E3 Family 0', 'Intel Xeon Processor E3 v2 Family 0', 'Intel Xeon Processor E3 v3 Family 0', 'Intel Xeon Processor E3 v4 Family 0', 'Intel Xeon Processor E3 v5 Family 0', 'Intel Xeon Processor E3 v6 Family 0', 'Intel Xeon Processor E5 Family 0', 'Intel Xeon Processor E5 v2 Family 0', 'Intel Xeon Processor E5 v3 Family 0', 'Intel Xeon Processor E5 v4 Family 0', 'Intel Xeon Processor E7 Family 0', 'Intel Xeon Processor E7 v2 Family 0', 'Intel Xeon Processor E7 v3 Family 0', 'Intel Xeon Processor E7 v4 Family 0'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "104228"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-3640"
}
},
"description": "CPU hardware\u662f\u8fd0\u884c\u5728\u4e2d\u592e\u5904\u7406\u5668\u4e2d\u7528\u4e8e\u7ba1\u7406\u548c\u63a7\u5236CPU\u7684\u56fa\u4ef6\u3002\r\n\r\n\u591a\u6b3eCPU Hardwares\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fCPU\u9ad8\u901f\u7f13\u5b58\u5904\u7406\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u4fa7\u4fe1\u9053\u5206\u6790\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Jann Horn (Google Project Zero), Werner Haas, Thomas Prescher (Cyberus Technology), Zdenek Sojka, Innokentiy Sennovskiy from BiZone LLC, Rudolf Marek and Alex Zuepke from SYSGO AG",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-13356",
"openTime": "2018-07-18",
"patchDescription": "CPU hardware\u662f\u8fd0\u884c\u5728\u4e2d\u592e\u5904\u7406\u5668\u4e2d\u7528\u4e8e\u7ba1\u7406\u548c\u63a7\u5236CPU\u7684\u56fa\u4ef6\u3002\r\n\r\n\u591a\u6b3eCPU Hardwares\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fCPU\u9ad8\u901f\u7f13\u5b58\u5904\u7406\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u4fa7\u4fe1\u9053\u5206\u6790\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eCPU Hardwares\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"ARM Cortex A57",
"Intel 5th generation Core Processors \u65e0",
"ARM Cortex A72",
"Intel 6th generation Core processors 0",
"Intel 5th generation Core processors 0",
"Intel 4th generation Core processors 0",
"Intel 3rd generation Core processors 0",
"Intel 2nd generation Core processors 0",
"Intel 8th generation Core processors 0",
"Intel 7th generation Core processors 0",
"Intel Atom Processor A Series 0",
"Intel Atom Processor C Series 0",
"Intel Atom Processor E Series 0",
"Intel Atom Processor T Series 0",
"Intel Atom Processor X Series 0",
"Intel Atom Processor Z Series 0",
"Intel Core X-series Processor Family for Intel X99 platforms 0",
"Intel Celeron Processor J Series 0",
"Intel Celeron Processor N Series 0",
"Intel Core M processor family 0",
"Intel Core X-series Processor Family for Intel X299 platforms 0",
"Intel Pentium Processor N Series 0",
"Intel Pentium Processor Silver Series 0",
"Intel Xeon processor 3400 series 0",
"Intel Xeon processor 3600 series 0",
"Intel Xeon processor 5500 series 0",
"Intel Xeon processor 5600 series 0",
"Intel Xeon processor 7500 series 0",
"Intel Xeon processor 6500 series 0",
"Intel Pentium Processor J Series 0",
"Intel Xeon Processor E3 Family 0",
"Intel Xeon Processor E3 v2 Family 0",
"Intel Xeon Processor E3 v3 Family 0",
"Intel Xeon Processor E3 v4 Family 0",
"Intel Xeon Processor E3 v5 Family 0",
"Intel Xeon Processor E3 v6 Family 0",
"Intel Xeon Processor E5 Family 0",
"Intel Xeon Processor E5 v2 Family 0",
"Intel Xeon Processor E5 v3 Family 0",
"Intel Xeon Processor E5 v4 Family 0",
"Intel Xeon Processor E7 Family 0",
"Intel Xeon Processor E7 v2 Family 0",
"Intel Xeon Processor E7 v3 Family 0",
"Intel Xeon Processor E7 v4 Family 0"
]
},
"referenceLink": "https://securitytracker.com/id/1040949",
"serverity": "\u4e2d",
"submitTime": "2018-05-22",
"title": "\u591a\u6b3eCPU Hardwares\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
var-201805-0967
Vulnerability from variot
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. Has speculative execution function CPU Is vulnerable to a cache-side channel attack. "Variant 4" Or "SpectreNG" It is called. Has speculative execution function CPU The following vulnerabilities have been reported that perform cache timing side-channel attacks against. * CVE-2018-3639 (Variant 4 "SpectreNG") : Speculative Store Bypass (SSB) * CVE-2018-3640 (Variant 3a) : Rogue System Register Read (RSRE) For more information, Project Zero bug report , Intel security advisory INTEL-SA-00115 and ARM whitepaper Please refer to. This vulnerability has been announced in the past Vulnerability CVE-2017-5753 (Variant 1 "Spectre") , CVE-2017-5715 (Variant 2 "Spectre") , CVE-2017-5754 (Variant 3 "Meltdown") To be similar to "SpectreNG" It is reported with the name.By using a cache timing side channel attack, a third party who can access as a local user may be able to read arbitrary privilege data or system register values. CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. A number of CPUHardwares have information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. Multiple CPU Hardwares are prone to an information-disclosure vulnerability. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers.
For the stable distribution (stretch), these problems have been fixed in version 3.20180703.2~deb9u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlt11DsACgkQEMKTtsN8 TjaLRQ/7BRb1atQVGNSPWx7bSE1NTEGIv7MKLSQTBrAJt6VjsVoZPA/B4rgoxG8b li6UzUt0UfuEsS4H14O0fKqXHFWxeld1MjkEtMYaDbcaJ9PLUh2u3KxlEspmKhHG 2QTVwD88FZkeUgbGyfkI0w4n93UU7Kzm5FotKYiz1oRcdNgnCqpp+m/s9FpgWi00 np2DAYv6Qr4OixiT877pQS7vVJhp5QjFRysNb2FXHz9BagdpJgTpEid5tWkS50uy mABQefuajZuPXxhksR3d0BxCJErws9jnuXn7kd5P/Mv2lTpKgxTRkq8VzzhQRO1U TRn0p9Xg8g3lt+t8hdMGUsfwbbtX9kuOHwdT5QjURHhMN9BQSpk9jS6tqUF9tHXV Udbx6mYcRaBOjSBSDGs3VfH6PQEiHGMhXZWKWcJw3OlaUmLn147Mcj8OSIDJ8bIZ EYTiKtHJrZWAYmwWaeY1C8lfI7hUGPMpBbK8xXjTX5Iqjh8ibjYU6F5YnCFJ7N6t bFihXym3yapPOBZxE8BrDDX+tQ28juFU9qXjJ/VCc6Qpd6Y3aJXcnU+g7AUaYbGE SveoEMDPv4DeqA1wqc4ZJtc8T2E2fUHG8hhdWG24Os3zvjuiUg43UemIDgyoTL/A nL49y6Z/Jx6IxL+qiteaUJZzukel4ocGhOV9HAprahYjvV0v7Ps-aH -----END PGP SIGNATURE----- . Issue date: 2018-05-21 Updated on: 2018-05-21 (Initial Advisory) CVE number: CVE-2018-3639
**There are additional VMware and 3rd party requirements for CVE-2018-3639 mitigation beyond applying these updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2018-0012.1 Severity: Moderate Synopsis: VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue Issue date: 2018-05-21 Updated on: 2018-06-28 CVE number: CVE-2018-3639
- Summary
VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue.
The mitigations in this advisory are categorized as Hypervisor- Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates.
- Relevant Products
VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion)
- Problem Description
vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (GOS) can remediate the Speculative Store bypass issue (CVE-2018-3639) using the Speculative-Store- Bypass-Disable (SSBD) control bit. This issue may allow for information disclosure in applications and/or execution runtimes which rely on managed code security mechanisms. Based on current evaluations, we do not believe that CVE-2018-3639 could allow for VM to VM or Hypervisor to VM Information disclosure.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3639 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround =========== ======= ======= ======== ==================== ========== VC 6.7 Any Moderate 6.7.0b * None VC 6.5 Any Moderate 6.5 U2b * None VC 6.0 Any Moderate 6.0 U3f * None VC 5.5 Any Moderate 5.5 U3i * None
ESXi 6.7 Any Moderate ESXi670-201806401-BG * None ESXi670-201806402-BG ** ESXi 6.5 Any Moderate ESXi650-201806401-BG * None ESXi650-201806402-BG ** ESXi 6.0 Any Moderate ESXi600-201806401-BG * None ESXi600-201806402-BG ** ESXi 5.5 Any Moderate ESXi550-201806401-BG * None ESXi550-201806402-BG **
Workstation 14.x Any Moderate 14.1.2 * None Fusion 10.x OSX Moderate 10.1.2 * None
- There are additional VMware and 3rd party requirements for CVE-2018-3639 mitigation beyond applying these updates. Please see VMware Knowledge Base article 55111 for details.
** If available, these ESXi patches apply the required microcode updates. The included microcode updates are documented in the VMware Knowledge Base articles listed in the Solution section.
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server 6.7.0b Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VC670B&productId=742 &rPId=24511 Documentation:
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670 b-release-notes.html
vCenter Server 6.5 U2b Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VC65U2B&productId=61 4&rPId=24437 Documentation:
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u 2b-release-notes.html
vCenter Server 6.0 U3f Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VC60U3F&productId=49 1&rPId=24398 Documentation:
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u 3f-release-notes.html
vCenter Server 5.5 U3i Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VC55U3I&productId=35 3&rPId=24327 Documentation:
https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u 3i-release-notes.html
VMware ESXi 6.7 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55920 https://kb.vmware.com/kb/55921 (microcode)
VMware ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55915 https://kb.vmware.com/kb/55916 (microcode)
VMware ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55910 https://kb.vmware.com/kb/55911 (microcode)
VMware ESXi 5.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/55905 https://kb.vmware.com/kb/55906 (microcode)
VMware Workstation Pro, Player 14.1.2 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://www.vmware.com/go/downloadplayer
VMware Fusion Pro / Fusion 10.1.2 Downloads and Documentation: https://www.vmware.com/go/downloadfusion
- References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://kb.vmware.com/kb/54951 https://kb.vmware.com/kb/55111
- Change log
2018-05-21: VMSA-2018-0012 Initial security advisory in conjunction with the release of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21.
2018-06-28: VMSA-2018-0012.1 Updated security advisory in conjunction with the release of vCenter Server 5.5 U3i, 6.0 U3f, 6.5 U2b, 6.7.0b and ESXi 5.5 - 6.7 patches on 2018-06-28.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog https://blogs.vmware.com/security
Twitter https://twitter.com/VMwareSRC
Copyright 2018 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8
wj8DBQFbNaFeDEcm8Vbi9kMRAn4NAJ42HgDjfXkcTVfDupwE4KPdPVsf7wCcDaLy aN23XiAmhvFSxcQ5GnJR0ls= =frKv -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3756-1 August 27, 2018
intel-microcode vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
The system could be made to expose sensitive information.
Software Description: - intel-microcode: Processor microcode for Intel CPUs
Details:
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). This vulnerability is also known as Rogue System Register Read (RSRE). (CVE-2018-3640)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: intel-microcode 3.20180807a.0ubuntu0.18.04.1
Ubuntu 16.04 LTS: intel-microcode 3.20180807a.0ubuntu0.16.04.1
Ubuntu 14.04 LTS: intel-microcode 3.20180807a.0ubuntu0.14.04.1
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0967",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3508"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3808"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3538"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3558"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3708"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3750"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3758"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c2308"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3308"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3338"
},
{
"model": "xeon e3 1268l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v4"
},
{
"model": "xeon e3 1240l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v3"
},
{
"model": "xeon e3 1501m v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v3"
},
{
"model": "xeon e5 2618l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v2"
},
{
"model": "xeon e3 1220 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3470"
},
{
"model": "xeon e3 1240 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2603 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736g"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v3"
},
{
"model": "xeon e3 1225 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1245 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775"
},
{
"model": "xeon e5 2450l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130t"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3850"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160t"
},
{
"model": "xeon e3 1225 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126t"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1545m_v5"
},
{
"model": "xeon e5 2637",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4807"
},
{
"model": "xeon e3 1276 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "15"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3480"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1558l_v5"
},
{
"model": "xeon e3 1505m v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4108"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3580"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3480"
},
{
"model": "xeon e5 2650l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5504"
},
{
"model": "xeon e3 1278l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699r_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v2"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3815"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5518_"
},
{
"model": "xeon e3 1265l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5590"
},
{
"model": "xeon e5 1620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4109t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v4"
},
{
"model": "xeon e3 1220l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v2"
},
{
"model": "xeon e5 2603 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "57"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v3"
},
{
"model": "xeon e5 2620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5507"
},
{
"model": "xeon e3 1235l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1578l_v5"
},
{
"model": "xeon e3 1281 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660"
},
{
"model": "xeon e5 2450l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v2"
},
{
"model": "xeon e3 1226 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v6"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735d"
},
{
"model": "xeon e5 2630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867l"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8180"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740d"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2650l_v4"
},
{
"model": "xeon e3 1225 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w"
},
{
"model": "xeon e5 2420",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "125c_"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86154"
},
{
"model": "xeon e5 2648l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v3"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3455"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5580"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8164"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86134m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658a_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690"
},
{
"model": "xeon e5 2648l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2438l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2603",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2480"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86144"
},
{
"model": "xeon e5 2470 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86140"
},
{
"model": "xeon e5 2628l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116"
},
{
"model": "xeon e5 2407 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1285 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138"
},
{
"model": "xeon e3 12201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v4"
},
{
"model": "xeon e5 2418l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v3"
},
{
"model": "xeon e5 2609 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v3"
},
{
"model": "xeon e5 1630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5508_"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "xeon e5 2450",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1515m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699a_v4"
},
{
"model": "xeon e5 2403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640"
},
{
"model": "xeon e3 1245",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86132"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86136"
},
{
"model": "xeon e5 2418l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6550"
},
{
"model": "xeon e5 2643 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85120"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3600"
},
{
"model": "xeon e3 1270 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86134"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85120t"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585_v5"
},
{
"model": "pentium silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n5000"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735g"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3785"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5550"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3827"
},
{
"model": "xeon e5 2403 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1501l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2440",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v3"
},
{
"model": "xeon e5 2430",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4205"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2580"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4890_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v2"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735e"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8830"
},
{
"model": "xeon e5 2428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667"
},
{
"model": "xeon e5 2618l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1220_"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v4"
},
{
"model": "xeon e5 2643 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3950"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603_v2"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4105"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697a_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4880_v2"
},
{
"model": "xeon e3 1245 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v3"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176f"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1565l_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4648_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7500"
},
{
"model": "xeon e5 1660 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8857_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8837"
},
{
"model": "xeon e5 2470",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1505l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4628l_v4"
},
{
"model": "xeon e5 2618l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v3"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85115"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2665"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v4"
},
{
"model": "xeon e5 2648l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v2"
},
{
"model": "xeon e5 2630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v4"
},
{
"model": "xeon e3 1265l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5530"
},
{
"model": "pentium silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j5005"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v2"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3570"
},
{
"model": "xeon e3 1220 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e-1105c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1680 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3560"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850"
},
{
"model": "xeon e3 1258l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5520"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160f"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3858"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4624l_v2"
},
{
"model": "xeon e3 1235",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1268l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v4"
},
{
"model": "xeon e5 2650l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650l"
},
{
"model": "xeon e3 1270 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2520"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85119t"
},
{
"model": "xeon e5 2608l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2803"
},
{
"model": "xeon e5 2640 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1575m_v5"
},
{
"model": "xeon e3 1220 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607_v2"
},
{
"model": "xeon e5 2643 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v4"
},
{
"model": "xeon e5 2609 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3450"
},
{
"model": "xeon e5 1620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860"
},
{
"model": "xeon e5 2637 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3426"
},
{
"model": "xeon e5 2630l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86152"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770"
},
{
"model": "xeon e5 1620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3955"
},
{
"model": "xeon e5 2630l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1270 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3530"
},
{
"model": "xeon e5 2630l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2460"
},
{
"model": "xeon e3 1220 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86146"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1275_"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5506"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8158"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5540"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2890_v2"
},
{
"model": "xeon e5 1660 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585l_v5"
},
{
"model": "xeon e5 2408l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v4"
},
{
"model": "xeon e5 1650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1240 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v2"
},
{
"model": "xeon e3 1240 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v4"
},
{
"model": "xeon e5 2420 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5560"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v2"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3845"
},
{
"model": "xeon e3 1280 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176m"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86140m"
},
{
"model": "xeon e5 2637 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v2"
},
{
"model": "xeon e3 1265l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775d"
},
{
"model": "xeon e3 1246 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870_v2"
},
{
"model": "xeon e3 1275l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86148"
},
{
"model": "xeon e5 2623 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4657l_v2"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8168"
},
{
"model": "xeon e3 1241 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160m"
},
{
"model": "xeon e3 1230l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1260l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2420"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v3"
},
{
"model": "xeon e3 1225",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850"
},
{
"model": "xeon e3 1275 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1285l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v3"
},
{
"model": "xeon e3 1271 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1260l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138t"
},
{
"model": "xeon e3 1245 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5506"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6510"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3830"
},
{
"model": "xeon e5 1660",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2760"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3406"
},
{
"model": "xeon e3 1245 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3403"
},
{
"model": "xeon e5 2623 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v2"
},
{
"model": "xeon e3 1240 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658"
},
{
"model": "xeon e3 1230 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1285 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v4"
},
{
"model": "xeon e5 2440 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3440"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1505m_v6"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3460"
},
{
"model": "xeon e5 2628l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v3"
},
{
"model": "xeon e5 2630 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86128"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86148f"
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4000"
},
{
"model": "xeon e5 2648l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85122"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "xeon e3 1290 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1680 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3590"
},
{
"model": "xeon e3 1125c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170m"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v3"
},
{
"model": "xeon e5 2448l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8156"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745d"
},
{
"model": "xeon e3 1231 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2560"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860"
},
{
"model": "xeon e5 2637 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v3"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176"
},
{
"model": "xeon e3 1285l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3958"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2830"
},
{
"model": "xeon e3 1505l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2628l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870"
},
{
"model": "xeon e5 2418l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "72"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3805"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3825"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8894_v4"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770d"
},
{
"model": "xeon e3 1230 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850_v2"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8153"
},
{
"model": "xeon e5 2603 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680"
},
{
"model": "xeon e5 2640",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5502"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4617"
},
{
"model": "xeon e5 1660 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6540"
},
{
"model": "xeon e3 1286l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1270",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4100"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5115"
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4200"
},
{
"model": "xeon e3 12201 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5530"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5503"
},
{
"model": "xeon e3 1105c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v2"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114t"
},
{
"model": "xeon e3 1285 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4005"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3826"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v4"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e3 1286 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1290",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3450"
},
{
"model": "xeon e3 1225 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5570"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86150"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5520"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2880_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v3"
},
{
"model": "xeon e3 1240l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3460"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3795"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5600"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v4"
},
{
"model": "xeon e3 1240",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v3"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130f"
},
{
"model": "xeon e5 2448l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2608l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2407",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85118"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3430"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v3"
},
{
"model": "xeon e3 1270 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "6th generation core processors",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "5th generation core processors",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "4th generation core processors",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "3rd generation core processors",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "2nd generation core processors",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "8th generation core processors",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "7th generation core processors",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor a series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor c series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor e series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor t series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "x0"
},
{
"model": "atom processor z series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "x990"
},
{
"model": "celeron processor j series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "celeron processor n series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "core m processor family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "x2990"
},
{
"model": "pentium processor n series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "pentium processor silver series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "34000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "36000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "55000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "56000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "75000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "65000"
},
{
"model": "pentium processor j series",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v40"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v50"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v60"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v40"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "v40"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qualcomm incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "cortex a57",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "5th generation core processors",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "cortex a72",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "surface studio",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "surface pro with advanced lte model",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18070"
},
{
"model": "surface pro model",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17960"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "40"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "30"
},
{
"model": "surface laptop",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "surface book",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2"
},
{
"model": "surface book",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "cortex a72",
"scope": "eq",
"trust": 0.3,
"vendor": "arm",
"version": "0"
},
{
"model": "cortex a57",
"scope": "eq",
"trust": 0.3,
"vendor": "arm",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "BID",
"id": "104228"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003386"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
},
{
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003386"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "These vulnerabilities are publicly disclosed by the outside.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2018-3640",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2018-13356",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-133671",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.1,
"id": "CVE-2018-3640",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3640",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-13356",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-748",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133671",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-3640",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "VULMON",
"id": "CVE-2018-3640"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
},
{
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. Has speculative execution function CPU Is vulnerable to a cache-side channel attack. \"Variant 4\" Or \"SpectreNG\" It is called. Has speculative execution function CPU The following vulnerabilities have been reported that perform cache timing side-channel attacks against. * CVE-2018-3639 (Variant 4 \"SpectreNG\") : Speculative Store Bypass (SSB) * CVE-2018-3640 (Variant 3a) : Rogue System Register Read (RSRE) For more information, Project Zero \u003ca href=\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1528\"\u003ebug report\u003c/a\u003e , Intel security advisory \u003ca href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html\"\u003eINTEL-SA-00115\u003c/a\u003e and ARM \u003ca href=\"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability\"\u003ewhitepaper\u003c/a\u003e Please refer to. This vulnerability has been announced in the past \u003ca href=\"https://www.kb.cert.org/vuls/id/584653\"\u003e Vulnerability \u003c/a\u003e CVE-2017-5753 (Variant 1 \"Spectre\") , CVE-2017-5715 (Variant 2 \"Spectre\") , CVE-2017-5754 (Variant 3 \"Meltdown\") To be similar to \"SpectreNG\" It is reported with the name.By using a cache timing side channel attack, a third party who can access as a local user may be able to read arbitrary privilege data or system register values. CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. A number of CPUHardwares have information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. Multiple CPU Hardwares are prone to an information-disclosure vulnerability. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.20180703.2~deb9u1. \n\nWe recommend that you upgrade your intel-microcode packages. \n\nFor the detailed security status of intel-microcode please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlt11DsACgkQEMKTtsN8\nTjaLRQ/7BRb1atQVGNSPWx7bSE1NTEGIv7MKLSQTBrAJt6VjsVoZPA/B4rgoxG8b\nli6UzUt0UfuEsS4H14O0fKqXHFWxeld1MjkEtMYaDbcaJ9PLUh2u3KxlEspmKhHG\n2QTVwD88FZkeUgbGyfkI0w4n93UU7Kzm5FotKYiz1oRcdNgnCqpp+m/s9FpgWi00\nnp2DAYv6Qr4OixiT877pQS7vVJhp5QjFRysNb2FXHz9BagdpJgTpEid5tWkS50uy\nmABQefuajZuPXxhksR3d0BxCJErws9jnuXn7kd5P/Mv2lTpKgxTRkq8VzzhQRO1U\nTRn0p9Xg8g3lt+t8hdMGUsfwbbtX9kuOHwdT5QjURHhMN9BQSpk9jS6tqUF9tHXV\nUdbx6mYcRaBOjSBSDGs3VfH6PQEiHGMhXZWKWcJw3OlaUmLn147Mcj8OSIDJ8bIZ\nEYTiKtHJrZWAYmwWaeY1C8lfI7hUGPMpBbK8xXjTX5Iqjh8ibjYU6F5YnCFJ7N6t\nbFihXym3yapPOBZxE8BrDDX+tQ28juFU9qXjJ/VCc6Qpd6Y3aJXcnU+g7AUaYbGE\nSveoEMDPv4DeqA1wqc4ZJtc8T2E2fUHG8hhdWG24Os3zvjuiUg43UemIDgyoTL/A\nnL49y6Z/Jx6IxL+qiteaUJZzukel4ocGhOV9HAprahYjvV0v7Ps-aH\n-----END PGP SIGNATURE-----\n. \nIssue date: 2018-05-21\nUpdated on: 2018-05-21 (Initial Advisory)\nCVE number: CVE-2018-3639\n\n1. \n\n **There are additional VMware and 3rd party requirements for\n CVE-2018-3639 mitigation beyond applying these updates. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2018-0012.1\nSeverity: Moderate\nSynopsis: VMware vSphere, Workstation and Fusion updates enable\n Hypervisor-Assisted Guest Mitigations for Speculative Store\n Bypass issue\nIssue date: 2018-05-21\nUpdated on: 2018-06-28\nCVE number: CVE-2018-3639\n\n1. Summary\n\n VMware vSphere, Workstation and Fusion updates enable Hypervisor-\n Assisted Guest Mitigations for Speculative Store Bypass issue. \n\n The mitigations in this advisory are categorized as Hypervisor-\n Assisted Guest Mitigations described by VMware Knowledge Base article\n 54951. KB54951 also covers CVE-2018-3640 mitigations which do not\n require VMware product updates. \n\n2. Relevant Products\n\n VMware vCenter Server (VC)\n VMware vSphere ESXi (ESXi)\n VMware Workstation Pro / Player (Workstation)\n VMware Fusion Pro / Fusion (Fusion)\n\n3. Problem Description\n\n vCenter Server, ESXi, Workstation, and Fusion update speculative\n execution control mechanism for Virtual Machines (VMs). As a result,\n a patched Guest Operating System (GOS) can remediate the Speculative\n Store bypass issue (CVE-2018-3639) using the Speculative-Store-\n Bypass-Disable (SSBD) control bit. This issue may allow for\n information disclosure in applications and/or execution runtimes\n which rely on managed code security mechanisms. Based on current\n evaluations, we do not believe that CVE-2018-3639 could allow for VM\n to VM or Hypervisor to VM Information disclosure. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the identifier CVE-2018-3639 to this issue. \n\n Column 5 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/ Mitigation/\n Product Version on Severity Apply Patch Workaround\n =========== ======= ======= ======== ==================== ==========\n VC 6.7 Any Moderate 6.7.0b * None\n VC 6.5 Any Moderate 6.5 U2b * None\n VC 6.0 Any Moderate 6.0 U3f * None\n VC 5.5 Any Moderate 5.5 U3i * None\n\n ESXi 6.7 Any Moderate ESXi670-201806401-BG * None\n ESXi670-201806402-BG **\n ESXi 6.5 Any Moderate ESXi650-201806401-BG * None\n ESXi650-201806402-BG **\n ESXi 6.0 Any Moderate ESXi600-201806401-BG * None\n ESXi600-201806402-BG **\n ESXi 5.5 Any Moderate ESXi550-201806401-BG * None\n ESXi550-201806402-BG **\n\n Workstation 14.x Any Moderate 14.1.2 * None\n Fusion 10.x OSX Moderate 10.1.2 * None\n\n * There are additional VMware and 3rd party requirements for\n CVE-2018-3639 mitigation beyond applying these updates. Please\n see VMware Knowledge Base article 55111 for details. \n\n ** If available, these ESXi patches apply the required microcode\n updates. The included microcode updates are documented in the\n VMware Knowledge Base articles listed in the Solution section. \n\n4. Solution\n\n Please review the patch/release notes for your product and\n version and verify the checksum of your downloaded file. \n\n vCenter Server 6.7.0b\n Downloads:\n\nhttps://my.vmware.com/web/vmware/details?downloadGroup=VC670B\u0026productId=742\n\u0026rPId=24511\n Documentation:\n\nhttps://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670\nb-release-notes.html\n\n vCenter Server 6.5 U2b\n Downloads:\n\nhttps://my.vmware.com/web/vmware/details?downloadGroup=VC65U2B\u0026productId=61\n4\u0026rPId=24437\n Documentation:\n\nhttps://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u\n2b-release-notes.html\n\n vCenter Server 6.0 U3f\n Downloads:\n\nhttps://my.vmware.com/web/vmware/details?downloadGroup=VC60U3F\u0026productId=49\n1\u0026rPId=24398\n Documentation:\n\nhttps://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u\n3f-release-notes.html\n\n vCenter Server 5.5 U3i\n Downloads:\n\nhttps://my.vmware.com/web/vmware/details?downloadGroup=VC55U3I\u0026productId=35\n3\u0026rPId=24327\n Documentation:\n\nhttps://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u\n3i-release-notes.html\n\n VMware ESXi 6.7\n Downloads:\n https://my.vmware.com/group/vmware/patch\n Documentation:\n https://kb.vmware.com/kb/55920\n https://kb.vmware.com/kb/55921 (microcode)\n\n VMware ESXi 6.5\n Downloads:\n https://my.vmware.com/group/vmware/patch\n Documentation:\n https://kb.vmware.com/kb/55915\n https://kb.vmware.com/kb/55916 (microcode)\n\n VMware ESXi 6.0\n Downloads:\n https://my.vmware.com/group/vmware/patch\n Documentation:\n https://kb.vmware.com/kb/55910\n https://kb.vmware.com/kb/55911 (microcode)\n\n VMware ESXi 5.5\n Downloads:\n https://my.vmware.com/group/vmware/patch\n Documentation:\n https://kb.vmware.com/kb/55905\n https://kb.vmware.com/kb/55906 (microcode)\n\n VMware Workstation Pro, Player 14.1.2\n Downloads and Documentation:\n https://www.vmware.com/go/downloadworkstation\n https://www.vmware.com/go/downloadplayer\n\n VMware Fusion Pro / Fusion 10.1.2\n Downloads and Documentation:\n https://www.vmware.com/go/downloadfusion\n\n5. References\n\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639\n https://kb.vmware.com/kb/54951\n https://kb.vmware.com/kb/55111\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2018-05-21: VMSA-2018-0012\n Initial security advisory in conjunction with the release\n of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21. \n\n 2018-06-28: VMSA-2018-0012.1\n Updated security advisory in conjunction with the release of vCenter\n Server 5.5 U3i, 6.0 U3f, 6.5 U2b, 6.7.0b and ESXi 5.5 - 6.7 patches\n on 2018-06-28. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: https://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n\n VMware Security \u0026 Compliance Blog\n https://blogs.vmware.com/security\n\n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2018 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.8.3 (Build 4028)\nCharset: utf-8\n\nwj8DBQFbNaFeDEcm8Vbi9kMRAn4NAJ42HgDjfXkcTVfDupwE4KPdPVsf7wCcDaLy\naN23XiAmhvFSxcQ5GnJR0ls=\n=frKv\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3756-1\nAugust 27, 2018\n\nintel-microcode vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nThe system could be made to expose sensitive information. \n\nSoftware Description:\n- intel-microcode: Processor microcode for Intel CPUs\n\nDetails:\n\nIt was discovered that memory present in the L1 data cache of an Intel CPU\ncore may be exposed to a malicious process that is executing on the CPU\ncore. This vulnerability is also known as L1 Terminal Fault (L1TF). A local\nattacker in a guest virtual machine could use this to expose sensitive\ninformation (memory from other guests or the host OS). This vulnerability is also known as Rogue\nSystem Register Read (RSRE). (CVE-2018-3640)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n intel-microcode 3.20180807a.0ubuntu0.18.04.1\n\nUbuntu 16.04 LTS:\n intel-microcode 3.20180807a.0ubuntu0.16.04.1\n\nUbuntu 14.04 LTS:\n intel-microcode 3.20180807a.0ubuntu0.14.04.1\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3640"
},
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003386"
},
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "BID",
"id": "104228"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "VULMON",
"id": "CVE-2018-3640"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147796"
},
{
"db": "PACKETSTORM",
"id": "148370"
},
{
"db": "PACKETSTORM",
"id": "149390"
},
{
"db": "PACKETSTORM",
"id": "149127"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3640",
"trust": 4.0
},
{
"db": "USCERT",
"id": "TA18-141A",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#180049",
"trust": 3.6
},
{
"db": "BID",
"id": "104228",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1040949",
"trust": 2.3
},
{
"db": "LENOVO",
"id": "LEN-22133",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-608355",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-268644",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1042004",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#584653",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97971879",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003386",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-13356",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-30550",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1988",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1899.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-133671",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-3640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147796",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149127",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "VULMON",
"id": "CVE-2018-3640"
},
{
"db": "BID",
"id": "104228"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003386"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147796"
},
{
"db": "PACKETSTORM",
"id": "148370"
},
{
"db": "PACKETSTORM",
"id": "149390"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
},
{
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"id": "VAR-201805-0967",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "VULHUB",
"id": "VHN-133671"
}
],
"trust": 1.4057856242105262
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13356"
}
]
},
"last_update_date": "2024-11-29T21:45:05.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Speculative Processor Vulnerability - Arm Developer",
"trust": 0.8,
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"title": "INTEL-SA-00115",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"title": "Side Channel Methods - Analysis, News and Updates",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html"
},
{
"title": "NV18-012",
"trust": 0.8,
"url": "https://jpn.nec.com/security-info/secinfo/nv18-012.html"
},
{
"title": "\u300c\u6295\u6a5f\u7684\u5b9f\u884c\u6a5f\u80fd\u3092\u6301\u3064 CPU \u306b\u5bfe\u3059\u308b\u30b5\u30a4\u30c9\u30c1\u30e3\u30cd\u30eb\u653b\u6483\u300d\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2018/cve-2018-3639.html"
},
{
"title": "Patches for multiple CPUHardwares information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/134551"
},
{
"title": "Debian Security Advisories: DSA-4273-1 intel-microcode -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=198fe04f0aa4ce22fdd957b0e6387a69"
},
{
"title": "Ubuntu Security Notice: intel-microcode vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3756-1"
},
{
"title": "Red Hat: CVE-2018-3640",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-3640"
},
{
"title": "VMware Security Advisories: VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d857abfe3dc69a36da3c650b21c32067"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8dd657f040c1a3932c1b6204b1942f2a"
},
{
"title": "Cisco: CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180521-cpusidechannel"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=24f39bd80b02bb2f9e0026c6e9e48ecd"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8100ff220fb701dc2b58ee958a1d24ed"
},
{
"title": "Brocade Security Advisories: BSA-2018-612",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=6089146e92cc663a94d8e6181df0f567"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4c153443c9a58d621de90e448dc6dd3a"
},
{
"title": "Forcepoint Security Advisories: Meltdown and Spectre Vulnerability CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=459877525c31ac6029f4be4a6ea97e17"
},
{
"title": "Huawei Security Advisories: Security Advisory - Side-Channel Vulnerability Variants 3a and 4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=4aa167d6e6089d8ba8be37ae18923cfa"
},
{
"title": "HP: HPSBHF03584 rev. 8 - Derivative Side-Channel Analysis Method",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03584"
},
{
"title": "Apple: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=1cab1b2bba23f38ce1f859849a5f531d"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=621cdbb127d953e0d9d06eff7dd10106"
},
{
"title": "Fortinet Security Advisories: Meltdown and Spectre class vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-18-002"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u00e2\u20ac\u2122s dependencies \u00e2\u20ac\u201c Cumulative list from June 28, 2018 to December 13, 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
},
{
"title": "WindowsHardening",
"trust": 0.1,
"url": "https://github.com/nuket/WindowsHardening "
},
{
"title": "cvelinker",
"trust": 0.1,
"url": "https://github.com/Sh3r4/cvelinker "
},
{
"title": "cvelinker",
"trust": 0.1,
"url": "https://github.com/sectorsect/cvelinker "
},
{
"title": "cpu-report",
"trust": 0.1,
"url": "https://github.com/rosenbergj/cpu-report "
},
{
"title": "spectre-meltdown-checker",
"trust": 0.1,
"url": "https://github.com/mjaggi-cavium/spectre-meltdown-checker "
},
{
"title": "HWFW",
"trust": 0.1,
"url": "https://github.com/danswinus/HWFW "
},
{
"title": "CPU-vulnerability-collections",
"trust": 0.1,
"url": "https://github.com/houjingyi233/CPU-vulnerability-collections "
},
{
"title": "specter---meltdown--checker",
"trust": 0.1,
"url": "https://github.com/vurtne/specter---meltdown--checker "
},
{
"title": "TEApot",
"trust": 0.1,
"url": "https://github.com/Mashiro1995/TEApot "
},
{
"title": "spectre-meltdown-checker",
"trust": 0.1,
"url": "https://github.com/speed47/spectre-meltdown-checker "
},
{
"title": "puppet-meltdown",
"trust": 0.1,
"url": "https://github.com/timidri/puppet-meltdown "
},
{
"title": "Linux-Tools",
"trust": 0.1,
"url": "https://github.com/minutesinch/Linux-Tools "
},
{
"title": "Hardware-and-Firmware-Security-Guidance",
"trust": 0.1,
"url": "https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance "
},
{
"title": "hardware-attacks-state-of-the-art",
"trust": 0.1,
"url": "https://github.com/codexlynx/hardware-attacks-state-of-the-art "
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/09/22/security_roundup_220918/"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-intel-microcode-for-windows-10-server-2016/"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/06/26/oracle_patches_lazy_fpu_and_spectre/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "VULMON",
"id": "CVE-2018-3640"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
},
{
"trust": 2.8,
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
},
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180013"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104228"
},
{
"trust": 1.7,
"url": "http://support.lenovo.com/us/en/solutions/len-22133"
},
{
"trust": 1.7,
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0005"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"trust": 1.7,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"trust": 1.7,
"url": "https://www.synology.com/support/security/synology_sa_18_23"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040949"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1042004"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"trust": 1.6,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"trust": 1.6,
"url": "https://support.apple.com//ht208394"
},
{
"trust": 1.6,
"url": "http://www.dell.com/support/speculative-store-bypass"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03850en_us"
},
{
"trust": 1.4,
"url": "https://fortiguard.com/psirt/fg-ir-18-002"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3639"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3640"
},
{
"trust": 1.1,
"url": "https://kb.vmware.com/s/article/54951"
},
{
"trust": 1.0,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3639"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
},
{
"trust": 0.8,
"url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/584653"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/208.html"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
},
{
"trust": 0.8,
"url": "https://support.hp.com/us-en/document/c06001626"
},
{
"trust": 0.8,
"url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
},
{
"trust": 0.8,
"url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/ssbd"
},
{
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc/?id=7022937"
},
{
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
},
{
"trust": 0.8,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
},
{
"trust": 0.8,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3640"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97971879/"
},
{
"trust": 0.6,
"url": "https://securitytracker.com/id/1040949"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10885606"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017294"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10885608"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-22133"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1899.2/"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180615-01-cpu-cn"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-30550"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1988/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1899/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.3,
"url": "http://www.amd.com/en-gb"
},
{
"trust": 0.3,
"url": "https://www.arm.com/"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580340"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-3640"
},
{
"trust": 0.2,
"url": "https://security-tracker.debian.org/tracker/intel-microcode"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://kb.vmware.com/kb/54951"
},
{
"trust": 0.2,
"url": "https://kb.vmware.com/kb/55111"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/go/downloadfusion"
},
{
"trust": 0.2,
"url": "https://twitter.com/vmwaresrc"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/lifecycle.html"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/go/downloadworkstation"
},
{
"trust": 0.2,
"url": "https://blogs.vmware.com/security"
},
{
"trust": 0.2,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.2,
"url": "https://kb.vmware.com/kb/1055"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/go/downloadplayer"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03850en_us"
},
{
"trust": 0.1,
"url": "https://lists.vmware.com/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55905"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55921"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55910"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/web/vmware/details?downloadgroup=vc65u2b\u0026productid=61"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55916"
},
{
"trust": 0.1,
"url": "https://docs.vmware.com/en/vmware-vsphere/5.5/rn/vsphere-vcenter-server-55u"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55906"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55915"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/web/vmware/details?downloadgroup=vc55u3i\u0026productid=35"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/web/vmware/details?downloadgroup=vc60u3f\u0026productid=49"
},
{
"trust": 0.1,
"url": "https://docs.vmware.com/en/vmware-vsphere/6.5/rn/vsphere-vcenter-server-65u"
},
{
"trust": 0.1,
"url": "https://docs.vmware.com/en/vmware-vsphere/6.0/rn/vsphere-vcenter-server-60u"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55911"
},
{
"trust": 0.1,
"url": "https://docs.vmware.com/en/vmware-vsphere/6.7/rn/vsphere-vcenter-server-670"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/group/vmware/patch"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/55920"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/web/vmware/details?downloadgroup=vc670b\u0026productid=742"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3756-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.14.04.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "BID",
"id": "104228"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003386"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147796"
},
{
"db": "PACKETSTORM",
"id": "148370"
},
{
"db": "PACKETSTORM",
"id": "149390"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
},
{
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "VULMON",
"id": "CVE-2018-3640"
},
{
"db": "BID",
"id": "104228"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003386"
},
{
"db": "PACKETSTORM",
"id": "148975"
},
{
"db": "PACKETSTORM",
"id": "147796"
},
{
"db": "PACKETSTORM",
"id": "148370"
},
{
"db": "PACKETSTORM",
"id": "149390"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
},
{
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-133671"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3640"
},
{
"date": "2018-05-21T00:00:00",
"db": "BID",
"id": "104228"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003386"
},
{
"date": "2018-08-17T17:42:14",
"db": "PACKETSTORM",
"id": "148975"
},
{
"date": "2018-05-23T13:50:46",
"db": "PACKETSTORM",
"id": "147796"
},
{
"date": "2018-06-29T17:44:29",
"db": "PACKETSTORM",
"id": "148370"
},
{
"date": "2018-09-17T03:33:00",
"db": "PACKETSTORM",
"id": "149390"
},
{
"date": "2018-08-28T17:19:20",
"db": "PACKETSTORM",
"id": "149127"
},
{
"date": "2018-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-748"
},
{
"date": "2018-05-22T12:29:00.327000",
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-19T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13356"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-133671"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3640"
},
{
"date": "2018-05-21T00:00:00",
"db": "BID",
"id": "104228"
},
{
"date": "2018-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003386"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-748"
},
{
"date": "2024-11-21T04:05:49.447000",
"db": "NVD",
"id": "CVE-2018-3640"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "104228"
},
{
"db": "PACKETSTORM",
"id": "149127"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-748"
}
],
"trust": 0.6
}
}
ghsa-wm4v-x65g-m25r
Vulnerability from github
Published
2022-05-13 01:20
Modified
2022-05-13 01:20
Severity ?
VLAI Severity ?
Details
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
{
"affected": [],
"aliases": [
"CVE-2018-3640"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-22T12:29:00Z",
"severity": "MODERATE"
},
"details": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"id": "GHSA-wm4v-x65g-m25r",
"modified": "2022-05-13T01:20:14Z",
"published": "2022-05-13T01:20:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3640"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"type": "WEB",
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"type": "WEB",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3756-1"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180521-0001"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"type": "WEB",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"type": "WEB",
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"type": "WEB",
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104228"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040949"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1042004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
suse-su-2018:2076-1
Vulnerability from csaf_suse
Published
2018-07-26 14:39
Modified
2018-07-26 14:39
Summary
Security update for microcode_ctl
Notes
Title of the patch
Security update for microcode_ctl
Description of the patch
This update for microcode_ctl fixes the following issues:
The Intel CPU Microcode bundle was updated to the 20180703 release
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and
helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083)
More details can be found on:
https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File
Following chipsets are fixed in this round:
Model Stepping F-MO-S/PI Old->New
---- updated platforms ------------------------------------
SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5
SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5
IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K
IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2
HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3
SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX
BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N
BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx
Patchnames
sleposp3-microcode_ctl-13704,slessp3-microcode_ctl-13704,slessp4-microcode_ctl-13704
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for microcode_ctl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n \nThis update for microcode_ctl fixes the following issues:\n\nThe Intel CPU Microcode bundle was updated to the 20180703 release\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and\nhelps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083)\n\nMore details can be found on:\n\n https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File\n\nFollowing chipsets are fixed in this round:\n\nModel Stepping F-MO-S/PI Old-\u003eNew\n---- updated platforms ------------------------------------\nSNB-EP C1 6-2d-6/6d 0000061c-\u003e0000061d Xeon E5\nSNB-EP C2 6-2d-7/6d 00000713-\u003e00000714 Xeon E5\nIVT C0 6-3e-4/ed 0000042c-\u003e0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K\nIVT D1 6-3e-7/ed 00000713-\u003e00000714 Xeon E5 v2\nHSX-E/EP/4S C0 6-3f-2/6f 0000003c-\u003e0000003d Xeon E5 v3\nHSX-EX E0 6-3f-4/80 00000011-\u003e00000012 Xeon E7 v3\nSKX-SP/D/W/X H0 6-55-4/b7 02000043-\u003e0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX\nBDX-DE A1 6-56-5/10 0e000009-\u003e0e00000a Xeon D-15x3N\nBDX-ML B/M/R0 6-4f-1/ef 0b00002c-\u003e0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-microcode_ctl-13704,slessp3-microcode_ctl-13704,slessp4-microcode_ctl-13704",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2076-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2076-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182076-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2076-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004322.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1100147",
"url": "https://bugzilla.suse.com/1100147"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
}
],
"title": "Security update for microcode_ctl",
"tracking": {
"current_release_date": "2018-07-26T14:39:31Z",
"generator": {
"date": "2018-07-26T14:39:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2076-1",
"initial_release_date": "2018-07-26T14:39:31Z",
"revision_history": [
{
"date": "2018-07-26T14:39:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "microcode_ctl-1.17-102.83.24.1.i586",
"product": {
"name": "microcode_ctl-1.17-102.83.24.1.i586",
"product_id": "microcode_ctl-1.17-102.83.24.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "microcode_ctl-1.17-102.83.24.1.x86_64",
"product": {
"name": "microcode_ctl-1.17-102.83.24.1.x86_64",
"product_id": "microcode_ctl-1.17-102.83.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.24.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:39:31Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:39:31Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
}
]
}
suse-su-2018:1926-1
Vulnerability from csaf_suse
Published
2018-07-11 13:55
Modified
2018-07-11 13:55
Summary
Security update for ucode-intel
Notes
Title of the patch
Security update for ucode-intel
Description of the patch
This update for ucode-intel fixes the following issues:
The microcode bundles was updated to the 20180703 release
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a)
and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083).
More information on:
https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File
Following chipsets are fixed in this round:
Model Stepping F-MO-S/PI Old->New
---- updated platforms ------------------------------------
SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5
SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5
IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K
IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2
HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3
SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX
BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N
BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx
Patchnames
SUSE-SLE-Module-Basesystem-15-2018-1299
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for ucode-intel fixes the following issues:\n\nThe microcode bundles was updated to the 20180703 release\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a)\nand helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083).\n\nMore information on:\n https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File\n\nFollowing chipsets are fixed in this round:\n\nModel Stepping F-MO-S/PI Old-\u003eNew\n\n---- updated platforms ------------------------------------\n\nSNB-EP C1 6-2d-6/6d 0000061c-\u003e0000061d Xeon E5\nSNB-EP C2 6-2d-7/6d 00000713-\u003e00000714 Xeon E5\nIVT C0 6-3e-4/ed 0000042c-\u003e0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K\nIVT D1 6-3e-7/ed 00000713-\u003e00000714 Xeon E5 v2\nHSX-E/EP/4S C0 6-3f-2/6f 0000003c-\u003e0000003d Xeon E5 v3\nHSX-EX E0 6-3f-4/80 00000011-\u003e00000012 Xeon E7 v3\nSKX-SP/D/W/X H0 6-55-4/b7 02000043-\u003e0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX\nBDX-DE A1 6-56-5/10 0e000009-\u003e0e00000a Xeon D-15x3N\nBDX-ML B/M/R0 6-4f-1/ef 0b00002c-\u003e0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-1299",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1926-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1926-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181926-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1926-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004256.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1100147",
"url": "https://bugzilla.suse.com/1100147"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2018-07-11T13:55:21Z",
"generator": {
"date": "2018-07-11T13:55:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1926-1",
"initial_release_date": "2018-07-11T13:55:21Z",
"revision_history": [
{
"date": "2018-07-11T13:55:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20180703-3.3.1.x86_64",
"product": {
"name": "ucode-intel-20180703-3.3.1.x86_64",
"product_id": "ucode-intel-20180703-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180703-3.3.1.x86_64"
},
"product_reference": "ucode-intel-20180703-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180703-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180703-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180703-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-11T13:55:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180703-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180703-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180703-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-11T13:55:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
}
]
}
suse-su-2018:2338-1
Vulnerability from csaf_suse
Published
2018-08-15 15:31
Modified
2018-08-15 15:31
Summary
Security update to ucode-intel
Notes
Title of the patch
Security update to ucode-intel
Description of the patch
ucode-intel was updated to the 20180807 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is
part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
(L1 Terminal fault).
(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx
NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx
BXT C0 6-5c-2/01 00000014 Atom T5500/5700
APL E0 6-5c-a/03 0000000c Atom x5-E39xx
DVN B0 6-5f-1/01 00000024 Atom C3xxx
---- updated platforms ------------------------------------
NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx
NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx
WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx
SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3
WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7
IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3
BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile
HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron
HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX
BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87
APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5
Patchnames
SUSE-SLE-Module-Basesystem-15-2018-1580
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update to ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nucode-intel was updated to the 20180807 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is\npart of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646\n(L1 Terminal fault).\n(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)\n\n Processor Identifier Version Products\n\n Model Stepping F-MO-S/PI Old-\u003eNew\n\n ---- new platforms ----------------------------------------\n WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx\n NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx\n BXT C0 6-5c-2/01 00000014 Atom T5500/5700\n APL E0 6-5c-a/03 0000000c Atom x5-E39xx\n DVN B0 6-5f-1/01 00000024 Atom C3xxx\n ---- updated platforms ------------------------------------\n NHM-EP/WS D0 6-1a-5/03 00000019-\u003e0000001d Xeon E/L/X/W55xx\n NHM B1 6-1e-5/13 00000007-\u003e0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx\n WSM B1 6-25-2/12 0000000e-\u003e00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406\n WSM K0 6-25-5/92 00000004-\u003e00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx\n SNB D2 6-2a-7/12 0000002d-\u003e0000002e Core Gen2; Xeon E3\n WSM-EX A2 6-2f-2/05 00000037-\u003e0000003b Xeon E7\n IVB E2 6-3a-9/12 0000001f-\u003e00000020 Core Gen3 Mobile\n HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024-\u003e00000025 Core Gen4 Desktop; Xeon E3 v3\n BDW-U/Y E/F 6-3d-4/c0 0000002a-\u003e0000002b Core Gen5 Mobile\n HSW-ULT Cx/Dx 6-45-1/72 00000023-\u003e00000024 Core Gen4 Mobile and derived Pentium/Celeron\n HSW-H Cx 6-46-1/32 00000019-\u003e0000001a Core Extreme i7-5xxxX\n BDW-H/E3 E/G 6-47-1/22 0000001d-\u003e0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4\n SKL-U/Y D0 6-4e-3/c0 000000c2-\u003e000000c6 Core Gen6 Mobile\n BDX-DE V1 6-56-2/10 00000015-\u003e00000017 Xeon D-1520/40\n BDX-DE V2/3 6-56-3/10 07000012-\u003e07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n BDX-DE Y0 6-56-4/10 0f000011-\u003e0f000012 Xeon D-1557/59/67/71/77/81/87\n APL D0 6-5c-9/03 0000002c-\u003e00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n SKL-H/S/E3 R0 6-5e-3/36 000000c2-\u003e000000c6 Core Gen6; Xeon E3 v5\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-1580",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2338-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2338-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182338-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2338-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004422.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1089343",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "self",
"summary": "SUSE Bug 1104134",
"url": "https://bugzilla.suse.com/1104134"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3646/"
}
],
"title": "Security update to ucode-intel",
"tracking": {
"current_release_date": "2018-08-15T15:31:46Z",
"generator": {
"date": "2018-08-15T15:31:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2338-1",
"initial_release_date": "2018-08-15T15:31:46Z",
"revision_history": [
{
"date": "2018-08-15T15:31:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20180807-3.6.1.x86_64",
"product": {
"name": "ucode-intel-20180807-3.6.1.x86_64",
"product_id": "ucode-intel-20180807-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
},
"product_reference": "ucode-intel-20180807-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T15:31:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T15:31:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
},
{
"cve": "CVE-2018-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3646"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3646",
"url": "https://www.suse.com/security/cve/CVE-2018-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104365 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1106548 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1106548"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T15:31:46Z",
"details": "important"
}
],
"title": "CVE-2018-3646"
}
]
}
suse-su-2018:2335-1
Vulnerability from csaf_suse
Published
2018-08-15 14:01
Modified
2018-08-15 14:01
Summary
Security update to ucode-intel
Notes
Title of the patch
Security update to ucode-intel
Description of the patch
ucode-intel was updated to the 20180807 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is part of the
mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault).
(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx
NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx
BXT C0 6-5c-2/01 00000014 Atom T5500/5700
APL E0 6-5c-a/03 0000000c Atom x5-E39xx
DVN B0 6-5f-1/01 00000024 Atom C3xxx
---- updated platforms ------------------------------------
NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx
NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx
WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx
SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3
WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7
IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3
BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile
HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron
HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX
BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87
APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5
Patchnames
sleposp3-microcode_ctl-13730,slessp3-microcode_ctl-13730,slessp4-microcode_ctl-13730
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update to ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nucode-intel was updated to the 20180807 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is part of the \nmitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault).\n(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)\n\n Processor Identifier Version Products\n\n Model Stepping F-MO-S/PI Old-\u003eNew\n\n ---- new platforms ----------------------------------------\n WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx\n NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx\n BXT C0 6-5c-2/01 00000014 Atom T5500/5700\n APL E0 6-5c-a/03 0000000c Atom x5-E39xx\n DVN B0 6-5f-1/01 00000024 Atom C3xxx\n ---- updated platforms ------------------------------------\n NHM-EP/WS D0 6-1a-5/03 00000019-\u003e0000001d Xeon E/L/X/W55xx\n NHM B1 6-1e-5/13 00000007-\u003e0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx\n WSM B1 6-25-2/12 0000000e-\u003e00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406\n WSM K0 6-25-5/92 00000004-\u003e00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx\n SNB D2 6-2a-7/12 0000002d-\u003e0000002e Core Gen2; Xeon E3\n WSM-EX A2 6-2f-2/05 00000037-\u003e0000003b Xeon E7\n IVB E2 6-3a-9/12 0000001f-\u003e00000020 Core Gen3 Mobile\n HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024-\u003e00000025 Core Gen4 Desktop; Xeon E3 v3\n BDW-U/Y E/F 6-3d-4/c0 0000002a-\u003e0000002b Core Gen5 Mobile\n HSW-ULT Cx/Dx 6-45-1/72 00000023-\u003e00000024 Core Gen4 Mobile and derived Pentium/Celeron\n HSW-H Cx 6-46-1/32 00000019-\u003e0000001a Core Extreme i7-5xxxX\n BDW-H/E3 E/G 6-47-1/22 0000001d-\u003e0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4\n SKL-U/Y D0 6-4e-3/c0 000000c2-\u003e000000c6 Core Gen6 Mobile\n BDX-DE V1 6-56-2/10 00000015-\u003e00000017 Xeon D-1520/40\n BDX-DE V2/3 6-56-3/10 07000012-\u003e07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n BDX-DE Y0 6-56-4/10 0f000011-\u003e0f000012 Xeon D-1557/59/67/71/77/81/87\n APL D0 6-5c-9/03 0000002c-\u003e00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n SKL-H/S/E3 R0 6-5e-3/36 000000c2-\u003e000000c6 Core Gen6; Xeon E3 v5\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-microcode_ctl-13730,slessp3-microcode_ctl-13730,slessp4-microcode_ctl-13730",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2335-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2335-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182335-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2335-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004419.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1089343",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "self",
"summary": "SUSE Bug 1104134",
"url": "https://bugzilla.suse.com/1104134"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3646/"
}
],
"title": "Security update to ucode-intel",
"tracking": {
"current_release_date": "2018-08-15T14:01:48Z",
"generator": {
"date": "2018-08-15T14:01:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2335-1",
"initial_release_date": "2018-08-15T14:01:48Z",
"revision_history": [
{
"date": "2018-08-15T14:01:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "microcode_ctl-1.17-102.83.27.1.i586",
"product": {
"name": "microcode_ctl-1.17-102.83.27.1.i586",
"product_id": "microcode_ctl-1.17-102.83.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "microcode_ctl-1.17-102.83.27.1.x86_64",
"product": {
"name": "microcode_ctl-1.17-102.83.27.1.x86_64",
"product_id": "microcode_ctl-1.17-102.83.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T14:01:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T14:01:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
},
{
"cve": "CVE-2018-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3646"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3646",
"url": "https://www.suse.com/security/cve/CVE-2018-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104365 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1106548 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1106548"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:microcode_ctl-1.17-102.83.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T14:01:48Z",
"details": "important"
}
],
"title": "CVE-2018-3646"
}
]
}
suse-su-2018:2331-1
Vulnerability from csaf_suse
Published
2018-08-15 11:50
Modified
2018-08-15 11:50
Summary
Security update to ucode-intel
Notes
Title of the patch
Security update to ucode-intel
Description of the patch
ucode-intel was updated to the 20180807 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is
part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
(L1 Terminal fault).
(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx
NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx
BXT C0 6-5c-2/01 00000014 Atom T5500/5700
APL E0 6-5c-a/03 0000000c Atom x5-E39xx
DVN B0 6-5f-1/01 00000024 Atom C3xxx
---- updated platforms ------------------------------------
NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx
NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx
WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx
SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3
WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7
IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3
BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile
HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron
HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX
BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87
APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5
Patchnames
SUSE-OpenStack-Cloud-7-2018-1573,SUSE-SLE-DESKTOP-12-SP3-2018-1573,SUSE-SLE-SAP-12-SP1-2018-1573,SUSE-SLE-SAP-12-SP2-2018-1573,SUSE-SLE-SERVER-12-2018-1573,SUSE-SLE-SERVER-12-SP1-2018-1573,SUSE-SLE-SERVER-12-SP2-2018-1573,SUSE-SLE-SERVER-12-SP3-2018-1573,SUSE-Storage-4-2018-1573
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update to ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nucode-intel was updated to the 20180807 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is\npart of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646\n(L1 Terminal fault).\n(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)\n\n Processor Identifier Version Products\n\n Model Stepping F-MO-S/PI Old-\u003eNew\n\n ---- new platforms ----------------------------------------\n WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx\n NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx\n BXT C0 6-5c-2/01 00000014 Atom T5500/5700\n APL E0 6-5c-a/03 0000000c Atom x5-E39xx\n DVN B0 6-5f-1/01 00000024 Atom C3xxx\n ---- updated platforms ------------------------------------\n NHM-EP/WS D0 6-1a-5/03 00000019-\u003e0000001d Xeon E/L/X/W55xx\n NHM B1 6-1e-5/13 00000007-\u003e0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx\n WSM B1 6-25-2/12 0000000e-\u003e00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406\n WSM K0 6-25-5/92 00000004-\u003e00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx\n SNB D2 6-2a-7/12 0000002d-\u003e0000002e Core Gen2; Xeon E3\n WSM-EX A2 6-2f-2/05 00000037-\u003e0000003b Xeon E7\n IVB E2 6-3a-9/12 0000001f-\u003e00000020 Core Gen3 Mobile\n HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024-\u003e00000025 Core Gen4 Desktop; Xeon E3 v3\n BDW-U/Y E/F 6-3d-4/c0 0000002a-\u003e0000002b Core Gen5 Mobile\n HSW-ULT Cx/Dx 6-45-1/72 00000023-\u003e00000024 Core Gen4 Mobile and derived Pentium/Celeron\n HSW-H Cx 6-46-1/32 00000019-\u003e0000001a Core Extreme i7-5xxxX\n BDW-H/E3 E/G 6-47-1/22 0000001d-\u003e0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4\n SKL-U/Y D0 6-4e-3/c0 000000c2-\u003e000000c6 Core Gen6 Mobile\n BDX-DE V1 6-56-2/10 00000015-\u003e00000017 Xeon D-1520/40\n BDX-DE V2/3 6-56-3/10 07000012-\u003e07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n BDX-DE Y0 6-56-4/10 0f000011-\u003e0f000012 Xeon D-1557/59/67/71/77/81/87\n APL D0 6-5c-9/03 0000002c-\u003e00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n SKL-H/S/E3 R0 6-5e-3/36 000000c2-\u003e000000c6 Core Gen6; Xeon E3 v5\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-1573,SUSE-SLE-DESKTOP-12-SP3-2018-1573,SUSE-SLE-SAP-12-SP1-2018-1573,SUSE-SLE-SAP-12-SP2-2018-1573,SUSE-SLE-SERVER-12-2018-1573,SUSE-SLE-SERVER-12-SP1-2018-1573,SUSE-SLE-SERVER-12-SP2-2018-1573,SUSE-SLE-SERVER-12-SP3-2018-1573,SUSE-Storage-4-2018-1573",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2331-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2331-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182331-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2331-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004416.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1089343",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "self",
"summary": "SUSE Bug 1104134",
"url": "https://bugzilla.suse.com/1104134"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3646/"
}
],
"title": "Security update to ucode-intel",
"tracking": {
"current_release_date": "2018-08-15T11:50:29Z",
"generator": {
"date": "2018-08-15T11:50:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2331-1",
"initial_release_date": "2018-08-15T11:50:29Z",
"revision_history": [
{
"date": "2018-08-15T11:50:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20180807-13.29.1.x86_64",
"product": {
"name": "ucode-intel-20180807-13.29.1.x86_64",
"product_id": "ucode-intel-20180807-13.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T11:50:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T11:50:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
},
{
"cve": "CVE-2018-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3646"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3646",
"url": "https://www.suse.com/security/cve/CVE-2018-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104365 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1106548 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1106548"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T11:50:29Z",
"details": "important"
}
],
"title": "CVE-2018-3646"
}
]
}
suse-su-2018:2331-2
Vulnerability from csaf_suse
Published
2018-10-18 12:49
Modified
2018-10-18 12:49
Summary
Security update to ucode-intel
Notes
Title of the patch
Security update to ucode-intel
Description of the patch
ucode-intel was updated to the 20180807 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is
part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
(L1 Terminal fault).
(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx
NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx
BXT C0 6-5c-2/01 00000014 Atom T5500/5700
APL E0 6-5c-a/03 0000000c Atom x5-E39xx
DVN B0 6-5f-1/01 00000024 Atom C3xxx
---- updated platforms ------------------------------------
NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx
NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx
WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx
SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3
WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7
IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3
BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile
HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron
HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX
BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87
APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5
Patchnames
SUSE-SLE-SERVER-12-SP2-BCL-2018-1573
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update to ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nucode-intel was updated to the 20180807 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is\npart of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646\n(L1 Terminal fault).\n(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)\n\n Processor Identifier Version Products\n\n Model Stepping F-MO-S/PI Old-\u003eNew\n\n ---- new platforms ----------------------------------------\n WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx\n NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx\n BXT C0 6-5c-2/01 00000014 Atom T5500/5700\n APL E0 6-5c-a/03 0000000c Atom x5-E39xx\n DVN B0 6-5f-1/01 00000024 Atom C3xxx\n ---- updated platforms ------------------------------------\n NHM-EP/WS D0 6-1a-5/03 00000019-\u003e0000001d Xeon E/L/X/W55xx\n NHM B1 6-1e-5/13 00000007-\u003e0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx\n WSM B1 6-25-2/12 0000000e-\u003e00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406\n WSM K0 6-25-5/92 00000004-\u003e00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx\n SNB D2 6-2a-7/12 0000002d-\u003e0000002e Core Gen2; Xeon E3\n WSM-EX A2 6-2f-2/05 00000037-\u003e0000003b Xeon E7\n IVB E2 6-3a-9/12 0000001f-\u003e00000020 Core Gen3 Mobile\n HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024-\u003e00000025 Core Gen4 Desktop; Xeon E3 v3\n BDW-U/Y E/F 6-3d-4/c0 0000002a-\u003e0000002b Core Gen5 Mobile\n HSW-ULT Cx/Dx 6-45-1/72 00000023-\u003e00000024 Core Gen4 Mobile and derived Pentium/Celeron\n HSW-H Cx 6-46-1/32 00000019-\u003e0000001a Core Extreme i7-5xxxX\n BDW-H/E3 E/G 6-47-1/22 0000001d-\u003e0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4\n SKL-U/Y D0 6-4e-3/c0 000000c2-\u003e000000c6 Core Gen6 Mobile\n BDX-DE V1 6-56-2/10 00000015-\u003e00000017 Xeon D-1520/40\n BDX-DE V2/3 6-56-3/10 07000012-\u003e07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n BDX-DE Y0 6-56-4/10 0f000011-\u003e0f000012 Xeon D-1557/59/67/71/77/81/87\n APL D0 6-5c-9/03 0000002c-\u003e00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n SKL-H/S/E3 R0 6-5e-3/36 000000c2-\u003e000000c6 Core Gen6; Xeon E3 v5\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-1573",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2331-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2331-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182331-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2331-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004716.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1089343",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "self",
"summary": "SUSE Bug 1104134",
"url": "https://bugzilla.suse.com/1104134"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3646/"
}
],
"title": "Security update to ucode-intel",
"tracking": {
"current_release_date": "2018-10-18T12:49:10Z",
"generator": {
"date": "2018-10-18T12:49:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2331-2",
"initial_release_date": "2018-10-18T12:49:10Z",
"revision_history": [
{
"date": "2018-10-18T12:49:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20180807-13.29.1.x86_64",
"product": {
"name": "ucode-intel-20180807-13.29.1.x86_64",
"product_id": "ucode-intel-20180807-13.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:49:10Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:49:10Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
},
{
"cve": "CVE-2018-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3646"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3646",
"url": "https://www.suse.com/security/cve/CVE-2018-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104365 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1106548 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1106548"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:49:10Z",
"details": "important"
}
],
"title": "CVE-2018-3646"
}
]
}
suse-su-2018:1935-1
Vulnerability from csaf_suse
Published
2018-07-12 06:50
Modified
2018-07-12 06:50
Summary
Recommended update for ucode-intel
Notes
Title of the patch
Recommended update for ucode-intel
Description of the patch
The Intel CPU microcode bundle was updated to the 20180703 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a)
and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083).
More information on:
https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File
Following chipsets are fixed in this round:
Model Stepping F-MO-S/PI Old->New
---- updated platforms ------------------------------------
SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5
SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5
IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K
IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2
HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3
SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX
BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N
BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx
- Add a new style supplements for the recent kernels. (bsc#1096141)
Patchnames
SUSE-OpenStack-Cloud-7-2018-1308,SUSE-SLE-DESKTOP-12-SP3-2018-1308,SUSE-SLE-SAP-12-SP1-2018-1308,SUSE-SLE-SAP-12-SP2-2018-1308,SUSE-SLE-SERVER-12-2018-1308,SUSE-SLE-SERVER-12-SP1-2018-1308,SUSE-SLE-SERVER-12-SP2-2018-1308,SUSE-SLE-SERVER-12-SP3-2018-1308,SUSE-Storage-4-2018-1308
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe Intel CPU microcode bundle was updated to the 20180703 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a)\nand helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083).\n\nMore information on:\n https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File\n\nFollowing chipsets are fixed in this round:\n\nModel Stepping F-MO-S/PI Old-\u003eNew\n\n---- updated platforms ------------------------------------\n\nSNB-EP C1 6-2d-6/6d 0000061c-\u003e0000061d Xeon E5\nSNB-EP C2 6-2d-7/6d 00000713-\u003e00000714 Xeon E5\nIVT C0 6-3e-4/ed 0000042c-\u003e0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K\nIVT D1 6-3e-7/ed 00000713-\u003e00000714 Xeon E5 v2\nHSX-E/EP/4S C0 6-3f-2/6f 0000003c-\u003e0000003d Xeon E5 v3\nHSX-EX E0 6-3f-4/80 00000011-\u003e00000012 Xeon E7 v3\nSKX-SP/D/W/X H0 6-55-4/b7 02000043-\u003e0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX\nBDX-DE A1 6-56-5/10 0e000009-\u003e0e00000a Xeon D-15x3N\nBDX-ML B/M/R0 6-4f-1/ef 0b00002c-\u003e0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx\n\n- Add a new style supplements for the recent kernels. (bsc#1096141)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-1308,SUSE-SLE-DESKTOP-12-SP3-2018-1308,SUSE-SLE-SAP-12-SP1-2018-1308,SUSE-SLE-SAP-12-SP2-2018-1308,SUSE-SLE-SERVER-12-2018-1308,SUSE-SLE-SERVER-12-SP1-2018-1308,SUSE-SLE-SERVER-12-SP2-2018-1308,SUSE-SLE-SERVER-12-SP3-2018-1308,SUSE-Storage-4-2018-1308",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1935-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1935-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181935-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1935-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004257.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1096141",
"url": "https://bugzilla.suse.com/1096141"
},
{
"category": "self",
"summary": "SUSE Bug 1100147",
"url": "https://bugzilla.suse.com/1100147"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
}
],
"title": "Recommended update for ucode-intel",
"tracking": {
"current_release_date": "2018-07-12T06:50:05Z",
"generator": {
"date": "2018-07-12T06:50:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1935-1",
"initial_release_date": "2018-07-12T06:50:05Z",
"revision_history": [
{
"date": "2018-07-12T06:50:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20180703-13.25.1.x86_64",
"product": {
"name": "ucode-intel-20180703-13.25.1.x86_64",
"product_id": "ucode-intel-20180703-13.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180703-13.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-12T06:50:05Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180703-13.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180703-13.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180703-13.25.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-12T06:50:05Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
}
]
}
suse-su-2018:1935-2
Vulnerability from csaf_suse
Published
2018-10-18 12:46
Modified
2018-10-18 12:46
Summary
Recommended update for ucode-intel
Notes
Title of the patch
Recommended update for ucode-intel
Description of the patch
The Intel CPU microcode bundle was updated to the 20180703 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a)
and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083).
More information on:
https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File
Following chipsets are fixed in this round:
Model Stepping F-MO-S/PI Old->New
---- updated platforms ------------------------------------
SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5
SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5
IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K
IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2
HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3
SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX
BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N
BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx
- Add a new style supplements for the recent kernels. (bsc#1096141)
Patchnames
SUSE-SLE-SERVER-12-SP2-BCL-2018-1308
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe Intel CPU microcode bundle was updated to the 20180703 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a)\nand helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083).\n\nMore information on:\n https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File\n\nFollowing chipsets are fixed in this round:\n\nModel Stepping F-MO-S/PI Old-\u003eNew\n\n---- updated platforms ------------------------------------\n\nSNB-EP C1 6-2d-6/6d 0000061c-\u003e0000061d Xeon E5\nSNB-EP C2 6-2d-7/6d 00000713-\u003e00000714 Xeon E5\nIVT C0 6-3e-4/ed 0000042c-\u003e0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K\nIVT D1 6-3e-7/ed 00000713-\u003e00000714 Xeon E5 v2\nHSX-E/EP/4S C0 6-3f-2/6f 0000003c-\u003e0000003d Xeon E5 v3\nHSX-EX E0 6-3f-4/80 00000011-\u003e00000012 Xeon E7 v3\nSKX-SP/D/W/X H0 6-55-4/b7 02000043-\u003e0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX\nBDX-DE A1 6-56-5/10 0e000009-\u003e0e00000a Xeon D-15x3N\nBDX-ML B/M/R0 6-4f-1/ef 0b00002c-\u003e0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx\n\n- Add a new style supplements for the recent kernels. (bsc#1096141)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-1308",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1935-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1935-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181935-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1935-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004691.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1096141",
"url": "https://bugzilla.suse.com/1096141"
},
{
"category": "self",
"summary": "SUSE Bug 1100147",
"url": "https://bugzilla.suse.com/1100147"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
}
],
"title": "Recommended update for ucode-intel",
"tracking": {
"current_release_date": "2018-10-18T12:46:53Z",
"generator": {
"date": "2018-10-18T12:46:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1935-2",
"initial_release_date": "2018-10-18T12:46:53Z",
"revision_history": [
{
"date": "2018-10-18T12:46:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20180703-13.25.1.x86_64",
"product": {
"name": "ucode-intel-20180703-13.25.1.x86_64",
"product_id": "ucode-intel-20180703-13.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180703-13.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180703-13.25.1.x86_64"
},
"product_reference": "ucode-intel-20180703-13.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180703-13.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:46:53Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180703-13.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20180703-13.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:46:53Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
}
]
}
CERTFR-2019-AVI-036
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM QRadar SIEM versions 7.3.x antérieures à 7.3.1 Patch 6 | ||
| IBM | QRadar | IBM Security QRadar Packet Capture versions 7.2.x antérieures à 7.2.8 Patch 4 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.3.x antérieures à 7.3.1 Patch 1 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.2.x antérieures à 7.2.8 Patch 1 | ||
| IBM | QRadar | IBM Security QRadar Packet Capture versions 7.3.x antérieures à 7.3.1 Patch 1 | ||
| IBM | QRadar | IBM QRadar SIEM versions 7.2.x antérieures à 7.2.8 Patch 14 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.1 Patch 6",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security QRadar Packet Capture versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 4",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.1 Patch 1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security QRadar Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.1 Patch 1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
}
],
"initial_release_date": "2019-01-30T00:00:00",
"last_revision_date": "2019-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-036",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 0796076 du 23 janvier 2019",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10796076\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 0796130 du 23 janvier 2019",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10796130\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 0796134 du 23 janvier 2019",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10796134\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
}
]
}
CERTFR-2019-AVI-489
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC PROFINET Driver versions antérieures à V2.1 | ||
| Siemens | N/A | SINAMICS G120 V4.7 (PN Control Unit) versions antérieures à V4.7 SP10 HF5 | ||
| Siemens | N/A | SIMATIC CFU PA versions antérieures à V1.2.0 | ||
| Siemens | N/A | SINAMICS S120 V4.7 (Control Unit et CBE20) versions antérieures à V4.7 HF34 ou V5.2 HF2 | ||
| Siemens | N/A | SINAMICS GH150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9 | ||
| Siemens | N/A | SIMATIC ET 200SP IM 155-6 PN/2 HF versions antérieures à V4.2.2 | ||
| Siemens | N/A | SINAMICS G120 V4.7 (Control Unit) versions antérieures à V4.7 SP10 HF5 | ||
| Siemens | N/A | SIMATIC ET 200SP IM 155-6 PN/3 HF versions antérieures à V4.2.1 | ||
| Siemens | N/A | SCALANCE X-200IRT versions antérieures à V5.4.2 | ||
| Siemens | N/A | SINAMICS G130 V4.7 (Control Unit) versions antérieures à V4.7 HF29 ou V5.2 HF2 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller versions antérieures à V4.1.1 Patch 05 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P versions antérieures à V4.5.0 | ||
| Siemens | N/A | SINAMICS GL150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9 | ||
| Siemens | N/A | CP1616 versions antérieures à V2.8 | ||
| Siemens | N/A | SINAMICS G110M V4.7 (Control Unit) versions antérieures à V4.7 SP10 HF5 | ||
| Siemens | N/A | SIMATIC ET 200MP IM 155-5 PN BA versions antérieures à V4.2.3 | ||
| Siemens | N/A | SINAMICS G110M V4.7 (PN Control Unit) versions antérieures à V4.7 SP10 HF5 | ||
| Siemens | N/A | SINAMICS DCM versions antérieures à V1.5 HF1 | ||
| Siemens | N/A | SINAMICS GM150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9 | ||
| Siemens | N/A | SIMATIC IT UADM versions antérieures à V1.3 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 versions antérieures à V4.5.0 Patch 01 | ||
| Siemens | N/A | SIMATIC S7-400H V6 versions antérieures à V6.0.9 | ||
| Siemens | N/A | SIMATIC WinAC RTX (F) 2010 versions antérieures à SIMATIC WinAC RTX 2010 SP3 avec les mises à jour BIOS et Windows | ||
| Siemens | N/A | SIMATIC ET 200SP IM 155-6 PN HF versions antérieures à V4.2.2 | ||
| Siemens | N/A | CP1604 versions antérieures à V2.8 | ||
| Siemens | N/A | SINUMERIK 828D versions antérieures à V4.8 SP5 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC PROFINET Driver versions ant\u00e9rieures \u00e0 V2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G120 V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CFU PA versions ant\u00e9rieures \u00e0 V1.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 V4.7 (Control Unit et CBE20) versions ant\u00e9rieures \u00e0 V4.7 HF34 ou V5.2 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS GH150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/2 HF versions ant\u00e9rieures \u00e0 V4.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G120 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN/3 HF versions ant\u00e9rieures \u00e0 V4.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G130 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 HF29 ou V5.2 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller versions ant\u00e9rieures \u00e0 V4.1.1 Patch 05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS GL150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP1616 versions ant\u00e9rieures \u00e0 V2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G110M V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200MP IM 155-5 PN BA versions ant\u00e9rieures \u00e0 V4.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G110M V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS DCM versions ant\u00e9rieures \u00e0 V1.5 HF1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS GM150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IT UADM versions ant\u00e9rieures \u00e0 V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5.0 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400H V6 versions ant\u00e9rieures \u00e0 V6.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinAC RTX (F) 2010 versions ant\u00e9rieures \u00e0 SIMATIC WinAC RTX 2010 SP3 avec les mises \u00e0 jour BIOS et Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP IM 155-6 PN HF versions ant\u00e9rieures \u00e0 V4.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP1604 versions ant\u00e9rieures \u00e0 V2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK 828D versions ant\u00e9rieures \u00e0 V4.8 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2019-10936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10936"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-10923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2019-13929",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13929"
},
{
"name": "CVE-2019-13921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13921"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2018-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
},
{
"name": "CVE-2018-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3615"
}
],
"initial_release_date": "2019-10-08T00:00:00",
"last_revision_date": "2019-10-08T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-489",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-608355 du 08 octobre 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 08 octobre 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-878278 du 08 octobre 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-473245 du 08 octobre 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-984700 du 08 octobre 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
}
]
}
CERTFR-2018-AVI-524
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | Safari | Safari versions antérieures à 12.0.1 | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.6 | ||
| Apple | N/A | iOS versions antérieures à 12.1 | ||
| Apple | N/A | watchOS versions antérieures à 5.1 | ||
| Apple | macOS | macOS High Sierra versions antérieures à 10.13.6 | ||
| Apple | N/A | tvOS versions antérieures à 12.1 | ||
| Apple | N/A | iCloud for Windows versions antérieures à 7.8 | ||
| Apple | macOS | macOS Mojave versions antérieures à 10.14 | ||
| Apple | N/A | iTunes versions antérieures à 12.9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Safari versions ant\u00e9rieures \u00e0 12.0.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud for Windows versions ant\u00e9rieures \u00e0 7.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave versions ant\u00e9rieures \u00e0 10.14",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4310"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-4391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4391"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-4368",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4368"
},
{
"name": "CVE-2018-4395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4395"
},
{
"name": "CVE-2018-4425",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4425"
},
{
"name": "CVE-2018-4259",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4259"
},
{
"name": "CVE-2018-4400",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4400"
},
{
"name": "CVE-2018-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4415"
},
{
"name": "CVE-2018-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4427"
},
{
"name": "CVE-2018-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4369"
},
{
"name": "CVE-2018-4396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4396"
},
{
"name": "CVE-2018-4291",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4291"
},
{
"name": "CVE-2017-12618",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12618"
},
{
"name": "CVE-2018-4374",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4374"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2018-4350",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4350"
},
{
"name": "CVE-2018-4386",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4386"
},
{
"name": "CVE-2018-4417",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4417"
},
{
"name": "CVE-2018-4331",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4331"
},
{
"name": "CVE-2018-4398",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4398"
},
{
"name": "CVE-2018-4412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4412"
},
{
"name": "CVE-2018-4420",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4420"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-4392",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4392"
},
{
"name": "CVE-2018-4409",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4409"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2018-4419",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4419"
},
{
"name": "CVE-2018-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4371"
},
{
"name": "CVE-2018-4348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4348"
},
{
"name": "CVE-2018-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4382"
},
{
"name": "CVE-2018-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4424"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2018-4288",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4288"
},
{
"name": "CVE-2018-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4203"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2018-4402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4402"
},
{
"name": "CVE-2018-4377",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4377"
},
{
"name": "CVE-2018-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4378"
},
{
"name": "CVE-2018-4341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4341"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-4426",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4426"
},
{
"name": "CVE-2018-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4367"
},
{
"name": "CVE-2018-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4399"
},
{
"name": "CVE-2018-4342",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4342"
},
{
"name": "CVE-2018-4389",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4389"
},
{
"name": "CVE-2018-4403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4403"
},
{
"name": "CVE-2018-4411",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4411"
},
{
"name": "CVE-2018-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4408"
},
{
"name": "CVE-2018-4375",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4375"
},
{
"name": "CVE-2018-4418",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4418"
},
{
"name": "CVE-2018-4340",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4340"
},
{
"name": "CVE-2018-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4394"
},
{
"name": "CVE-2018-4365",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4365"
},
{
"name": "CVE-2018-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6797"
},
{
"name": "CVE-2018-4308",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4308"
},
{
"name": "CVE-2018-4126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4126"
},
{
"name": "CVE-2018-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4376"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2018-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4286"
},
{
"name": "CVE-2018-4334",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4334"
},
{
"name": "CVE-2018-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4304"
},
{
"name": "CVE-2018-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4393"
},
{
"name": "CVE-2018-4354",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4354"
},
{
"name": "CVE-2018-4406",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4406"
},
{
"name": "CVE-2018-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4372"
},
{
"name": "CVE-2018-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
},
{
"name": "CVE-2018-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4287"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2018-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4423"
},
{
"name": "CVE-2018-4385",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4385"
},
{
"name": "CVE-2018-4153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4153"
},
{
"name": "CVE-2018-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
},
{
"name": "CVE-2018-4388",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4388"
},
{
"name": "CVE-2018-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4373"
},
{
"name": "CVE-2018-4295",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4295"
},
{
"name": "CVE-2018-4416",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4416"
},
{
"name": "CVE-2018-4366",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4366"
},
{
"name": "CVE-2018-4401",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4401"
},
{
"name": "CVE-2018-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4410"
},
{
"name": "CVE-2018-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4242"
},
{
"name": "CVE-2018-4384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4384"
},
{
"name": "CVE-2018-4422",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4422"
},
{
"name": "CVE-2018-4413",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4413"
},
{
"name": "CVE-2018-4407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4407"
},
{
"name": "CVE-2018-4346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4346"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-4387",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4387"
},
{
"name": "CVE-2018-4326",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4326"
},
{
"name": "CVE-2018-4390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4390"
}
],
"initial_release_date": "2018-10-31T00:00:00",
"last_revision_date": "2018-10-31T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-524",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209192 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209192"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209193 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209193"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209195 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209195"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209196 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209196"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209197 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209197"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209194 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209194"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209198 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209198"
}
]
}
CERTFR-2018-AVI-429
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | RUDGECOM, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) | ||
| Siemens | N/A | SIMATIC WinCC OA versions 3.14 et antérieures | ||
| Siemens | N/A | SCALANCE X408 toutes versions antérieures à 4.0.0 | ||
| Siemens | N/A | SINUMERIK, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) | ||
| Siemens | N/A | SCALANCE X300 toutes versions antérieures à 4.0.0 | ||
| Siemens | N/A | SIMATIC, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) | ||
| Siemens | N/A | SINEMA, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) | ||
| Siemens | N/A | SCALANCE X414 toutes versions | ||
| Siemens | N/A | SIEMENS TD Keypad Designer toutes versions | ||
| Siemens | N/A | SIMOTION, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RUDGECOM, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions 3.14 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X408 toutes versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X300 toutes versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X414 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIEMENS TD Keypad Designer toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-13806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13806"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-13807",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13807"
},
{
"name": "CVE-2018-13799",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13799"
},
{
"name": "CVE-2018-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
}
],
"initial_release_date": "2018-09-11T00:00:00",
"last_revision_date": "2018-09-11T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-429",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-268644 du 11 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-447396 du 11 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-346256 du 11 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-198330 du 11 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf"
}
]
}
cisco-sa-20180521-cpusidechannel
Vulnerability from csaf_cisco
Published
2018-05-22 01:00
Modified
2018-08-31 20:24
Summary
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
Notes
Summary
On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.
The first vulnerability, CVE-2018-3639, is known as Spectre Variant 4 or SpectreNG. The second vulnerability, CVE-2018-3640, is known as Spectre Variant 3a. Both of these attacks are variants of the attacks disclosed in January 2018 and leverage cache-timing attacks to infer any disclosed data.
To exploit either of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.
A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.
Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the “Affected Products” section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.
Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"]
Affected Products
Any product or service not listed in the “Vulnerable Products” section of this advisory is to be considered not vulnerable. The criteria for considering whether a product is vulnerable are explained in the “Summary” section of this advisory.
Vulnerable Products
The following table lists Cisco products and cloud services that are affected by the vulnerabilities described in this advisory:
Product Cisco Bug ID Fixed Release Availability Network Application, Service, and Acceleration Cisco Cloud Services Platform 2100 CSCvj63868 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj63868"] Consult the Cisco bug ID for details Cisco Wide Area Application Services (WAAS) CSCvj59144 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59144"] Update to v6.x (Available) Cisco vBond Orchestrator — 18.2 (Available) Cisco vEdge 5000 — 18.2 (Available) Cisco vEdge Cloud — 18.2 (Available) Cisco vManage NMS —
Cisco vSmart Controller — 18.2 (Available) Network Management and Provisioning Cisco Network Functions Virtualization Infrastructure Software CSCvj59161 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59161"] Consult the Cisco bug ID for details Routing and Switching - Enterprise and Service Provider Cisco 4000 Series Integrated Services Routers (IOS XE Open Service Containers) CSCvj59152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"] Consult the Cisco bug ID for details Cisco 800 Series Industrial Integrated Services Routers CSCvj59153 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59153"] Consult the Cisco bug ID for details Cisco ASR 1000 Series Aggregation Services Router with RP2 or RP3 (IOS XE Open Service Containers) CSCvj59152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"] Consult the Cisco bug ID for details Cisco ASR 1001-HX Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"] Consult the Cisco bug ID for details Cisco ASR 1001-X Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"] Consult the Cisco bug ID for details Cisco ASR 1002-HX Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"] Consult the Cisco bug ID for details Cisco ASR 1002-X Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"] Consult the Cisco bug ID for details Cisco ASR 9000 XR 64-bit Series Routers CSCvj59142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"] Consult the Cisco bug ID for details Cisco Application Policy Infrastructure Controller (APIC) CSCvj59131 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59131"] Consult the Cisco bug ID for details Cisco CGR 1000 Compute Module (IOx feature) CSCvj59160 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59160"] Consult the Cisco bug ID for details Cisco Catalyst 9300 Series Switches - IOx feature CSCvj59156 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59156"] Consult the Cisco bug ID for details Cisco Catalyst 9400 Series Switches - IOx feature CSCvj59157 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59157"] Consult the Cisco bug ID for details Cisco Catalyst 9500 Series Switches - IOx feature CSCvj59158 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59158"] Consult the Cisco bug ID for details Cisco Cloud Services Router 1000V Series (IOS XE Open Service Containers) CSCvj59152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"] Consult the Cisco bug ID for details Cisco NCS 1000 Series Routers CSCvj59142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"] Consult the Cisco bug ID for details Cisco NCS 5000 Series Routers CSCvj59142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"] Consult the Cisco bug ID for details Cisco NCS 5500 Series Routers CSCvj59142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"] Consult the Cisco bug ID for details Cisco Nexus 3000 Series Switches CSCvj59136 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59136"] Consult the Cisco bug ID for details Cisco Nexus 5000 Series Switches (OAC feature) CSCvj59138 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59138"] Consult the Cisco bug ID for details Cisco Nexus 6000 Series Switches (OAC feature) CSCvj59135 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59135"] Consult the Cisco bug ID for details Cisco Nexus 7000 Series Switches (OAC feature, Feature Bash) CSCvj59135 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59135"] Consult the Cisco bug ID for details Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode CSCvj59136 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59136"] Consult the Cisco bug ID for details Cisco Virtual Application Policy Infrastructure Controller (APIC) CSCvj59131 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59131"] Consult the Cisco bug ID for details Cisco XRv 9000 Series Routers CSCvj59142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"] Consult the Cisco bug ID for details Unified Computing Cisco C880 M4 Server CSCvj59127 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59127"] Consult the Cisco bug ID for details Cisco C880 M5 Server CSCvj59127 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59127"] Consult the Cisco bug ID for details Cisco Enterprise Network Compute System 5100 Series Servers CSCvj59121 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"] Consult the Cisco bug ID for details Cisco Enterprise Network Compute System 5400 Series Servers CSCvj59121 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"] Consult the Cisco bug ID for details Cisco HyperFlex with VMWare Hypervisor CSCvj59134 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59134"] Consult the Cisco bug ID for details Cisco UCS B-Series M2 Blade Servers - Managed CSCvj59301 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59301"] Cisco UCS B-Series M2 Blade Servers - Managed
UCS Manager 2.2(8l) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 3.2(3g) - (Available)
Cisco UCS C-Series M2 Rack Servers - Managed
UCS Manager 2.2(8l) - (Available)
Cisco UCS B-Series M3 Blade Servers CSCvj54880 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54880"] UCS Manager 2.2(8l) (Available)
UCS Manager 3.1(3j) (Available)
UCS Manager 3.2(3g) (Available)
Cisco UCS B-Series M4 Blade Servers (except B260, B460) CSCvj54187 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187"] UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS C-Series M4 Rack Servers - Managed (except C460) - UCS Manager 3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage Server - Managed - UCS Manager 3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage Server - Standalone - Cisco IMC 3.0(4e) - (Available)
Cisco UCS S3260 M4 Storage Server - UCS Manager 3.1(3j) - (Available) Cisco UCS B-Series M5 Blade Servers CSCvj59266 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59266"] Cisco UCS B-Series M5 Blade Servers
UCS Manager 3.2(3g) - (Available)
Cisco UCS C-Series M5 Rack Servers -Standalone
Cisco IMC 3.1(2i) - (Available) Cisco UCS B260 M4 Blade Server CSCvj54847 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847"] Cisco UCS B260 M4 Blade Server
UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS B460 M4 Blade Server
UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) – Available
UCS Manager 2.2(8l) - Available
Cisco UCS C460 M4 Rack Server - Managed
UCS Manager 3.2(3e) – (Available)
UCS Manager 3.1(3j) – (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS B460 M4 Blade Server CSCvj54847 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847"] Cisco UCS B260 M4 Blade Server
UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS B460 M4 Blade Server
UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) – Available
UCS Manager 2.2(8l) - Available
Cisco UCS C460 M4 Rack Server - Managed
UCS Manager 3.2(3e) – (Available)
UCS Manager 3.1(3j) – (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS C-Series M2 Rack Servers - Managed CSCvj59301 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59301"] Cisco UCS B-Series M2 Blade Servers - Managed
UCS Manager 2.2(8l) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 3.2(3g) - (Available)
Cisco UCS C-Series M2 Rack Servers - Managed
UCS Manager 2.2(8l) - (Available)
Cisco UCS C-Series M2 Rack Servers - Standalone CSCvj59309 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59309"] Cisco IMC 1.4(3z09) - (Available) Cisco UCS C-Series M2 Rack Servers [EX processor family servers] - Standalone CSCvj59304 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59304"] Cisco IMC 1.5(9f) - (Available) Cisco UCS C-Series M3 Rack Servers CSCvj59312 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59312"] UCS Manager 3.2(3g) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 2.2(8l) - (Available)
Cisco IMC 3.0(4i) - (Available)
Cisco IMC 2.0(9o) - (Available)
Cisco UCS C-Series M4 Rack Servers (except C460) - Standalone 1 CSCvj59318 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59318"] Cisco IMC 3.0(4e) - (Available)
Cisco IMC 2.0(10k) - (Available) Cisco UCS C-Series M4 Rack Servers (except C460) -Managed 1 CSCvj54187 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187"] UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS C-Series M4 Rack Servers - Managed (except C460) - UCS Manager 3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage Server - Managed - UCS Manager 3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage Server - Standalone - Cisco IMC 3.0(4e) - (Available)
Cisco UCS S3260 M4 Storage Server - UCS Manager 3.1(3j) - (Available) Cisco UCS C-Series M5 Rack Servers - Managed 1 CSCvj59331 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59331"] UCS Manager 3.2(3g) - (Available) Cisco UCS C-Series M5 Rack Servers -Standalone 1 CSCvj59266 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59266"] Cisco UCS B-Series M5 Blade Servers
UCS Manager 3.2(3g) - (Available)
Cisco UCS C-Series M5 Rack Servers -Standalone
Cisco IMC 3.1(2i) - (Available) Cisco UCS C460 M4 Rack Server - Managed CSCvj54847 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847"] Cisco UCS B260 M4 Blade Server
UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS B460 M4 Blade Server
UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) – Available
UCS Manager 2.2(8l) - Available
Cisco UCS C460 M4 Rack Server - Managed
UCS Manager 3.2(3e) – (Available)
UCS Manager 3.1(3j) – (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS C460 M4 Rack Server - Standalone CSCvj59326 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59326"] Cisco IMC 3.0(4e) - (Available)
Cisco IMC 2.0(12h) - (Available) Cisco UCS E-Series M2 Servers CSCvj59121 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"] Consult the Cisco bug ID for details Cisco UCS E-Series M3 Servers CSCvj59121 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"] Consult the Cisco bug ID for details Cisco UCS S3260 M4 Storage Server CSCvj54187 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187"] UCS Manager 3.2(3e) - (Available)
UCS Manager 3.1(3j) - (Available)
UCS Manager 2.2(8l) - (Available)
Cisco UCS C-Series M4 Rack Servers - Managed (except C460) - UCS Manager 3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage Server - Managed - UCS Manager 3.2(3e) - (Available)
Cisco UCS S3260 M4 Storage Server - Standalone - Cisco IMC 3.0(4e) - (Available)
Cisco UCS S3260 M4 Storage Server - UCS Manager 3.1(3j) - (Available) Cisco Virtual Infrastructure Manager CSCvj75271 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj75271"] 2.4.1
2.2.24
(Available) Voice and Unified Communications Devices Cisco Remote Expert Mobile CSCvj59167 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59167"] Consult the Cisco bug ID for details Cisco Cloud Hosted Services Cisco Metacloud CSCvj59149 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59149"] Consult the Cisco bug ID for details Cisco Threat Grid —
1 Cisco UCS M4 and M5 Rack Servers are used as part of the Cisco HyperFlex Solution.
Products Confirmed Not Vulnerable
The following Cisco products are considered not vulnerable to Spectre Variant 3a or Spectre Variant 4. Specific models in these product families may be affected and will be explicitly listed in the preceding “Vulnerable Products” section.
Routers
Branch Routers
Cisco 4000 Series Integrated Services Routers
Cisco 1900 Series Integrated Services Routers
Cisco 1800 Series Integrated Services Routers
Cisco 1000 Series Integrated Services Routers
Cisco 800 Series Routers
Data Center Interconnect Platforms
Cisco ASR 1000 Series Aggregation Services Routers
Cisco Carrier Routing System
Cisco Catalyst 6500 Series Switches
Industrial Routers
Cisco 2000 Series Connected Grid Routers
Cisco 1000 Series Connected Grid Routers
Cisco 900 Series Industrial Routers
Cisco 800 Series Industrial Integrated Services Routers
Cisco 500 Series WPAN Industrial Routers
Cisco Wireless Gateway for LoRaWAN
Cloud Networking Services
Cisco Cloud Services Router 1000V Series
Mobile Internet Routers
Cisco 5900 Series Embedded Services Routers
Cisco MWR 2900 Series Mobile Wireless Routers
Service Provider Core Routers
Cisco Carrier Routing System
Cisco Network Convergence System 6000 Series Routers
Service Provider Edge Routers
Cisco 12000 Series Routers
Cisco ASR 1000 Series Aggregation Services Routers
Cisco ASR 920 Series Aggregation Services Router
Cisco ASR 901 Series Aggregation Services Routers
Cisco ASR 900 Series Aggregation Services Routers
Cisco XR 12000 Series Router
Cisco Network Convergence System 500 Series Routers
Small Business Routers
Cisco 1900 Series Integrated Services Routers
Cisco 800 Series Routers
Cisco Small Business RV Series Routers
Virtual Routers
Cisco Cloud Services Router 1000V Series
Cisco WAN Aggregation and Internet Edge Routers
Cisco ASR 1000 Series Aggregation Services Routers
Cisco Catalyst 6500 Series Switches
WAN Optimization
Cisco Virtual Wide Area Application Services (vWAAS)
Cisco Wide Area Application Services (WAAS) Express
Cisco Wide Area Application Services (WAAS) Software
Switches
Blade Switches
Cisco Blade Switches for Dell
Cisco Blade Switches for FSC
Cisco Blade Switches for HP
Cisco Nexus 4000 Series Switches
Cisco Switch Modules for IBM
Cisco SFS Solutions for Blade Switches
Cisco SFS Solution for Dell
Campus LAN Switches - Access
Cisco Catalyst 9400 Series Switches
Cisco Catalyst 9300 Series Switches
Cisco Catalyst 4500 Series Switches
Cisco Catalyst 3850 Series Switches
Cisco Catalyst 3750 Series Switches
Cisco Catalyst 3650 Series Switches
Cisco Catalyst 2960-L Series Switches
Cisco Catalyst 2960-Plus Series Switches
Cisco Catalyst 2960-X Series Switches
Cisco Edge Series
Cisco Meraki Cloud Managed Switches
Cisco Redundant Power Systems
Campus LAN Switches - Core and Distribution
Cisco Catalyst 9500 Series Switches
Cisco Catalyst 6800 Series Switches
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 6500 Virtual Switching System 1440
Cisco Catalyst 4900 Series Switches
Cisco Catalyst 4500 Series Switches
Cisco Catalyst 4500-X Series Switches
Cisco Catalyst 3850 Series Switches
Cisco Nexus 7000 Series Switches
Campus LAN Switches - Digital Building
Cisco Catalyst 3560-CX Series Switches
Cisco Catalyst 2960-C Series Switches
Cisco Catalyst 2960-CX Series Switches
Cisco Catalyst 2960-L Series Switches
Cisco Catalyst Digital Building Series Switches
Data Center Switches
Cisco Nexus 2000 Series Fabric Extenders
Cisco R Series Racks
Cisco RP Series Power Distribution Units
Cisco Data Center Network Management
Cisco Data Center Network Manager
Cisco Fabric Manager
Cisco Data Center Switches with Cisco IOS Software
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 4900 Series Switches
Cisco Energy and Asset Management
Cisco Asset Management Suite
Cisco Energy Management Suite
Industrial Ethernet Switches
Cisco 2500 Series Connected Grid Switches
Cisco Embedded Service 2020 Series Switches
Cisco Industrial Ethernet 5000 Series Switches
Cisco Industrial Ethernet 4010 Series Switches
Cisco Industrial Ethernet 4000 Series Switches
Cisco Industrial Ethernet 3010 Series Switches
Cisco Industrial Ethernet 3000 Series Switches
Cisco Industrial Ethernet 2000 Series Switches
Cisco Industrial Ethernet 2000U Series Switches
Cisco Industrial Ethernet 1000 Series Switches
InfiniBand Switches
Cisco SFS 7000 Series InfiniBand Server Switches
Cisco SFS 3500 Series Multifabric Server Switches
Cisco SFS 3000 Series Multifabric Server Switches
LAN Switches - Small Business
Cisco 550X Series Stackable Managed Switches
Cisco 350 Series Managed Switches
Cisco 350X Series Stackable Managed Switches
Cisco 250 Series Smart Switches
Cisco 220 Series Smart Switches
Cisco ESW2 Series Advanced Switches
Cisco Small Business 300 Series Managed Switches
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 110 Series Unmanaged Switches
Cisco Small Business Smart Switches
Cisco Small Business Stackable Managed Switches
Cisco Small Business Unmanaged Switches
Service Provider Switches - Aggregation
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 4500 Series Switches
Cisco ME 4900 Series Ethernet Switches
Cisco ME 3800X Series Carrier Ethernet Switch Routers
Service Provider Switches - Ethernet Access
Cisco Catalyst 3750 Metro Series Switches
Cisco ME 3600X Series Ethernet Access Switches
Cisco ME 3400 Series Ethernet Access Switches
Cisco ME 3400E Series Ethernet Access Switches
Cisco ME 1200 Series Carrier Ethernet Access Devices
Cisco Small Business Gigabit SP Switches
Virtual Networking
Cisco Application Centric Infrastructure Virtual Edge
Cisco Application Virtual Switch
Cisco Cloud Services Platform 2100
Cisco Nexus 1000V InterCloud
Cisco Nexus 1000V Switch for KVM
Cisco Nexus 1000V Switch for Microsoft Hyper-V
Cisco Nexus 1000V Switch for VMware vSphere
Cloud Networking Services
Cisco Prime Virtual Network Analysis Module (vNAM)
Cisco Virtual Security Gateway
Cisco Virtual Wide Area Application Services (vWAAS)
WAN Switches
Cisco IGX 8400 Series Switches
MGX Switches
Cisco MGX 8900 Series Switches
Cisco MGX 8850 Software
Cisco MGX 8800 Series Switches
Cisco MGX 8250 Software
Cisco MGX 8200 Series Edge Concentrators
Wireless
Indoor Access Points
Cisco Aironet 1815 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco Aironet 4800 Access Point
Outdoor and Industrial Access Points
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1570 Series Access Points
Wireless LAN Controllers
Cisco 3504 Wireless LAN Controller
Cisco 5520 Wireless LAN Controller
Cisco 8540 Wireless LAN Controller
Cisco Virtual Wireless Controller
Cisco Meraki Cloud Managed Access Points
Security
Cisco Cloud-Hosted Products
Cisco AMP family of products and endpoint protection clients
Cisco Cloud Security
Cisco Cloudlock
Cisco Umbrella
Email Security
Cisco Content Security Management Appliance
Cisco Email Security
Cisco Email Encryption
Cisco Email Encryption
Cisco Registered Envelope Service
Firewalls
Cisco 3000 Series Industrial Security Appliances (ISA)
Cisco Meraki Cloud Managed Security Appliances
Cisco Adaptive Security Appliances (ASA)
Cisco Adaptive Security Virtual Appliance (ASAv)
Firewall Management
Cisco Adaptive Security Device Manager
Cisco Firepower Device Manager
Cisco Firepower Management Center
Cisco Security Manager
Next-Generation Firewalls (NGFW)
Cisco ASA 5500-X with FirePOWER Services
Cisco Firepower 9000 Series
Cisco Firepower 4100 Series
Cisco Firepower 2100 Series
Network Security
Cisco VPN Internal Service Module for ISR G2
Network Visibility and Segmentation
Cisco ISE Passive Identity Connector
Cisco Identity Services Engine (ISE)
Cisco Security Packet Analyzer
Cisco Stealthwatch Cloud
Cisco Stealthwatch Enterprise
Next-Generation Intrusion Prevention System (NGIPS)
Cisco FirePOWER 8000 Series Appliances
Cisco FirePOWER 7000 Series Appliances
Security Management
Cisco Firepower Management Center
Cisco Adaptive Security Device Manager
Cisco Content Security Management Appliance
Cisco Defense Orchestrator
Unified Communications
Cisco Spark
Cisco Unified Communications Manager
Cisco Business Edition 6000 - 100x80
Cisco Business Edition 6000
Cisco Jabber - 100x80
Cisco Jabber
Cisco Expressway
Customer Care
Cisco Unified Contact Center Express
Cisco Unified Contact Center Enterprise
Cisco Finesse
Cisco MediaSense
Conferencing
Cisco Meeting Server
Cisco WebEx Meeting Center
Cisco WebEx Meetings Server
Cisco TelePresence Management Suite
Cisco TelePresence Server
Cisco TelePresence Conductor
Collaboration Endpoints
Cisco 8800 Series IP Phones
Cisco 7800 Series IP Phones
Cisco 6900 Series IP Phones
Cisco 3900 Series SIP Phones
Cisco Desktop Collaboration Experience - DX600 Series
Cisco DX Series
Cisco TelePresence SX10 Quick Set
Cisco TelePresence MX Series - 100x80
Cisco TelePresence MX Series
Cisco TelePresence IX5000 Series
Cisco Unified Computing Management Platforms
Cisco Intersight
Cisco UCS Manager
Cisco UCS Central
Cisco UCS Director
Cisco UCS Performance Manager
IP Video
Cisco Access Edge
Cisco Cable Modem Termination Systems (CMTSs)
Cisco RF Switches
Cisco cBR Series Converged Broadband Routers
Cisco uBR10000 Series Universal Broadband Routers
Cisco uBR7225VXR Universal Broadband Routers
Cisco uBR7200 Series Universal Broadband Routers
No other Cisco IP Video products are known to be affected.
Internet of Things (IoT)
Cisco Jasper Control Center
Cisco IoT Management
Cisco Application Enablement
Cisco IoT Security
Cisco Kinetic
Cisco Extended Enterprise
Products Considered Not Vulnerable After Investigation
Cisco has investigated the following products, and they are not considered to be affected by the vulnerabilities that are described in this advisory:
Network Application, Service, and Acceleration
Cisco 500 Series WPAN Industrial Routers (IOx feature)
Cisco DNA Center
Network and Content Security Devices
Cisco Umbrella Virtual Appliance
Network Management and Provisioning
Cisco Evolved Programmable Network Manager
Cisco Meeting Server
Routing and Switching - Enterprise and Service Provider
Cisco 1000 Series Connected Grid Routers
Cisco Catalyst 3650 Series Switches - IOx feature
Cisco Industrial Ethernet 4000 Series Switches (IOx feature)
Cisco Nexus 4000 Series Blade Switches
Cisco Nexus 9000 Series Fabric Switches - ACI mode
Cisco c800 Series Integrated Services Routers
Wireless
Cisco Wireless Gateway for LoRaWAN
Cisco Cloud Hosted Services
Cisco Cloudlock
Cisco Hosted Collaboration Solution (HCS) for Government
Cisco Spark
Cisco Umbrella
Cisco WebEx Centers - Meeting Center, Training Center, Event Center, Support Center
Details
Modern CPU Speculative Store Bypass Information Disclosure Vulnerability
A vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.
The vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can be triggered by causing the CPU to attempt to perform a speculative memory read before currently queued memory writes are completed. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on the cache of the targeted system. A successful exploit could allow the attacker to read sensitive memory information.
This vulnerability has been assigned the following CVE ID: CVE-2018-3639
Modern CPU Rogue System Register Read Information Disclosure Vulnerability
A vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.
The vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by causing an affected platform to perform speculative reads of system registers. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on the cache of the targeted system. A successful exploit could allow the attacker to read sensitive memory information.
This vulnerability has been assigned the following CVE ID: CVE-2018-3640
Workarounds
There are no workarounds that address these vulnerabilities.
Fixed Software
For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
Source
CVE ID CVE-2018-3639 was reported to Intel by Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC).
CVE ID CVE-2018-3640 was reported to Intel by Zdenek Sojka, Rudolf Marek, and Alex Zuepke from SYSGO AG.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{
"document": {
"acknowledgments": [
{
"summary": "CVE ID CVE-2018-3639 was reported to Intel by Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC).\r\n\r\nCVE ID CVE-2018-3640 was reported to Intel by Zdenek Sojka, Rudolf Marek, and Alex Zuepke from SYSGO AG."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.\r\n\r\nThe first vulnerability, CVE-2018-3639, is known as Spectre Variant 4 or SpectreNG. The second vulnerability, CVE-2018-3640, is known as Spectre Variant 3a. Both of these attacks are variants of the attacks disclosed in January 2018 and leverage cache-timing attacks to infer any disclosed data.\r\n\r\nTo exploit either of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.\r\n\r\nA Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.\r\n\r\nAlthough Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the \u201cAffected Products\u201d section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.\r\n\r\nCisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel\"]",
"title": "Summary"
},
{
"category": "general",
"text": "Any product or service not listed in the \u201cVulnerable Products\u201d section of this advisory is to be considered not vulnerable. The criteria for considering whether a product is vulnerable are explained in the \u201cSummary\u201d section of this advisory.",
"title": "Affected Products"
},
{
"category": "general",
"text": "The following table lists Cisco products and cloud services that are affected by the vulnerabilities described in this advisory:\r\n Product Cisco Bug ID Fixed Release Availability Network Application, Service, and Acceleration Cisco Cloud Services Platform 2100 CSCvj63868 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj63868\"] Consult the Cisco bug ID for details Cisco Wide Area Application Services (WAAS) CSCvj59144 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59144\"] Update to v6.x (Available) Cisco vBond Orchestrator \u2014 18.2 (Available) Cisco vEdge 5000 \u2014 18.2 (Available) Cisco vEdge Cloud \u2014 18.2 (Available) Cisco vManage NMS \u2014\r\n Cisco vSmart Controller \u2014 18.2 (Available) Network Management and Provisioning Cisco Network Functions Virtualization Infrastructure Software CSCvj59161 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59161\"] Consult the Cisco bug ID for details Routing and Switching - Enterprise and Service Provider Cisco 4000 Series Integrated Services Routers (IOS XE Open Service Containers) CSCvj59152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152\"] Consult the Cisco bug ID for details Cisco 800 Series Industrial Integrated Services Routers CSCvj59153 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59153\"] Consult the Cisco bug ID for details Cisco ASR 1000 Series Aggregation Services Router with RP2 or RP3 (IOS XE Open Service Containers) CSCvj59152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152\"] Consult the Cisco bug ID for details Cisco ASR 1001-HX Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152\"] Consult the Cisco bug ID for details Cisco ASR 1001-X Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152\"] Consult the Cisco bug ID for details Cisco ASR 1002-HX Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152\"] Consult the Cisco bug ID for details Cisco ASR 1002-X Series Aggregation Services Routers (IOS XE Open Service Containers) CSCvj59152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152\"] Consult the Cisco bug ID for details Cisco ASR 9000 XR 64-bit Series Routers CSCvj59142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142\"] Consult the Cisco bug ID for details Cisco Application Policy Infrastructure Controller (APIC) CSCvj59131 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59131\"] Consult the Cisco bug ID for details Cisco CGR 1000 Compute Module (IOx feature) CSCvj59160 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59160\"] Consult the Cisco bug ID for details Cisco Catalyst 9300 Series Switches - IOx feature CSCvj59156 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59156\"] Consult the Cisco bug ID for details Cisco Catalyst 9400 Series Switches - IOx feature CSCvj59157 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59157\"] Consult the Cisco bug ID for details Cisco Catalyst 9500 Series Switches - IOx feature CSCvj59158 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59158\"] Consult the Cisco bug ID for details Cisco Cloud Services Router 1000V Series (IOS XE Open Service Containers) CSCvj59152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152\"] Consult the Cisco bug ID for details Cisco NCS 1000 Series Routers CSCvj59142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142\"] Consult the Cisco bug ID for details Cisco NCS 5000 Series Routers CSCvj59142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142\"] Consult the Cisco bug ID for details Cisco NCS 5500 Series Routers CSCvj59142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142\"] Consult the Cisco bug ID for details Cisco Nexus 3000 Series Switches CSCvj59136 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59136\"] Consult the Cisco bug ID for details Cisco Nexus 5000 Series Switches (OAC feature) CSCvj59138 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59138\"] Consult the Cisco bug ID for details Cisco Nexus 6000 Series Switches (OAC feature) CSCvj59135 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59135\"] Consult the Cisco bug ID for details Cisco Nexus 7000 Series Switches (OAC feature, Feature Bash) CSCvj59135 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59135\"] Consult the Cisco bug ID for details Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode CSCvj59136 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59136\"] Consult the Cisco bug ID for details Cisco Virtual Application Policy Infrastructure Controller (APIC) CSCvj59131 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59131\"] Consult the Cisco bug ID for details Cisco XRv 9000 Series Routers CSCvj59142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142\"] Consult the Cisco bug ID for details Unified Computing Cisco C880 M4 Server CSCvj59127 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59127\"] Consult the Cisco bug ID for details Cisco C880 M5 Server CSCvj59127 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59127\"] Consult the Cisco bug ID for details Cisco Enterprise Network Compute System 5100 Series Servers CSCvj59121 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121\"] Consult the Cisco bug ID for details Cisco Enterprise Network Compute System 5400 Series Servers CSCvj59121 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121\"] Consult the Cisco bug ID for details Cisco HyperFlex with VMWare Hypervisor CSCvj59134 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59134\"] Consult the Cisco bug ID for details Cisco UCS B-Series M2 Blade Servers - Managed CSCvj59301 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59301\"] Cisco UCS B-Series M2 Blade Servers - Managed\r\nUCS Manager 2.2(8l) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 3.2(3g) - (Available)\r\nCisco UCS C-Series M2 Rack Servers - Managed\r\nUCS Manager 2.2(8l) - (Available)\r\n Cisco UCS B-Series M3 Blade Servers CSCvj54880 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54880\"] UCS Manager 2.2(8l) (Available)\r\nUCS Manager 3.1(3j) (Available)\r\nUCS Manager 3.2(3g) (Available)\r\n Cisco UCS B-Series M4 Blade Servers (except B260, B460) CSCvj54187 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187\"] UCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\nCisco UCS C-Series M4 Rack Servers - Managed (except C460) - UCS Manager 3.2(3e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - Managed - UCS Manager 3.2(3e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - Standalone - Cisco IMC 3.0(4e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - UCS Manager 3.1(3j) - (Available) Cisco UCS B-Series M5 Blade Servers CSCvj59266 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59266\"] Cisco UCS B-Series M5 Blade Servers\r\nUCS Manager 3.2(3g) - (Available)\r\nCisco UCS C-Series M5 Rack Servers -Standalone\r\nCisco IMC 3.1(2i) - (Available) Cisco UCS B260 M4 Blade Server CSCvj54847 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847\"] Cisco UCS B260 M4 Blade Server\r\nUCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\nCisco UCS B460 M4 Blade Server\r\nUCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) \u2013 Available\r\nUCS Manager 2.2(8l) - Available\r\nCisco UCS C460 M4 Rack Server - Managed\r\nUCS Manager 3.2(3e) \u2013 (Available)\r\nUCS Manager 3.1(3j) \u2013 (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\n Cisco UCS B460 M4 Blade Server CSCvj54847 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847\"] Cisco UCS B260 M4 Blade Server\r\nUCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\nCisco UCS B460 M4 Blade Server\r\nUCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) \u2013 Available\r\nUCS Manager 2.2(8l) - Available\r\nCisco UCS C460 M4 Rack Server - Managed\r\nUCS Manager 3.2(3e) \u2013 (Available)\r\nUCS Manager 3.1(3j) \u2013 (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\n Cisco UCS C-Series M2 Rack Servers - Managed CSCvj59301 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59301\"] Cisco UCS B-Series M2 Blade Servers - Managed\r\nUCS Manager 2.2(8l) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 3.2(3g) - (Available)\r\nCisco UCS C-Series M2 Rack Servers - Managed\r\nUCS Manager 2.2(8l) - (Available)\r\n Cisco UCS C-Series M2 Rack Servers - Standalone CSCvj59309 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59309\"] Cisco IMC 1.4(3z09) - (Available) Cisco UCS C-Series M2 Rack Servers [EX processor family servers] - Standalone CSCvj59304 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59304\"] Cisco IMC 1.5(9f) - (Available) Cisco UCS C-Series M3 Rack Servers CSCvj59312 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59312\"] UCS Manager 3.2(3g) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\nCisco IMC 3.0(4i) - (Available)\r\nCisco IMC 2.0(9o) - (Available)\r\n Cisco UCS C-Series M4 Rack Servers (except C460) - Standalone 1 CSCvj59318 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59318\"] Cisco IMC 3.0(4e) - (Available)\r\nCisco IMC 2.0(10k) - (Available) Cisco UCS C-Series M4 Rack Servers (except C460) -Managed 1 CSCvj54187 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187\"] UCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\nCisco UCS C-Series M4 Rack Servers - Managed (except C460) - UCS Manager 3.2(3e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - Managed - UCS Manager 3.2(3e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - Standalone - Cisco IMC 3.0(4e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - UCS Manager 3.1(3j) - (Available) Cisco UCS C-Series M5 Rack Servers - Managed 1 CSCvj59331 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59331\"] UCS Manager 3.2(3g) - (Available) Cisco UCS C-Series M5 Rack Servers -Standalone 1 CSCvj59266 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59266\"] Cisco UCS B-Series M5 Blade Servers\r\nUCS Manager 3.2(3g) - (Available)\r\nCisco UCS C-Series M5 Rack Servers -Standalone\r\nCisco IMC 3.1(2i) - (Available) Cisco UCS C460 M4 Rack Server - Managed CSCvj54847 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847\"] Cisco UCS B260 M4 Blade Server\r\nUCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\nCisco UCS B460 M4 Blade Server\r\nUCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) \u2013 Available\r\nUCS Manager 2.2(8l) - Available\r\nCisco UCS C460 M4 Rack Server - Managed\r\nUCS Manager 3.2(3e) \u2013 (Available)\r\nUCS Manager 3.1(3j) \u2013 (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\n Cisco UCS C460 M4 Rack Server - Standalone CSCvj59326 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59326\"] Cisco IMC 3.0(4e) - (Available)\r\nCisco IMC 2.0(12h) - (Available) Cisco UCS E-Series M2 Servers CSCvj59121 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121\"] Consult the Cisco bug ID for details Cisco UCS E-Series M3 Servers CSCvj59121 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121\"] Consult the Cisco bug ID for details Cisco UCS S3260 M4 Storage Server CSCvj54187 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187\"] UCS Manager 3.2(3e) - (Available)\r\nUCS Manager 3.1(3j) - (Available)\r\nUCS Manager 2.2(8l) - (Available)\r\nCisco UCS C-Series M4 Rack Servers - Managed (except C460) - UCS Manager 3.2(3e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - Managed - UCS Manager 3.2(3e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - Standalone - Cisco IMC 3.0(4e) - (Available)\r\nCisco UCS S3260 M4 Storage Server - UCS Manager 3.1(3j) - (Available) Cisco Virtual Infrastructure Manager CSCvj75271 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj75271\"] 2.4.1\r\n2.2.24\r\n(Available) Voice and Unified Communications Devices Cisco Remote Expert Mobile CSCvj59167 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59167\"] Consult the Cisco bug ID for details Cisco Cloud Hosted Services Cisco Metacloud CSCvj59149 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59149\"] Consult the Cisco bug ID for details Cisco Threat Grid \u2014\r\n\r\n\r\n1 Cisco UCS M4 and M5 Rack Servers are used as part of the Cisco HyperFlex Solution.",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "The following Cisco products are considered not vulnerable to Spectre Variant 3a or Spectre Variant 4. Specific models in these product families may be affected and will be explicitly listed in the preceding \u201cVulnerable Products\u201d section.\r\n Routers\r\nBranch Routers\r\n\r\nCisco 4000 Series Integrated Services Routers\r\n Cisco 1900 Series Integrated Services Routers\r\n Cisco 1800 Series Integrated Services Routers\r\n Cisco 1000 Series Integrated Services Routers\r\n Cisco 800 Series Routers\r\n\r\nData Center Interconnect Platforms\r\n\r\nCisco ASR 1000 Series Aggregation Services Routers\r\n Cisco Carrier Routing System\r\n Cisco Catalyst 6500 Series Switches\r\n\r\nIndustrial Routers\r\n\r\nCisco 2000 Series Connected Grid Routers\r\n Cisco 1000 Series Connected Grid Routers\r\n Cisco 900 Series Industrial Routers\r\n Cisco 800 Series Industrial Integrated Services Routers\r\n Cisco 500 Series WPAN Industrial Routers\r\n Cisco Wireless Gateway for LoRaWAN\r\n\r\nCloud Networking Services\r\n\r\nCisco Cloud Services Router 1000V Series\r\n\r\nMobile Internet Routers\r\n\r\nCisco 5900 Series Embedded Services Routers\r\nCisco MWR 2900 Series Mobile Wireless Routers\r\n\r\nService Provider Core Routers\r\n\r\nCisco Carrier Routing System\r\n Cisco Network Convergence System 6000 Series Routers\r\n\r\nService Provider Edge Routers\r\n\r\nCisco 12000 Series Routers\r\n Cisco ASR 1000 Series Aggregation Services Routers\r\n Cisco ASR 920 Series Aggregation Services Router\r\n Cisco ASR 901 Series Aggregation Services Routers\r\n Cisco ASR 900 Series Aggregation Services Routers\r\n Cisco XR 12000 Series Router\r\n Cisco Network Convergence System 500 Series Routers\r\n\r\nSmall Business Routers\r\n\r\nCisco 1900 Series Integrated Services Routers\r\n Cisco 800 Series Routers\r\n Cisco Small Business RV Series Routers\r\n\r\nVirtual Routers\r\n\r\nCisco Cloud Services Router 1000V Series\r\n Cisco WAN Aggregation and Internet Edge Routers\r\n Cisco ASR 1000 Series Aggregation Services Routers\r\n Cisco Catalyst 6500 Series Switches\r\n\r\nWAN Optimization\r\n\r\nCisco Virtual Wide Area Application Services (vWAAS)\r\nCisco Wide Area Application Services (WAAS) Express\r\nCisco Wide Area Application Services (WAAS) Software\r\n Switches\r\nBlade Switches\r\n\r\nCisco Blade Switches for Dell\r\n Cisco Blade Switches for FSC\r\n Cisco Blade Switches for HP\r\n Cisco Nexus 4000 Series Switches\r\n Cisco Switch Modules for IBM\r\n Cisco SFS Solutions for Blade Switches\r\n Cisco SFS Solution for Dell\r\n\r\nCampus LAN Switches - Access\r\n\r\n Cisco Catalyst 9400 Series Switches\r\n Cisco Catalyst 9300 Series Switches\r\n Cisco Catalyst 4500 Series Switches\r\n Cisco Catalyst 3850 Series Switches\r\n Cisco Catalyst 3750 Series Switches\r\n Cisco Catalyst 3650 Series Switches\r\n Cisco Catalyst 2960-L Series Switches\r\n Cisco Catalyst 2960-Plus Series Switches\r\n Cisco Catalyst 2960-X Series Switches\r\n Cisco Edge Series\r\n Cisco Meraki Cloud Managed Switches\r\n Cisco Redundant Power Systems\r\n\r\nCampus LAN Switches - Core and Distribution\r\n\r\n Cisco Catalyst 9500 Series Switches\r\nCisco Catalyst 6800 Series Switches\r\nCisco Catalyst 6500 Series Switches\r\nCisco Catalyst 6500 Virtual Switching System 1440\r\nCisco Catalyst 4900 Series Switches\r\nCisco Catalyst 4500 Series Switches\r\nCisco Catalyst 4500-X Series Switches\r\nCisco Catalyst 3850 Series Switches\r\nCisco Nexus 7000 Series Switches\r\n\r\n Campus LAN Switches - Digital Building\r\n\r\n Cisco Catalyst 3560-CX Series Switches\r\n Cisco Catalyst 2960-C Series Switches\r\n Cisco Catalyst 2960-CX Series Switches\r\n Cisco Catalyst 2960-L Series Switches\r\n Cisco Catalyst Digital Building Series Switches\r\n\r\nData Center Switches\r\n\r\n Cisco Nexus 2000 Series Fabric Extenders\r\n Cisco R Series Racks\r\n Cisco RP Series Power Distribution Units\r\n Cisco Data Center Network Management\r\n Cisco Data Center Network Manager\r\n Cisco Fabric Manager\r\n Cisco Data Center Switches with Cisco IOS Software\r\n Cisco Catalyst 6500 Series Switches\r\n Cisco Catalyst 4900 Series Switches\r\n Cisco Energy and Asset Management\r\n Cisco Asset Management Suite\r\n Cisco Energy Management Suite\r\n\r\nIndustrial Ethernet Switches\r\n\r\n Cisco 2500 Series Connected Grid Switches\r\n Cisco Embedded Service 2020 Series Switches\r\n Cisco Industrial Ethernet 5000 Series Switches\r\n Cisco Industrial Ethernet 4010 Series Switches\r\n Cisco Industrial Ethernet 4000 Series Switches\r\n Cisco Industrial Ethernet 3010 Series Switches\r\n Cisco Industrial Ethernet 3000 Series Switches\r\n Cisco Industrial Ethernet 2000 Series Switches\r\n Cisco Industrial Ethernet 2000U Series Switches\r\n Cisco Industrial Ethernet 1000 Series Switches\r\n\r\nInfiniBand Switches\r\n\r\n Cisco SFS 7000 Series InfiniBand Server Switches\r\n Cisco SFS 3500 Series Multifabric Server Switches\r\n Cisco SFS 3000 Series Multifabric Server Switches\r\n\r\n LAN Switches - Small Business\r\n\r\n Cisco 550X Series Stackable Managed Switches\r\n Cisco 350 Series Managed Switches\r\n Cisco 350X Series Stackable Managed Switches\r\n Cisco 250 Series Smart Switches\r\n Cisco 220 Series Smart Switches\r\n Cisco ESW2 Series Advanced Switches\r\n Cisco Small Business 300 Series Managed Switches\r\n Cisco Small Business 200 Series Smart Switches\r\n Cisco Small Business 110 Series Unmanaged Switches\r\n Cisco Small Business Smart Switches\r\n Cisco Small Business Stackable Managed Switches\r\n Cisco Small Business Unmanaged Switches\r\n\r\nService Provider Switches - Aggregation\r\n\r\n Cisco Catalyst 6500 Series Switches\r\n Cisco Catalyst 4500 Series Switches\r\n Cisco ME 4900 Series Ethernet Switches\r\n Cisco ME 3800X Series Carrier Ethernet Switch Routers\r\n\r\nService Provider Switches - Ethernet Access\r\n\r\n Cisco Catalyst 3750 Metro Series Switches\r\n Cisco ME 3600X Series Ethernet Access Switches\r\n Cisco ME 3400 Series Ethernet Access Switches\r\n Cisco ME 3400E Series Ethernet Access Switches\r\n Cisco ME 1200 Series Carrier Ethernet Access Devices\r\n Cisco Small Business Gigabit SP Switches\r\n\r\nVirtual Networking\r\n\r\n Cisco Application Centric Infrastructure Virtual Edge\r\n Cisco Application Virtual Switch\r\n Cisco Cloud Services Platform 2100\r\n Cisco Nexus 1000V InterCloud\r\n Cisco Nexus 1000V Switch for KVM\r\n Cisco Nexus 1000V Switch for Microsoft Hyper-V\r\n Cisco Nexus 1000V Switch for VMware vSphere\r\n\r\nCloud Networking Services\r\n\r\nCisco Prime Virtual Network Analysis Module (vNAM)\r\n Cisco Virtual Security Gateway\r\n Cisco Virtual Wide Area Application Services (vWAAS)\r\n\r\nWAN Switches\r\n\r\n Cisco IGX 8400 Series Switches\r\n\r\nMGX Switches\r\n\r\n Cisco MGX 8900 Series Switches\r\nCisco MGX 8850 Software\r\nCisco MGX 8800 Series Switches\r\nCisco MGX 8250 Software\r\nCisco MGX 8200 Series Edge Concentrators\r\n Wireless\r\nIndoor Access Points\r\n\r\nCisco Aironet 1815 Series Access Points\r\n Cisco Aironet 2800 Series Access Points\r\n Cisco Aironet 3800 Series Access Points\r\n Cisco Aironet 4800 Access Point\r\n\r\nOutdoor and Industrial Access Points\r\n\r\nCisco Aironet 1540 Series Access Points\r\n Cisco Aironet 1560 Series Access Points\r\n Cisco Aironet 1570 Series Access Points\r\n\r\nWireless LAN Controllers\r\n\r\nCisco 3504 Wireless LAN Controller\r\nCisco 5520 Wireless LAN Controller\r\nCisco 8540 Wireless LAN Controller\r\nCisco Virtual Wireless Controller\r\nCisco Meraki Cloud Managed Access Points\r\n Security\r\nCisco Cloud-Hosted Products\r\n\r\nCisco AMP family of products and endpoint protection clients\r\nCisco Cloud Security\r\nCisco Cloudlock\r\nCisco Umbrella\r\n\r\nEmail Security\r\n\r\nCisco Content Security Management Appliance\r\nCisco Email Security\r\nCisco Email Encryption\r\nCisco Email Encryption\r\nCisco Registered Envelope Service\r\n\r\nFirewalls\r\n\r\nCisco 3000 Series Industrial Security Appliances (ISA)\r\nCisco Meraki Cloud Managed Security Appliances\r\nCisco Adaptive Security Appliances (ASA)\r\nCisco Adaptive Security Virtual Appliance (ASAv)\r\n\r\nFirewall Management\r\n\r\nCisco Adaptive Security Device Manager\r\n Cisco Firepower Device Manager\r\n Cisco Firepower Management Center\r\n Cisco Security Manager\r\n Next-Generation Firewalls (NGFW)\r\nCisco ASA 5500-X with FirePOWER Services\r\n Cisco Firepower 9000 Series\r\n Cisco Firepower 4100 Series\r\n Cisco Firepower 2100 Series\r\n\r\nNetwork Security\r\n\r\nCisco VPN Internal Service Module for ISR G2\r\n\r\nNetwork Visibility and Segmentation\r\n\r\nCisco ISE Passive Identity Connector\r\n Cisco Identity Services Engine (ISE)\r\n Cisco Security Packet Analyzer\r\n Cisco Stealthwatch Cloud\r\n Cisco Stealthwatch Enterprise\r\n\r\nNext-Generation Intrusion Prevention System (NGIPS)\r\n\r\nCisco FirePOWER 8000 Series Appliances\r\n Cisco FirePOWER 7000 Series Appliances\r\n\r\nSecurity Management\r\n\r\nCisco Firepower Management Center\r\nCisco Adaptive Security Device Manager\r\nCisco Content Security Management Appliance\r\nCisco Defense Orchestrator\r\n Unified Communications\r\nCisco Spark\r\nCisco Unified Communications Manager\r\nCisco Business Edition 6000 - 100x80\r\nCisco Business Edition 6000\r\nCisco Jabber - 100x80\r\nCisco Jabber\r\nCisco Expressway\r\n Customer Care\r\nCisco Unified Contact Center Express\r\nCisco Unified Contact Center Enterprise\r\nCisco Finesse\r\nCisco MediaSense\r\n Conferencing\r\nCisco Meeting Server\r\nCisco WebEx Meeting Center\r\n Cisco WebEx Meetings Server\r\n Cisco TelePresence Management Suite\r\n Cisco TelePresence Server\r\n Cisco TelePresence Conductor\r\n Collaboration Endpoints\r\nCisco 8800 Series IP Phones\r\nCisco 7800 Series IP Phones\r\nCisco 6900 Series IP Phones\r\nCisco 3900 Series SIP Phones\r\nCisco Desktop Collaboration Experience - DX600 Series\r\nCisco DX Series\r\nCisco TelePresence SX10 Quick Set\r\nCisco TelePresence MX Series - 100x80\r\nCisco TelePresence MX Series\r\nCisco TelePresence IX5000 Series\r\n Cisco Unified Computing Management Platforms\r\nCisco Intersight\r\nCisco UCS Manager\r\nCisco UCS Central\r\nCisco UCS Director\r\nCisco UCS Performance Manager\r\n IP Video\r\nCisco Access Edge\r\nCisco Cable Modem Termination Systems (CMTSs)\r\nCisco RF Switches\r\nCisco cBR Series Converged Broadband Routers\r\nCisco uBR10000 Series Universal Broadband Routers\r\nCisco uBR7225VXR Universal Broadband Routers\r\nCisco uBR7200 Series Universal Broadband Routers\r\n\r\nNo other Cisco IP Video products are known to be affected.\r\n Internet of Things (IoT)\r\nCisco Jasper Control Center\r\nCisco IoT Management\r\nCisco Application Enablement\r\nCisco IoT Security\r\nCisco Kinetic\r\nCisco Extended Enterprise\r\nProducts Considered Not Vulnerable After Investigation\r\nCisco has investigated the following products, and they are not considered to be affected by the vulnerabilities that are described in this advisory:\r\n Network Application, Service, and Acceleration\r\n\r\nCisco 500 Series WPAN Industrial Routers (IOx feature)\r\nCisco DNA Center\r\nNetwork and Content Security Devices\r\n\r\nCisco Umbrella Virtual Appliance\r\nNetwork Management and Provisioning\r\n\r\nCisco Evolved Programmable Network Manager\r\nCisco Meeting Server\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nCisco 1000 Series Connected Grid Routers\r\nCisco Catalyst 3650 Series Switches - IOx feature\r\nCisco Industrial Ethernet 4000 Series Switches (IOx feature)\r\nCisco Nexus 4000 Series Blade Switches\r\nCisco Nexus 9000 Series Fabric Switches - ACI mode\r\nCisco c800 Series Integrated Services Routers\r\nWireless\r\n\r\nCisco Wireless Gateway for LoRaWAN\r\nCisco Cloud Hosted Services\r\n\r\nCisco Cloudlock\r\nCisco Hosted Collaboration Solution (HCS) for Government\r\nCisco Spark\r\nCisco Umbrella\r\nCisco WebEx Centers - Meeting Center, Training Center, Event Center, Support Center",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "Modern CPU Speculative Store Bypass Information Disclosure Vulnerability\r\n\r\nA vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.\r\n\r\nThe vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can be triggered by causing the CPU to attempt to perform a speculative memory read before currently queued memory writes are completed. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on the cache of the targeted system. A successful exploit could allow the attacker to read sensitive memory information.\r\n\r\n This vulnerability has been assigned the following CVE ID: CVE-2018-3639\r\n\r\n Modern CPU Rogue System Register Read Information Disclosure Vulnerability\r\n\r\nA vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.\r\n\r\nThe vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by causing an affected platform to perform speculative reads of system registers. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on the cache of the targeted system. A successful exploit could allow the attacker to read sensitive memory information.\r\n\r\nThis vulnerability has been assigned the following CVE ID: CVE-2018-3640",
"title": "Details"
},
{
"category": "general",
"text": "There are no workarounds that address these vulnerabilities.",
"title": "Workarounds"
},
{
"category": "general",
"text": "For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "CVE ID CVE-2018-3639 was reported to Intel by Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC).\r\n\r\nCVE ID CVE-2018-3640 was reported to Intel by Zdenek Sojka, Rudolf Marek, and Alex Zuepke from SYSGO AG.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
"issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "CSCvj63868",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj63868"
},
{
"category": "external",
"summary": "CSCvj59144",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59144"
},
{
"category": "external",
"summary": "CSCvj59161",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59161"
},
{
"category": "external",
"summary": "CSCvj59152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"
},
{
"category": "external",
"summary": "CSCvj59153",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59153"
},
{
"category": "external",
"summary": "CSCvj59152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"
},
{
"category": "external",
"summary": "CSCvj59152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"
},
{
"category": "external",
"summary": "CSCvj59152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"
},
{
"category": "external",
"summary": "CSCvj59152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"
},
{
"category": "external",
"summary": "CSCvj59152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"
},
{
"category": "external",
"summary": "CSCvj59142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"
},
{
"category": "external",
"summary": "CSCvj59131",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59131"
},
{
"category": "external",
"summary": "CSCvj59160",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59160"
},
{
"category": "external",
"summary": "CSCvj59156",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59156"
},
{
"category": "external",
"summary": "CSCvj59157",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59157"
},
{
"category": "external",
"summary": "CSCvj59158",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59158"
},
{
"category": "external",
"summary": "CSCvj59152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59152"
},
{
"category": "external",
"summary": "CSCvj59142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"
},
{
"category": "external",
"summary": "CSCvj59142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"
},
{
"category": "external",
"summary": "CSCvj59142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"
},
{
"category": "external",
"summary": "CSCvj59136",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59136"
},
{
"category": "external",
"summary": "CSCvj59138",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59138"
},
{
"category": "external",
"summary": "CSCvj59135",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59135"
},
{
"category": "external",
"summary": "CSCvj59135",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59135"
},
{
"category": "external",
"summary": "CSCvj59136",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59136"
},
{
"category": "external",
"summary": "CSCvj59131",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59131"
},
{
"category": "external",
"summary": "CSCvj59142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59142"
},
{
"category": "external",
"summary": "CSCvj59127",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59127"
},
{
"category": "external",
"summary": "CSCvj59127",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59127"
},
{
"category": "external",
"summary": "CSCvj59121",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"
},
{
"category": "external",
"summary": "CSCvj59121",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"
},
{
"category": "external",
"summary": "CSCvj59134",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59134"
},
{
"category": "external",
"summary": "CSCvj59301",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59301"
},
{
"category": "external",
"summary": "CSCvj54880",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54880"
},
{
"category": "external",
"summary": "CSCvj54187",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187"
},
{
"category": "external",
"summary": "CSCvj59266",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59266"
},
{
"category": "external",
"summary": "CSCvj54847",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847"
},
{
"category": "external",
"summary": "CSCvj54847",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847"
},
{
"category": "external",
"summary": "CSCvj59301",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59301"
},
{
"category": "external",
"summary": "CSCvj59309",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59309"
},
{
"category": "external",
"summary": "CSCvj59304",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59304"
},
{
"category": "external",
"summary": "CSCvj59312",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59312"
},
{
"category": "external",
"summary": "CSCvj59318",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59318"
},
{
"category": "external",
"summary": "CSCvj54187",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187"
},
{
"category": "external",
"summary": "CSCvj59331",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59331"
},
{
"category": "external",
"summary": "CSCvj59266",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59266"
},
{
"category": "external",
"summary": "CSCvj54847",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54847"
},
{
"category": "external",
"summary": "CSCvj59326",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59326"
},
{
"category": "external",
"summary": "CSCvj59121",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"
},
{
"category": "external",
"summary": "CSCvj59121",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59121"
},
{
"category": "external",
"summary": "CSCvj54187",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj54187"
},
{
"category": "external",
"summary": "CSCvj75271",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj75271"
},
{
"category": "external",
"summary": "CSCvj59167",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59167"
},
{
"category": "external",
"summary": "CSCvj59149",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59149"
},
{
"category": "external",
"summary": "Cisco Security Advisories and Alerts page",
"url": "https://www.cisco.com/go/psirt"
},
{
"category": "external",
"summary": "Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
}
],
"title": "CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tracking": {
"current_release_date": "2018-08-31T20:24:00+00:00",
"generator": {
"date": "2022-09-03T03:33:52+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-20180521-cpusidechannel",
"initial_release_date": "2018-05-22T01:00:00+00:00",
"revision_history": [
{
"date": "2018-05-22T01:12:23+00:00",
"number": "1.0.0",
"summary": "Initial public release."
},
{
"date": "2018-05-22T20:56:18+00:00",
"number": "1.1.0",
"summary": "In the Affected Products section, multiple products were moved from Under Investigation to Vulnerable or Confirmed Not Vulnerable"
},
{
"date": "2018-05-23T21:39:25+00:00",
"number": "1.2.0",
"summary": "In the Affected Products section, multiple products were moved from Under Investigation to Vulnerable."
},
{
"date": "2018-05-24T20:27:18+00:00",
"number": "1.3.0",
"summary": "In the Affected Products section, moved Cisco Evolved Programmable Network Manager from Under Investigation to Products Confirmed Not Vulnerable."
},
{
"date": "2018-05-29T18:25:51+00:00",
"number": "1.4.0",
"summary": "In the Affected Products section, multiple products were moved from Under Investigation to Vulnerable."
},
{
"date": "2018-05-31T20:44:16+00:00",
"number": "1.5.0",
"summary": "In the Affected Products section, multiple products were moved from Under Investigation to Vulnerable. Cisco DNA Center was added to Under Investigation."
},
{
"date": "2018-06-01T19:16:23+00:00",
"number": "1.6.0",
"summary": "In the Affected Products section, moved Cisco 880 M2 and M3 Servers to the Vulnerable Products section. Fix status information has been updated for multiple products."
},
{
"date": "2018-06-05T18:00:38+00:00",
"number": "1.7.0",
"summary": "Updated information about the status of fixes for multiple products listed in the Affected Products table."
},
{
"date": "2018-06-08T19:09:39+00:00",
"number": "1.8.0",
"summary": "Updated information about the status of fixes for multiple products listed in the Affected Products table."
},
{
"date": "2018-06-13T18:34:15+00:00",
"number": "1.9.0",
"summary": "Updated Products Under Investigation, Vulnerable Products, and Confirmed Not Vulnerable."
},
{
"date": "2018-06-22T18:20:49+00:00",
"number": "1.10.0",
"summary": "Updated Products Under Investigation, Vulnerable Products, and Confirmed Not Vulnerable."
},
{
"date": "2018-06-27T20:33:38+00:00",
"number": "1.11.0",
"summary": "Updated information about the status of fixes for multiple products listed in the Vulnerable Products table."
},
{
"date": "2018-07-06T21:09:53+00:00",
"number": "1.12.0",
"summary": "Updated Products Under Investigation, Vulnerable Products, and Confirmed Not Vulnerable."
},
{
"date": "2018-07-26T19:24:48+00:00",
"number": "1.13.0",
"summary": "Updated Products Under Investigation, Vulnerable Products, and Confirmed Not Vulnerable."
},
{
"date": "2018-08-07T20:21:32+00:00",
"number": "1.14.0",
"summary": "Updated information about the status of fixes for multiple products listed in the Vulnerable Products table. Removed references to ongoing investigation."
},
{
"date": "2018-08-31T20:24:48+00:00",
"number": "1.15.0",
"summary": "Updated fixed software information for UCS M2 Rack Servers; added Cisco Hosted Collaboration Solution for Government to the Confirmed Not Vulnerable section"
}
],
"status": "interim",
"version": "1.15.0"
}
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"notes": [
{
"category": "general",
"text": "No additional information for this vulneraiblity is currently avaialbe.",
"title": "No Notes"
}
],
"release_date": "2018-05-22T01:00:00+00:00",
"remediations": [
{
"category": "none_available",
"details": "No remediation is available at this time."
}
],
"title": "Modern CPU Speculative Store Bypass Information Disclosure Vulnerability"
},
{
"cve": "CVE-2018-3640",
"notes": [
{
"category": "general",
"text": "No additional information for this vulneraiblity is currently avaialbe.",
"title": "No Notes"
}
],
"release_date": "2018-05-22T01:00:00+00:00",
"remediations": [
{
"category": "none_available",
"details": "No remediation is available at this time."
}
],
"title": "Modern CPU Rogue System Register Read Information Disclosure Vulnerability"
}
]
}
WID-SEC-W-2023-2072
Vulnerability from csaf_certbund
Published
2018-05-21 22:00
Modified
2024-09-02 22:00
Summary
Prozessoren verschiedener Hersteller: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Prozessor ist das zentrale Rechenwerk eines Computers.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Prozessoren unterschiedlicher Hersteller ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- CISCO Appliance
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Prozessoren unterschiedlicher Hersteller ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2072 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-2072.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2072 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2072"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-00115 vom 2018-05-21",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"category": "external",
"summary": "VmWare Security Advisory VMSA-2018-0012",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0012.html"
},
{
"category": "external",
"summary": "Microsoft Advisory ADV180012",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-20180521-cpusidechannel",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "AMD Security Advisory",
"url": "https://www.amd.com/en/corporate/security-updates"
},
{
"category": "external",
"summary": "Microsoft Advisory ADV180013",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180013"
},
{
"category": "external",
"summary": "RedHat CVE Database",
"url": "https://access.redhat.com/security/cve/cve-2018-3639"
},
{
"category": "external",
"summary": "RedHat CVE Database",
"url": "https://access.redhat.com/security/cve/cve-2018-3640"
},
{
"category": "external",
"summary": "Citrix Security Advisory CTX235225 vom 2018-05-22",
"url": "https://support.citrix.com/article/CTX235225"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4114 vom 2018-05-23",
"url": "http://linux.oracle.com/errata/ELSA-2018-4114.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1635 vom 2018-05-22",
"url": "http://rhn.redhat.com/errata/RHSA-2018-1635.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1636 vom 2018-05-22",
"url": "http://rhn.redhat.com/errata/RHSA-2018-1636.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1377-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181377-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1366-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181366-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1376-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181376-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1378-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181378-1.html"
},
{
"category": "external",
"summary": "Oraclevm-errata OVMSA-2018-0223 vom 2018-05-23",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000858.html"
},
{
"category": "external",
"summary": "Update des Cisco Security Advisory cisco-sa-20180521-cpusidechannel vom 2018-05-23",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4210 vom 2018-05-25",
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1826 vom 2018-06-12",
"url": "http://rhn.redhat.com/errata/RHSA-2018-1826.html"
},
{
"category": "external",
"summary": "libvirt Security Notice LSN-2018-0005 vom 2018-06-13",
"url": "http://security.libvirt.org/2018/0005.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1816-1 vom 2018-06-26",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181816-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1965 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1967 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1997 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2001 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2003 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2060 vom 2018-06-27",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2060.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-2162 vom 2018-07-11",
"url": "http://linux.oracle.com/errata/ELSA-2018-2162.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-2164 vom 2018-07-11",
"url": "http://linux.oracle.com/errata/ELSA-2018-2164.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2162 vom 2018-07-11",
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2161 vom 2018-07-11",
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2164 vom 2018-07-11",
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2172 vom 2018-07-11",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2172.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1935-1 vom 2018-07-13",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181935-1.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2018:2162 vom 2018-07-13",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2018-2162-Important-CentOS-6-qemu-kvm-Security-Update-tp4645175.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2216 vom 2018-07-17",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2216.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2228 vom 2018-07-20",
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2246 vom 2018-07-24",
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2250 vom 2018-07-24",
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2258 vom 2018-07-25",
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2076-1 vom 2018-07-27",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182076-1.html"
},
{
"category": "external",
"summary": "Update des Cisco Security Advisory cisco-sa-20180521-cpusidechannel vom 2018-07-26",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2082-1 vom 2018-07-28",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182082-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2092-1 vom 2018-07-28",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182092-1.html"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-22133 vom 2018-07-27",
"url": "https://support.lenovo.com/de/de/solutions/len-22133"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2289 vom 2018-07-30",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2289.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2289 vom 2018-07-31",
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2309 vom 2018-08-06",
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2328 vom 2018-08-06",
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2364 vom 2018-08-07",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2364.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2363 vom 2018-08-07",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2363.html"
},
{
"category": "external",
"summary": "Microsoft Security Advisory ADV180013",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"category": "external",
"summary": "Microsoft Security Advisory ADV180012",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180012"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2304-1 vom 2018-08-12",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182304-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2384 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2387 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2388 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2388"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2389 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2389"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2395 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2390 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2391 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2391"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2392 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2392"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2393 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2393"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2394 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2396 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2331-1 vom 2018-08-15",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182331-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4198 vom 2018-08-16",
"url": "http://linux.oracle.com/errata/ELSA-2018-4198.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2338-1 vom 2018-08-16",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182338-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2335-1 vom 2018-08-16",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182335-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2340-1 vom 2018-08-16",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182340-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4273 vom 2018-08-17",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3756-1 vom 2018-08-28",
"url": "http://www.ubuntu.com/usn/usn-3756-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2556-1 vom 2018-08-30",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182556-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2565-1 vom 2018-08-31",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182565-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2615-1 vom 2018-09-05",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182615-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2650-1 vom 2018-09-07",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182650-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4235 vom 2018-10-02",
"url": "http://linux.oracle.com/errata/ELSA-2018-4235.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:3407 vom 2018-10-31",
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4285 vom 2018-11-21",
"url": "http://linux.oracle.com/errata/ELSA-2018-4285.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0049-1 vom 2019-01-10",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190049-1/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4531 vom 2019-02-07",
"url": "http://linux.oracle.com/errata/ELSA-2019-4531.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4585 vom 2019-03-15",
"url": "http://linux.oracle.com/errata/ELSA-2019-4585.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:1046 vom 2019-05-08",
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1211-1 vom 2019-05-11",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191211-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4469 vom 2019-06-23",
"url": "https://www.debian.org/security/2019/dsa-4469"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4702 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4702.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4732 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4732.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-0202 vom 2020-04-24",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-January/009541.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-0196 vom 2020-04-24",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-January/009537.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-0157 vom 2020-04-24",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-January/009534.html"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11023 vom 2020-07-08",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023"
},
{
"category": "external",
"summary": "Huawei Security Advisory HUAWEI-SA-20180615-01-CPU vom 2020-07-22",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180615-01-cpu-en"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2323 vom 2020-08-12",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2540-1 vom 2020-09-04",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007375.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3007-1 vom 2021-09-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009422.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3969-1 vom 2021-12-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009871.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3324-1 vom 2023-08-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015910.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3333-1 vom 2023-08-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015911.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3349-1 vom 2023-08-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015945.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
}
],
"source_lang": "en-US",
"title": "Prozessoren verschiedener Hersteller: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-09-02T22:00:00.000+00:00",
"generator": {
"date": "2024-09-03T08:16:44.354+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2023-2072",
"initial_release_date": "2018-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2018-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2018-05-21T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "3",
"summary": "\u00e4nderungen"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "4",
"summary": "referenzen"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "5",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "7",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "9",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "10",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "11",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-24T22:00:00.000+00:00",
"number": "12",
"summary": "Added references"
},
{
"date": "2018-05-27T22:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2018-05-28T22:00:00.000+00:00",
"number": "14",
"summary": "new updates SuSE"
},
{
"date": "2018-05-28T22:00:00.000+00:00",
"number": "15",
"summary": "Added references"
},
{
"date": "2018-05-31T22:00:00.000+00:00",
"number": "16",
"summary": "neue Updates Suse"
},
{
"date": "2018-06-07T22:00:00.000+00:00",
"number": "17",
"summary": "Added references"
},
{
"date": "2018-06-13T22:00:00.000+00:00",
"number": "18",
"summary": "New remediations available"
},
{
"date": "2018-06-17T22:00:00.000+00:00",
"number": "19",
"summary": "Added references"
},
{
"date": "2018-06-27T22:00:00.000+00:00",
"number": "20",
"summary": "Added references"
},
{
"date": "2018-07-01T22:00:00.000+00:00",
"number": "21",
"summary": "Added references"
},
{
"date": "2018-07-11T22:00:00.000+00:00",
"number": "22",
"summary": "New remediations available"
},
{
"date": "2018-07-12T22:00:00.000+00:00",
"number": "23",
"summary": "New remediations available"
},
{
"date": "2018-07-15T22:00:00.000+00:00",
"number": "24",
"summary": "New remediations available"
},
{
"date": "2018-07-17T22:00:00.000+00:00",
"number": "25",
"summary": "New remediations available"
},
{
"date": "2018-07-19T22:00:00.000+00:00",
"number": "26",
"summary": "New remediations available"
},
{
"date": "2018-07-24T22:00:00.000+00:00",
"number": "27",
"summary": "New remediations available"
},
{
"date": "2018-07-24T22:00:00.000+00:00",
"number": "28",
"summary": "New remediations available"
},
{
"date": "2018-07-25T22:00:00.000+00:00",
"number": "29",
"summary": "New remediations available"
},
{
"date": "2018-07-26T22:00:00.000+00:00",
"number": "30",
"summary": "New remediations available"
},
{
"date": "2018-07-26T22:00:00.000+00:00",
"number": "31",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-07-29T22:00:00.000+00:00",
"number": "32",
"summary": "New remediations available"
},
{
"date": "2018-07-29T22:00:00.000+00:00",
"number": "33",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-07-30T22:00:00.000+00:00",
"number": "34",
"summary": "New remediations available"
},
{
"date": "2018-08-05T22:00:00.000+00:00",
"number": "35",
"summary": "New remediations available"
},
{
"date": "2018-08-07T22:00:00.000+00:00",
"number": "36",
"summary": "New remediations available"
},
{
"date": "2018-08-08T22:00:00.000+00:00",
"number": "37",
"summary": "New remediations available"
},
{
"date": "2018-08-08T22:00:00.000+00:00",
"number": "38",
"summary": "New remediations available"
},
{
"date": "2018-08-12T22:00:00.000+00:00",
"number": "39",
"summary": "New remediations available"
},
{
"date": "2018-08-14T22:00:00.000+00:00",
"number": "40",
"summary": "New remediations available"
},
{
"date": "2018-08-15T22:00:00.000+00:00",
"number": "41",
"summary": "New remediations available"
},
{
"date": "2018-08-16T22:00:00.000+00:00",
"number": "42",
"summary": "New remediations available"
},
{
"date": "2018-08-16T22:00:00.000+00:00",
"number": "43",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-16T22:00:00.000+00:00",
"number": "44",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-27T22:00:00.000+00:00",
"number": "45",
"summary": "Added references"
},
{
"date": "2018-08-27T22:00:00.000+00:00",
"number": "46",
"summary": "New remediations available"
},
{
"date": "2018-08-30T22:00:00.000+00:00",
"number": "47",
"summary": "New remediations available"
},
{
"date": "2018-09-04T22:00:00.000+00:00",
"number": "48",
"summary": "New remediations available"
},
{
"date": "2018-09-09T22:00:00.000+00:00",
"number": "49",
"summary": "New remediations available"
},
{
"date": "2018-10-01T22:00:00.000+00:00",
"number": "50",
"summary": "New remediations available"
},
{
"date": "2018-10-30T23:00:00.000+00:00",
"number": "51",
"summary": "New remediations available"
},
{
"date": "2018-11-20T23:00:00.000+00:00",
"number": "52",
"summary": "New remediations available"
},
{
"date": "2019-01-09T23:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-02-06T23:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-03-03T23:00:00.000+00:00",
"number": "55",
"summary": "Referenz(en) aufgenommen: ELSA-2019-0435"
},
{
"date": "2019-03-14T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-05-02T22:00:00.000+00:00",
"number": "57",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-8F2B27EFCE"
},
{
"date": "2019-05-08T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-05-12T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-06-23T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-08-04T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2020-04-23T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2020-07-08T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2020-07-22T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Huawei aufgenommen"
},
{
"date": "2020-08-12T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-09-06T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-09T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-12-07T23:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-15T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-16T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-17T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "72"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cisco Catalyst",
"product": {
"name": "Cisco Catalyst",
"product_id": "T000491",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:catalyst:-"
}
}
},
{
"category": "product_name",
"name": "Cisco Nexus",
"product": {
"name": "Cisco Nexus",
"product_id": "T004033",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:nexus:-"
}
}
},
{
"category": "product_name",
"name": "Cisco Router",
"product": {
"name": "Cisco Router",
"product_id": "T003258",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:router:-"
}
}
},
{
"category": "product_name",
"name": "Cisco Unified Computing System (UCS)",
"product": {
"name": "Cisco Unified Computing System (UCS)",
"product_id": "163824",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:-"
}
}
}
],
"category": "vendor",
"name": "Cisco"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Citrix Systems XenServer 7.0",
"product_id": "T007798",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.0"
}
}
},
{
"category": "product_version",
"name": "7.1",
"product": {
"name": "Citrix Systems XenServer 7.1",
"product_id": "T009506",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.1"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "Citrix Systems XenServer 7.2",
"product_id": "T010154",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.2"
}
}
},
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "Citrix Systems XenServer 7.3",
"product_id": "T011969",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.3"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "Citrix Systems XenServer 7.4",
"product_id": "T012232",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.4"
}
}
}
],
"category": "product_name",
"name": "XenServer"
}
],
"category": "vendor",
"name": "Citrix Systems"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Huawei OceanStor",
"product": {
"name": "Huawei OceanStor",
"product_id": "T016821",
"product_identification_helper": {
"cpe": "cpe:/h:huawei:oceanstor_uds:-"
}
}
}
],
"category": "vendor",
"name": "Huawei"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel Prozessor",
"product": {
"name": "Intel Prozessor",
"product_id": "T011586",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:-"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.1R1",
"product": {
"name": "Juniper Junos Space \u003c20.1R1",
"product_id": "T016874"
}
},
{
"category": "product_version",
"name": "20.1R1",
"product": {
"name": "Juniper Junos Space 20.1R1",
"product_id": "T016874-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:20.1r1"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo BIOS",
"product": {
"name": "Lenovo BIOS",
"product_id": "T005651",
"product_identification_helper": {
"cpe": "cpe:/h:lenovo:bios:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source QEMU",
"product": {
"name": "Open Source QEMU",
"product_id": "185878",
"product_identification_helper": {
"cpe": "cpe:/a:qemu:qemu:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"category": "product_name",
"name": "Oracle VM",
"product": {
"name": "Oracle VM",
"product_id": "T011119",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "VMware ESXi",
"product": {
"name": "VMware ESXi",
"product_id": "T009575",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:-"
}
}
},
{
"category": "product_name",
"name": "VMware Fusion",
"product": {
"name": "VMware Fusion",
"product_id": "136752",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:fusion:3.1"
}
}
},
{
"category": "product_name",
"name": "VMware vCenter Server (VirtualCenter)",
"product": {
"name": "VMware vCenter Server (VirtualCenter)",
"product_id": "T012302",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:vcenter_server:-"
}
}
}
],
"category": "vendor",
"name": "VMware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Prozessoren mehrerer Hersteller. Diese, Spectre V4 genannte Schwachstelle kann wie Spectre V1 und V2 \u00fcber einen Seitenkanalangriff ausgenutzt werden (Speculative Store Bypass (SSB)). Ein lokaler Angreifer kann das ausnutzen um Teile des physikalischen Speicher auszulesen und so Sicherheitsmechanismen zu umgehen."
}
],
"product_status": {
"known_affected": [
"185878",
"T004033",
"T005651",
"T011119",
"T007798",
"163824",
"136752",
"67646",
"T009506",
"T003258",
"T012302",
"T010154",
"T016821",
"T011586",
"T012232",
"T016874",
"T004914",
"2951",
"T002207",
"T000126",
"1727",
"T009575",
"T011969",
"T000491"
]
},
"release_date": "2018-05-21T22:00:00.000+00:00",
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Prozessoren mehrerer Hersteller. Diese, Spectre V4 genannte Schwachstelle kann wie Spectre V1 und V2 \u00fcber einen Seitenkanalangriff ausgenutzt werden (Rogue System Register Read (RSRE)). Ein lokaler Angreifer kann das ausnutzen um Teile des physikalischen Speicher auszulesen und so Sicherheitsmechanismen zu umgehen."
}
],
"product_status": {
"known_affected": [
"185878",
"T004033",
"T005651",
"T011119",
"T007798",
"163824",
"136752",
"67646",
"T009506",
"T003258",
"T012302",
"T010154",
"T011586",
"T012232",
"T004914",
"2951",
"T002207",
"T000126",
"1727",
"T009575",
"T011969",
"T000491"
]
},
"release_date": "2018-05-21T22:00:00.000+00:00",
"title": "CVE-2018-3640"
}
]
}
wid-sec-w-2023-2072
Vulnerability from csaf_certbund
Published
2018-05-21 22:00
Modified
2024-09-02 22:00
Summary
Prozessoren verschiedener Hersteller: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Prozessor ist das zentrale Rechenwerk eines Computers.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Prozessoren unterschiedlicher Hersteller ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- CISCO Appliance
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Prozessoren unterschiedlicher Hersteller ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2072 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-2072.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2072 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2072"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-00115 vom 2018-05-21",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"category": "external",
"summary": "VmWare Security Advisory VMSA-2018-0012",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0012.html"
},
{
"category": "external",
"summary": "Microsoft Advisory ADV180012",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-20180521-cpusidechannel",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "AMD Security Advisory",
"url": "https://www.amd.com/en/corporate/security-updates"
},
{
"category": "external",
"summary": "Microsoft Advisory ADV180013",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180013"
},
{
"category": "external",
"summary": "RedHat CVE Database",
"url": "https://access.redhat.com/security/cve/cve-2018-3639"
},
{
"category": "external",
"summary": "RedHat CVE Database",
"url": "https://access.redhat.com/security/cve/cve-2018-3640"
},
{
"category": "external",
"summary": "Citrix Security Advisory CTX235225 vom 2018-05-22",
"url": "https://support.citrix.com/article/CTX235225"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4114 vom 2018-05-23",
"url": "http://linux.oracle.com/errata/ELSA-2018-4114.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1635 vom 2018-05-22",
"url": "http://rhn.redhat.com/errata/RHSA-2018-1635.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1636 vom 2018-05-22",
"url": "http://rhn.redhat.com/errata/RHSA-2018-1636.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1377-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181377-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1366-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181366-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1376-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181376-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1378-1 vom 2018-05-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181378-1.html"
},
{
"category": "external",
"summary": "Oraclevm-errata OVMSA-2018-0223 vom 2018-05-23",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000858.html"
},
{
"category": "external",
"summary": "Update des Cisco Security Advisory cisco-sa-20180521-cpusidechannel vom 2018-05-23",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4210 vom 2018-05-25",
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1826 vom 2018-06-12",
"url": "http://rhn.redhat.com/errata/RHSA-2018-1826.html"
},
{
"category": "external",
"summary": "libvirt Security Notice LSN-2018-0005 vom 2018-06-13",
"url": "http://security.libvirt.org/2018/0005.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1816-1 vom 2018-06-26",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181816-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1965 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1967 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:1997 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2001 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2003 vom 2018-06-27",
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2060 vom 2018-06-27",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2060.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-2162 vom 2018-07-11",
"url": "http://linux.oracle.com/errata/ELSA-2018-2162.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-2164 vom 2018-07-11",
"url": "http://linux.oracle.com/errata/ELSA-2018-2164.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2162 vom 2018-07-11",
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2161 vom 2018-07-11",
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2164 vom 2018-07-11",
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2172 vom 2018-07-11",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2172.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1935-1 vom 2018-07-13",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181935-1.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2018:2162 vom 2018-07-13",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2018-2162-Important-CentOS-6-qemu-kvm-Security-Update-tp4645175.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2216 vom 2018-07-17",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2216.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2228 vom 2018-07-20",
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2246 vom 2018-07-24",
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2250 vom 2018-07-24",
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2258 vom 2018-07-25",
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2076-1 vom 2018-07-27",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182076-1.html"
},
{
"category": "external",
"summary": "Update des Cisco Security Advisory cisco-sa-20180521-cpusidechannel vom 2018-07-26",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2082-1 vom 2018-07-28",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182082-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2092-1 vom 2018-07-28",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182092-1.html"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-22133 vom 2018-07-27",
"url": "https://support.lenovo.com/de/de/solutions/len-22133"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2289 vom 2018-07-30",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2289.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2289 vom 2018-07-31",
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2309 vom 2018-08-06",
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2328 vom 2018-08-06",
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2364 vom 2018-08-07",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2364.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2363 vom 2018-08-07",
"url": "http://rhn.redhat.com/errata/RHSA-2018-2363.html"
},
{
"category": "external",
"summary": "Microsoft Security Advisory ADV180013",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"category": "external",
"summary": "Microsoft Security Advisory ADV180012",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180012"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2304-1 vom 2018-08-12",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182304-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2384 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2387 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2388 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2388"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2389 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2389"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2395 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2390 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2391 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2391"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2392 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2392"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2393 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2393"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2394 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:2396 vom 2018-08-15",
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2331-1 vom 2018-08-15",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182331-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4198 vom 2018-08-16",
"url": "http://linux.oracle.com/errata/ELSA-2018-4198.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2338-1 vom 2018-08-16",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182338-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2335-1 vom 2018-08-16",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182335-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2340-1 vom 2018-08-16",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182340-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4273 vom 2018-08-17",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3756-1 vom 2018-08-28",
"url": "http://www.ubuntu.com/usn/usn-3756-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2556-1 vom 2018-08-30",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182556-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2565-1 vom 2018-08-31",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182565-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2615-1 vom 2018-09-05",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182615-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2650-1 vom 2018-09-07",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182650-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4235 vom 2018-10-02",
"url": "http://linux.oracle.com/errata/ELSA-2018-4235.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:3407 vom 2018-10-31",
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4285 vom 2018-11-21",
"url": "http://linux.oracle.com/errata/ELSA-2018-4285.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0049-1 vom 2019-01-10",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190049-1/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4531 vom 2019-02-07",
"url": "http://linux.oracle.com/errata/ELSA-2019-4531.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4585 vom 2019-03-15",
"url": "http://linux.oracle.com/errata/ELSA-2019-4585.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:1046 vom 2019-05-08",
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1211-1 vom 2019-05-11",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191211-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4469 vom 2019-06-23",
"url": "https://www.debian.org/security/2019/dsa-4469"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4702 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4702.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4732 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4732.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-0202 vom 2020-04-24",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-January/009541.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-0196 vom 2020-04-24",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-January/009537.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-0157 vom 2020-04-24",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-January/009534.html"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11023 vom 2020-07-08",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023"
},
{
"category": "external",
"summary": "Huawei Security Advisory HUAWEI-SA-20180615-01-CPU vom 2020-07-22",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180615-01-cpu-en"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2323 vom 2020-08-12",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2540-1 vom 2020-09-04",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007375.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3007-1 vom 2021-09-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009422.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3969-1 vom 2021-12-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009871.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3324-1 vom 2023-08-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015910.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3333-1 vom 2023-08-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015911.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3349-1 vom 2023-08-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015945.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
}
],
"source_lang": "en-US",
"title": "Prozessoren verschiedener Hersteller: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-09-02T22:00:00.000+00:00",
"generator": {
"date": "2024-09-03T08:16:44.354+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2023-2072",
"initial_release_date": "2018-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2018-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2018-05-21T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "3",
"summary": "\u00e4nderungen"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "4",
"summary": "referenzen"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "5",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2018-05-22T22:00:00.000+00:00",
"number": "7",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "9",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "10",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-23T22:00:00.000+00:00",
"number": "11",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-05-24T22:00:00.000+00:00",
"number": "12",
"summary": "Added references"
},
{
"date": "2018-05-27T22:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2018-05-28T22:00:00.000+00:00",
"number": "14",
"summary": "new updates SuSE"
},
{
"date": "2018-05-28T22:00:00.000+00:00",
"number": "15",
"summary": "Added references"
},
{
"date": "2018-05-31T22:00:00.000+00:00",
"number": "16",
"summary": "neue Updates Suse"
},
{
"date": "2018-06-07T22:00:00.000+00:00",
"number": "17",
"summary": "Added references"
},
{
"date": "2018-06-13T22:00:00.000+00:00",
"number": "18",
"summary": "New remediations available"
},
{
"date": "2018-06-17T22:00:00.000+00:00",
"number": "19",
"summary": "Added references"
},
{
"date": "2018-06-27T22:00:00.000+00:00",
"number": "20",
"summary": "Added references"
},
{
"date": "2018-07-01T22:00:00.000+00:00",
"number": "21",
"summary": "Added references"
},
{
"date": "2018-07-11T22:00:00.000+00:00",
"number": "22",
"summary": "New remediations available"
},
{
"date": "2018-07-12T22:00:00.000+00:00",
"number": "23",
"summary": "New remediations available"
},
{
"date": "2018-07-15T22:00:00.000+00:00",
"number": "24",
"summary": "New remediations available"
},
{
"date": "2018-07-17T22:00:00.000+00:00",
"number": "25",
"summary": "New remediations available"
},
{
"date": "2018-07-19T22:00:00.000+00:00",
"number": "26",
"summary": "New remediations available"
},
{
"date": "2018-07-24T22:00:00.000+00:00",
"number": "27",
"summary": "New remediations available"
},
{
"date": "2018-07-24T22:00:00.000+00:00",
"number": "28",
"summary": "New remediations available"
},
{
"date": "2018-07-25T22:00:00.000+00:00",
"number": "29",
"summary": "New remediations available"
},
{
"date": "2018-07-26T22:00:00.000+00:00",
"number": "30",
"summary": "New remediations available"
},
{
"date": "2018-07-26T22:00:00.000+00:00",
"number": "31",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-07-29T22:00:00.000+00:00",
"number": "32",
"summary": "New remediations available"
},
{
"date": "2018-07-29T22:00:00.000+00:00",
"number": "33",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-07-30T22:00:00.000+00:00",
"number": "34",
"summary": "New remediations available"
},
{
"date": "2018-08-05T22:00:00.000+00:00",
"number": "35",
"summary": "New remediations available"
},
{
"date": "2018-08-07T22:00:00.000+00:00",
"number": "36",
"summary": "New remediations available"
},
{
"date": "2018-08-08T22:00:00.000+00:00",
"number": "37",
"summary": "New remediations available"
},
{
"date": "2018-08-08T22:00:00.000+00:00",
"number": "38",
"summary": "New remediations available"
},
{
"date": "2018-08-12T22:00:00.000+00:00",
"number": "39",
"summary": "New remediations available"
},
{
"date": "2018-08-14T22:00:00.000+00:00",
"number": "40",
"summary": "New remediations available"
},
{
"date": "2018-08-15T22:00:00.000+00:00",
"number": "41",
"summary": "New remediations available"
},
{
"date": "2018-08-16T22:00:00.000+00:00",
"number": "42",
"summary": "New remediations available"
},
{
"date": "2018-08-16T22:00:00.000+00:00",
"number": "43",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-16T22:00:00.000+00:00",
"number": "44",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-27T22:00:00.000+00:00",
"number": "45",
"summary": "Added references"
},
{
"date": "2018-08-27T22:00:00.000+00:00",
"number": "46",
"summary": "New remediations available"
},
{
"date": "2018-08-30T22:00:00.000+00:00",
"number": "47",
"summary": "New remediations available"
},
{
"date": "2018-09-04T22:00:00.000+00:00",
"number": "48",
"summary": "New remediations available"
},
{
"date": "2018-09-09T22:00:00.000+00:00",
"number": "49",
"summary": "New remediations available"
},
{
"date": "2018-10-01T22:00:00.000+00:00",
"number": "50",
"summary": "New remediations available"
},
{
"date": "2018-10-30T23:00:00.000+00:00",
"number": "51",
"summary": "New remediations available"
},
{
"date": "2018-11-20T23:00:00.000+00:00",
"number": "52",
"summary": "New remediations available"
},
{
"date": "2019-01-09T23:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-02-06T23:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-03-03T23:00:00.000+00:00",
"number": "55",
"summary": "Referenz(en) aufgenommen: ELSA-2019-0435"
},
{
"date": "2019-03-14T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-05-02T22:00:00.000+00:00",
"number": "57",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-8F2B27EFCE"
},
{
"date": "2019-05-08T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-05-12T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-06-23T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-08-04T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2020-04-23T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2020-07-08T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2020-07-22T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Huawei aufgenommen"
},
{
"date": "2020-08-12T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-09-06T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-09T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-12-07T23:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-15T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-16T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-17T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "72"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cisco Catalyst",
"product": {
"name": "Cisco Catalyst",
"product_id": "T000491",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:catalyst:-"
}
}
},
{
"category": "product_name",
"name": "Cisco Nexus",
"product": {
"name": "Cisco Nexus",
"product_id": "T004033",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:nexus:-"
}
}
},
{
"category": "product_name",
"name": "Cisco Router",
"product": {
"name": "Cisco Router",
"product_id": "T003258",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:router:-"
}
}
},
{
"category": "product_name",
"name": "Cisco Unified Computing System (UCS)",
"product": {
"name": "Cisco Unified Computing System (UCS)",
"product_id": "163824",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:-"
}
}
}
],
"category": "vendor",
"name": "Cisco"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Citrix Systems XenServer 7.0",
"product_id": "T007798",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.0"
}
}
},
{
"category": "product_version",
"name": "7.1",
"product": {
"name": "Citrix Systems XenServer 7.1",
"product_id": "T009506",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.1"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "Citrix Systems XenServer 7.2",
"product_id": "T010154",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.2"
}
}
},
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "Citrix Systems XenServer 7.3",
"product_id": "T011969",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.3"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "Citrix Systems XenServer 7.4",
"product_id": "T012232",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:7.4"
}
}
}
],
"category": "product_name",
"name": "XenServer"
}
],
"category": "vendor",
"name": "Citrix Systems"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Huawei OceanStor",
"product": {
"name": "Huawei OceanStor",
"product_id": "T016821",
"product_identification_helper": {
"cpe": "cpe:/h:huawei:oceanstor_uds:-"
}
}
}
],
"category": "vendor",
"name": "Huawei"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel Prozessor",
"product": {
"name": "Intel Prozessor",
"product_id": "T011586",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:-"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.1R1",
"product": {
"name": "Juniper Junos Space \u003c20.1R1",
"product_id": "T016874"
}
},
{
"category": "product_version",
"name": "20.1R1",
"product": {
"name": "Juniper Junos Space 20.1R1",
"product_id": "T016874-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:20.1r1"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo BIOS",
"product": {
"name": "Lenovo BIOS",
"product_id": "T005651",
"product_identification_helper": {
"cpe": "cpe:/h:lenovo:bios:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source QEMU",
"product": {
"name": "Open Source QEMU",
"product_id": "185878",
"product_identification_helper": {
"cpe": "cpe:/a:qemu:qemu:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"category": "product_name",
"name": "Oracle VM",
"product": {
"name": "Oracle VM",
"product_id": "T011119",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "VMware ESXi",
"product": {
"name": "VMware ESXi",
"product_id": "T009575",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:-"
}
}
},
{
"category": "product_name",
"name": "VMware Fusion",
"product": {
"name": "VMware Fusion",
"product_id": "136752",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:fusion:3.1"
}
}
},
{
"category": "product_name",
"name": "VMware vCenter Server (VirtualCenter)",
"product": {
"name": "VMware vCenter Server (VirtualCenter)",
"product_id": "T012302",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:vcenter_server:-"
}
}
}
],
"category": "vendor",
"name": "VMware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Prozessoren mehrerer Hersteller. Diese, Spectre V4 genannte Schwachstelle kann wie Spectre V1 und V2 \u00fcber einen Seitenkanalangriff ausgenutzt werden (Speculative Store Bypass (SSB)). Ein lokaler Angreifer kann das ausnutzen um Teile des physikalischen Speicher auszulesen und so Sicherheitsmechanismen zu umgehen."
}
],
"product_status": {
"known_affected": [
"185878",
"T004033",
"T005651",
"T011119",
"T007798",
"163824",
"136752",
"67646",
"T009506",
"T003258",
"T012302",
"T010154",
"T016821",
"T011586",
"T012232",
"T016874",
"T004914",
"2951",
"T002207",
"T000126",
"1727",
"T009575",
"T011969",
"T000491"
]
},
"release_date": "2018-05-21T22:00:00.000+00:00",
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Prozessoren mehrerer Hersteller. Diese, Spectre V4 genannte Schwachstelle kann wie Spectre V1 und V2 \u00fcber einen Seitenkanalangriff ausgenutzt werden (Rogue System Register Read (RSRE)). Ein lokaler Angreifer kann das ausnutzen um Teile des physikalischen Speicher auszulesen und so Sicherheitsmechanismen zu umgehen."
}
],
"product_status": {
"known_affected": [
"185878",
"T004033",
"T005651",
"T011119",
"T007798",
"163824",
"136752",
"67646",
"T009506",
"T003258",
"T012302",
"T010154",
"T011586",
"T012232",
"T004914",
"2951",
"T002207",
"T000126",
"1727",
"T009575",
"T011969",
"T000491"
]
},
"release_date": "2018-05-21T22:00:00.000+00:00",
"title": "CVE-2018-3640"
}
]
}
opensuse-su-2024:11478-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ucode-intel-20210608-1.2 on GA media
Notes
Title of the patch
ucode-intel-20210608-1.2 on GA media
Description of the patch
These are all security issues fixed in the ucode-intel-20210608-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11478
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ucode-intel-20210608-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ucode-intel-20210608-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11478",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11478-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11139 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0543 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0548 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24511 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24512 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24513 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8695 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8698 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8698/"
}
],
"title": "ucode-intel-20210608-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11478-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210608-1.2.aarch64",
"product": {
"name": "ucode-intel-20210608-1.2.aarch64",
"product_id": "ucode-intel-20210608-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210608-1.2.ppc64le",
"product": {
"name": "ucode-intel-20210608-1.2.ppc64le",
"product_id": "ucode-intel-20210608-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210608-1.2.s390x",
"product": {
"name": "ucode-intel-20210608-1.2.s390x",
"product_id": "ucode-intel-20210608-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210608-1.2.x86_64",
"product": {
"name": "ucode-intel-20210608-1.2.x86_64",
"product_id": "ucode-intel-20210608-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210608-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64"
},
"product_reference": "ucode-intel-20210608-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210608-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le"
},
"product_reference": "ucode-intel-20210608-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210608-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x"
},
"product_reference": "ucode-intel-20210608-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210608-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
},
"product_reference": "ucode-intel-20210608-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5715"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5715",
"url": "https://www.suse.com/security/cve/CVE-2017-5715"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1074741 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074741"
},
{
"category": "external",
"summary": "SUSE Bug 1074919 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074919"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075007 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075007"
},
{
"category": "external",
"summary": "SUSE Bug 1075262 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075262"
},
{
"category": "external",
"summary": "SUSE Bug 1075419 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "external",
"summary": "SUSE Bug 1076115 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076115"
},
{
"category": "external",
"summary": "SUSE Bug 1076372 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076372"
},
{
"category": "external",
"summary": "SUSE Bug 1076606 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076606"
},
{
"category": "external",
"summary": "SUSE Bug 1078353 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1078353"
},
{
"category": "external",
"summary": "SUSE Bug 1080039 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "external",
"summary": "SUSE Bug 1087887 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087887"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1088147 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1088147"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1095735 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1095735"
},
{
"category": "external",
"summary": "SUSE Bug 1102517 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1102517"
},
{
"category": "external",
"summary": "SUSE Bug 1105108 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1105108"
},
{
"category": "external",
"summary": "SUSE Bug 1126516 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1126516"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1203236 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1203236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5715"
},
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-11139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11139"
}
],
"notes": [
{
"category": "general",
"text": "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11139",
"url": "https://www.suse.com/security/cve/CVE-2019-11139"
},
{
"category": "external",
"summary": "SUSE Bug 1141035 for CVE-2019-11139",
"url": "https://bugzilla.suse.com/1141035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11139"
},
{
"cve": "CVE-2020-0543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0543"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0543",
"url": "https://www.suse.com/security/cve/CVE-2020-0543"
},
{
"category": "external",
"summary": "SUSE Bug 1154824 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1154824"
},
{
"category": "external",
"summary": "SUSE Bug 1172205 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172205"
},
{
"category": "external",
"summary": "SUSE Bug 1172206 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172206"
},
{
"category": "external",
"summary": "SUSE Bug 1172207 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172207"
},
{
"category": "external",
"summary": "SUSE Bug 1172770 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172770"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-0543"
},
{
"cve": "CVE-2020-0548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0548"
}
],
"notes": [
{
"category": "general",
"text": "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0548",
"url": "https://www.suse.com/security/cve/CVE-2020-0548"
},
{
"category": "external",
"summary": "SUSE Bug 1156353 for CVE-2020-0548",
"url": "https://bugzilla.suse.com/1156353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-0548"
},
{
"cve": "CVE-2020-24489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24489"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24489",
"url": "https://www.suse.com/security/cve/CVE-2020-24489"
},
{
"category": "external",
"summary": "SUSE Bug 1179839 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "external",
"summary": "SUSE Bug 1192359 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1192359"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1201731"
},
{
"category": "external",
"summary": "SUSE Bug 1225680 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1225680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24511"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24511",
"url": "https://www.suse.com/security/cve/CVE-2020-24511"
},
{
"category": "external",
"summary": "SUSE Bug 1179836 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24512"
}
],
"notes": [
{
"category": "general",
"text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24512",
"url": "https://www.suse.com/security/cve/CVE-2020-24512"
},
{
"category": "external",
"summary": "SUSE Bug 1179837 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24513"
}
],
"notes": [
{
"category": "general",
"text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24513",
"url": "https://www.suse.com/security/cve/CVE-2020-24513"
},
{
"category": "external",
"summary": "SUSE Bug 1179833 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24513"
},
{
"cve": "CVE-2020-8695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8695"
}
],
"notes": [
{
"category": "general",
"text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8695",
"url": "https://www.suse.com/security/cve/CVE-2020-8695"
},
{
"category": "external",
"summary": "SUSE Bug 1170415 for CVE-2020-8695",
"url": "https://bugzilla.suse.com/1170415"
},
{
"category": "external",
"summary": "SUSE Bug 1170446 for CVE-2020-8695",
"url": "https://bugzilla.suse.com/1170446"
},
{
"category": "external",
"summary": "SUSE Bug 1178591 for CVE-2020-8695",
"url": "https://bugzilla.suse.com/1178591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8695"
},
{
"cve": "CVE-2020-8696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8696"
}
],
"notes": [
{
"category": "general",
"text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8696",
"url": "https://www.suse.com/security/cve/CVE-2020-8696"
},
{
"category": "external",
"summary": "SUSE Bug 1173592 for CVE-2020-8696",
"url": "https://bugzilla.suse.com/1173592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8696"
},
{
"cve": "CVE-2020-8698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8698"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8698",
"url": "https://www.suse.com/security/cve/CVE-2020-8698"
},
{
"category": "external",
"summary": "SUSE Bug 1173594 for CVE-2020-8698",
"url": "https://bugzilla.suse.com/1173594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
"openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8698"
}
]
}
gsd-2018-3640
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-3640",
"description": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"id": "GSD-2018-3640",
"references": [
"https://www.suse.com/security/cve/CVE-2018-3640.html",
"https://www.debian.org/security/2018/dsa-4273",
"https://ubuntu.com/security/CVE-2018-3640",
"https://advisories.mageia.org/CVE-2018-3640.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-3640"
],
"details": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"id": "GSD-2018-3640",
"modified": "2023-12-13T01:22:43.443214Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-3640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "TA18-141A",
"refsource": "CERT",
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1040949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_23",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "DSA-4273",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "104228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "USN-3756-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85120:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_silver:j5005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium:n4100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85115:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86126t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86136:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86138:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86142m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86144:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_silver:n5000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85122:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86126:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86126f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86134:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86134m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86142:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86142f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86154:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85120t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86130t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86132:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86140:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86140m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86148f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86152:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1220_:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3440:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e6510:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e6540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:45nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:45nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1275_:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l3426:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3430:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5508_:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5518_:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5507:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:w5590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:5600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:32nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:32nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l3403:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l3406:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:3600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5506:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5504:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5506:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x5570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:w5580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:45nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:45nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium:n4200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium:n4000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85118:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85119t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86130f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86138f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86138t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86146:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86148:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:125c_:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3470:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5502:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5503:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x5550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x5560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e6550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:7500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:32nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:32nm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3640"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA18-141A",
"refsource": "CERT",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_23",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"refsource": "CISCO",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "1040949",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "104228",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "DSA-4273",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "USN-3756-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
"refsource": "CONFIRM",
"tags": [],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2018-05-22T12:29Z"
}
}
}
tid-103
Vulnerability from emb3d
Type
Description
Operating system memory safety models rely on processor hardware to enforce separation between different virtual memory spaces. Failures of processor architectures to properly deliver these security guarantees can lead to sensitive information being disclosed across the boundaries between different kernel and process memory spaces. The performance optimization features in modern processors have been shown to be a source of such data leakage vulnerabilities. Data leakage through timing-based side channels introduced by the behavior of processor features such as memory caches have long been known to be effective against cryptographic implementations. The Spectre and Meltdown vulnerabilities announced in 2018 brought attention to weaknesses in certain microarchitectural performance features that could be manipulated in conjunction with memory cache timing techniques to leak data across OS virtual memory bounds. Spectre / Meltdown, and subsequent research work, demonstrated that speculative execution features (e.g., branch prediction, speculative memory loads/stores, out-of-order execution, etc.) could lead to memory locations being read into the CPU’s cache in violation of virtual memory permissions. Malicious code could then utilize a subsequent cache timing side channel attack to extract the data stored in those memory locations.
CWE
- CWE-1037: Processor Optimization Removal or Modification of Security-critical Code
- CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels
fkie_cve-2018-3640
Vulnerability from fkie_nvd
Published
2018-05-22 12:29
Modified
2024-11-21 04:05
Severity ?
Summary
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
References
| URL | Tags | ||
|---|---|---|---|
| secure@intel.com | http://support.lenovo.com/us/en/solutions/LEN-22133 | Third Party Advisory | |
| secure@intel.com | http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html | Third Party Advisory | |
| secure@intel.com | http://www.securityfocus.com/bid/104228 | Third Party Advisory, VDB Entry | |
| secure@intel.com | http://www.securitytracker.com/id/1040949 | Third Party Advisory, VDB Entry | |
| secure@intel.com | http://www.securitytracker.com/id/1042004 | ||
| secure@intel.com | https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf | ||
| secure@intel.com | https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf | ||
| secure@intel.com | https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability | Vendor Advisory | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html | ||
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html | ||
| secure@intel.com | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013 | Patch, Third Party Advisory, Vendor Advisory | |
| secure@intel.com | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005 | ||
| secure@intel.com | https://security.netapp.com/advisory/ntap-20180521-0001/ | Third Party Advisory | |
| secure@intel.com | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us | Third Party Advisory | |
| secure@intel.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel | Third Party Advisory | |
| secure@intel.com | https://usn.ubuntu.com/3756-1/ | ||
| secure@intel.com | https://www.debian.org/security/2018/dsa-4273 | ||
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html | Vendor Advisory | |
| secure@intel.com | https://www.kb.cert.org/vuls/id/180049 | Third Party Advisory, US Government Resource | |
| secure@intel.com | https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 | ||
| secure@intel.com | https://www.synology.com/support/security/Synology_SA_18_23 | Third Party Advisory | |
| secure@intel.com | https://www.us-cert.gov/ncas/alerts/TA18-141A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.lenovo.com/us/en/solutions/LEN-22133 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104228 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040949 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042004 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013 | Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180521-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3756-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4273 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/180049 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synology.com/support/security/Synology_SA_18_23 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ncas/alerts/TA18-141A | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | atom_c | c2308 | |
| intel | atom_c | c3308 | |
| intel | atom_c | c3338 | |
| intel | atom_c | c3508 | |
| intel | atom_c | c3538 | |
| intel | atom_c | c3558 | |
| intel | atom_c | c3708 | |
| intel | atom_c | c3750 | |
| intel | atom_c | c3758 | |
| intel | atom_c | c3808 | |
| intel | atom_c | c3830 | |
| intel | atom_c | c3850 | |
| intel | atom_c | c3858 | |
| intel | atom_c | c3950 | |
| intel | atom_c | c3955 | |
| intel | atom_c | c3958 | |
| intel | atom_e | e3805 | |
| intel | atom_e | e3815 | |
| intel | atom_e | e3825 | |
| intel | atom_e | e3826 | |
| intel | atom_e | e3827 | |
| intel | atom_e | e3845 | |
| intel | atom_z | z2420 | |
| intel | atom_z | z2460 | |
| intel | atom_z | z2480 | |
| intel | atom_z | z2520 | |
| intel | atom_z | z2560 | |
| intel | atom_z | z2580 | |
| intel | atom_z | z2760 | |
| intel | atom_z | z3460 | |
| intel | atom_z | z3480 | |
| intel | atom_z | z3530 | |
| intel | atom_z | z3560 | |
| intel | atom_z | z3570 | |
| intel | atom_z | z3580 | |
| intel | atom_z | z3590 | |
| intel | atom_z | z3735d | |
| intel | atom_z | z3735e | |
| intel | atom_z | z3735f | |
| intel | atom_z | z3735g | |
| intel | atom_z | z3736f | |
| intel | atom_z | z3736g | |
| intel | atom_z | z3740 | |
| intel | atom_z | z3740d | |
| intel | atom_z | z3745 | |
| intel | atom_z | z3745d | |
| intel | atom_z | z3770 | |
| intel | atom_z | z3770d | |
| intel | atom_z | z3775 | |
| intel | atom_z | z3775d | |
| intel | atom_z | z3785 | |
| intel | atom_z | z3795 | |
| intel | celeron_j | j3455 | |
| intel | celeron_j | j4005 | |
| intel | celeron_j | j4105 | |
| intel | celeron_n | n3450 | |
| intel | core_i3 | 32nm | |
| intel | core_i3 | 45nm | |
| intel | core_i5 | 32nm | |
| intel | core_i5 | 45nm | |
| intel | core_i7 | 32nm | |
| intel | core_i7 | 45nm | |
| intel | core_m | 32nm | |
| intel | core_m | 45nm | |
| intel | pentium | n4000 | |
| intel | pentium | n4100 | |
| intel | pentium | n4200 | |
| intel | pentium_j | j4205 | |
| intel | pentium_silver | j5005 | |
| intel | pentium_silver | n5000 | |
| intel | xeon_e-1105c | - | |
| intel | xeon_e3 | 125c_ | |
| intel | xeon_e3 | 1220_ | |
| intel | xeon_e3 | 1275_ | |
| intel | xeon_e3 | 1505m_v6 | |
| intel | xeon_e3 | 1515m_v5 | |
| intel | xeon_e3 | 1535m_v5 | |
| intel | xeon_e3 | 1535m_v6 | |
| intel | xeon_e3 | 1545m_v5 | |
| intel | xeon_e3 | 1558l_v5 | |
| intel | xeon_e3 | 1565l_v5 | |
| intel | xeon_e3 | 1575m_v5 | |
| intel | xeon_e3 | 1578l_v5 | |
| intel | xeon_e3 | 1585_v5 | |
| intel | xeon_e3 | 1585l_v5 | |
| intel | xeon_e3 | 3600 | |
| intel | xeon_e3 | 5600 | |
| intel | xeon_e3 | 7500 | |
| intel | xeon_e3 | e5502 | |
| intel | xeon_e3 | e5503 | |
| intel | xeon_e3 | e5504 | |
| intel | xeon_e3 | e5506 | |
| intel | xeon_e3 | e5507 | |
| intel | xeon_e3 | e5520 | |
| intel | xeon_e3 | e5530 | |
| intel | xeon_e3 | e5540 | |
| intel | xeon_e3 | e6510 | |
| intel | xeon_e3 | e6540 | |
| intel | xeon_e3 | e6550 | |
| intel | xeon_e3 | l3403 | |
| intel | xeon_e3 | l3406 | |
| intel | xeon_e3 | l3426 | |
| intel | xeon_e3 | l5506 | |
| intel | xeon_e3 | l5508_ | |
| intel | xeon_e3 | l5518_ | |
| intel | xeon_e3 | l5520 | |
| intel | xeon_e3 | l5530 | |
| intel | xeon_e3 | w5580 | |
| intel | xeon_e3 | w5590 | |
| intel | xeon_e3 | x3430 | |
| intel | xeon_e3 | x3440 | |
| intel | xeon_e3 | x3450 | |
| intel | xeon_e3 | x3460 | |
| intel | xeon_e3 | x3470 | |
| intel | xeon_e3 | x3480 | |
| intel | xeon_e3 | x5550 | |
| intel | xeon_e3 | x5560 | |
| intel | xeon_e3 | x5570 | |
| intel | xeon_e3_1105c_v2 | - | |
| intel | xeon_e3_1125c_v2 | - | |
| intel | xeon_e3_1220_v2 | - | |
| intel | xeon_e3_1220_v3 | - | |
| intel | xeon_e3_1220_v5 | - | |
| intel | xeon_e3_1220_v6 | - | |
| intel | xeon_e3_12201 | - | |
| intel | xeon_e3_12201_v2 | - | |
| intel | xeon_e3_1220l_v3 | - | |
| intel | xeon_e3_1225 | - | |
| intel | xeon_e3_1225_v2 | - | |
| intel | xeon_e3_1225_v3 | - | |
| intel | xeon_e3_1225_v5 | - | |
| intel | xeon_e3_1225_v6 | - | |
| intel | xeon_e3_1226_v3 | - | |
| intel | xeon_e3_1230 | - | |
| intel | xeon_e3_1230_v2 | - | |
| intel | xeon_e3_1230_v3 | - | |
| intel | xeon_e3_1230_v5 | - | |
| intel | xeon_e3_1230_v6 | - | |
| intel | xeon_e3_1230l_v3 | - | |
| intel | xeon_e3_1231_v3 | - | |
| intel | xeon_e3_1235 | - | |
| intel | xeon_e3_1235l_v5 | - | |
| intel | xeon_e3_1240 | - | |
| intel | xeon_e3_1240_v2 | - | |
| intel | xeon_e3_1240_v3 | - | |
| intel | xeon_e3_1240_v5 | - | |
| intel | xeon_e3_1240_v6 | - | |
| intel | xeon_e3_1240l_v3 | - | |
| intel | xeon_e3_1240l_v5 | - | |
| intel | xeon_e3_1241_v3 | - | |
| intel | xeon_e3_1245 | - | |
| intel | xeon_e3_1245_v2 | - | |
| intel | xeon_e3_1245_v3 | - | |
| intel | xeon_e3_1245_v5 | - | |
| intel | xeon_e3_1245_v6 | - | |
| intel | xeon_e3_1246_v3 | - | |
| intel | xeon_e3_1258l_v4 | - | |
| intel | xeon_e3_1260l | - | |
| intel | xeon_e3_1260l_v5 | - | |
| intel | xeon_e3_1265l_v2 | - | |
| intel | xeon_e3_1265l_v3 | - | |
| intel | xeon_e3_1265l_v4 | - | |
| intel | xeon_e3_1268l_v3 | - | |
| intel | xeon_e3_1268l_v5 | - | |
| intel | xeon_e3_1270 | - | |
| intel | xeon_e3_1270_v2 | - | |
| intel | xeon_e3_1270_v3 | - | |
| intel | xeon_e3_1270_v5 | - | |
| intel | xeon_e3_1270_v6 | - | |
| intel | xeon_e3_1271_v3 | - | |
| intel | xeon_e3_1275_v2 | - | |
| intel | xeon_e3_1275_v3 | - | |
| intel | xeon_e3_1275_v5 | - | |
| intel | xeon_e3_1275_v6 | - | |
| intel | xeon_e3_1275l_v3 | - | |
| intel | xeon_e3_1276_v3 | - | |
| intel | xeon_e3_1278l_v4 | - | |
| intel | xeon_e3_1280 | - | |
| intel | xeon_e3_1280_v2 | - | |
| intel | xeon_e3_1280_v3 | - | |
| intel | xeon_e3_1280_v5 | - | |
| intel | xeon_e3_1280_v6 | - | |
| intel | xeon_e3_1281_v3 | - | |
| intel | xeon_e3_1285_v3 | - | |
| intel | xeon_e3_1285_v4 | - | |
| intel | xeon_e3_1285_v6 | - | |
| intel | xeon_e3_1285l_v3 | - | |
| intel | xeon_e3_1285l_v4 | - | |
| intel | xeon_e3_1286_v3 | - | |
| intel | xeon_e3_1286l_v3 | - | |
| intel | xeon_e3_1290 | - | |
| intel | xeon_e3_1290_v2 | - | |
| intel | xeon_e3_1501l_v6 | - | |
| intel | xeon_e3_1501m_v6 | - | |
| intel | xeon_e3_1505l_v5 | - | |
| intel | xeon_e3_1505l_v6 | - | |
| intel | xeon_e3_1505m_v5 | - | |
| intel | xeon_e5 | 2650l_v4 | |
| intel | xeon_e5 | 2658 | |
| intel | xeon_e5 | 2658_v2 | |
| intel | xeon_e5 | 2658_v3 | |
| intel | xeon_e5 | 2658_v4 | |
| intel | xeon_e5 | 2658a_v3 | |
| intel | xeon_e5 | 2660 | |
| intel | xeon_e5 | 2660_v2 | |
| intel | xeon_e5 | 2660_v3 | |
| intel | xeon_e5 | 2660_v4 | |
| intel | xeon_e5 | 2665 | |
| intel | xeon_e5 | 2667 | |
| intel | xeon_e5 | 2667_v2 | |
| intel | xeon_e5 | 2667_v3 | |
| intel | xeon_e5 | 2667_v4 | |
| intel | xeon_e5 | 2670 | |
| intel | xeon_e5 | 2670_v2 | |
| intel | xeon_e5 | 2670_v3 | |
| intel | xeon_e5 | 2680 | |
| intel | xeon_e5 | 2680_v2 | |
| intel | xeon_e5 | 2680_v3 | |
| intel | xeon_e5 | 2680_v4 | |
| intel | xeon_e5 | 2683_v3 | |
| intel | xeon_e5 | 2683_v4 | |
| intel | xeon_e5 | 2687w | |
| intel | xeon_e5 | 2687w_v2 | |
| intel | xeon_e5 | 2687w_v3 | |
| intel | xeon_e5 | 2687w_v4 | |
| intel | xeon_e5 | 2690 | |
| intel | xeon_e5 | 2690_v2 | |
| intel | xeon_e5 | 2690_v3 | |
| intel | xeon_e5 | 2690_v4 | |
| intel | xeon_e5 | 2695_v2 | |
| intel | xeon_e5 | 2695_v3 | |
| intel | xeon_e5 | 2695_v4 | |
| intel | xeon_e5 | 2697_v2 | |
| intel | xeon_e5 | 2697_v3 | |
| intel | xeon_e5 | 2697_v4 | |
| intel | xeon_e5 | 2697a_v4 | |
| intel | xeon_e5 | 2698_v3 | |
| intel | xeon_e5 | 2698_v4 | |
| intel | xeon_e5 | 2699_v3 | |
| intel | xeon_e5 | 2699_v4 | |
| intel | xeon_e5 | 2699a_v4 | |
| intel | xeon_e5 | 2699r_v4 | |
| intel | xeon_e5 | 4603 | |
| intel | xeon_e5 | 4603_v2 | |
| intel | xeon_e5 | 4607 | |
| intel | xeon_e5 | 4607_v2 | |
| intel | xeon_e5 | 4610 | |
| intel | xeon_e5 | 4610_v2 | |
| intel | xeon_e5 | 4610_v3 | |
| intel | xeon_e5 | 4610_v4 | |
| intel | xeon_e5 | 4617 | |
| intel | xeon_e5 | 4620 | |
| intel | xeon_e5 | 4620_v2 | |
| intel | xeon_e5 | 4620_v3 | |
| intel | xeon_e5 | 4620_v4 | |
| intel | xeon_e5 | 4624l_v2 | |
| intel | xeon_e5 | 4627_v2 | |
| intel | xeon_e5 | 4627_v3 | |
| intel | xeon_e5 | 4627_v4 | |
| intel | xeon_e5 | 4628l_v4 | |
| intel | xeon_e5 | 4640 | |
| intel | xeon_e5 | 4640_v2 | |
| intel | xeon_e5 | 4640_v3 | |
| intel | xeon_e5 | 4640_v4 | |
| intel | xeon_e5 | 4648_v3 | |
| intel | xeon_e5 | 4650 | |
| intel | xeon_e5 | 4650_v2 | |
| intel | xeon_e5 | 4650_v3 | |
| intel | xeon_e5 | 4650_v4 | |
| intel | xeon_e5 | 4650l | |
| intel | xeon_e5 | 4655_v3 | |
| intel | xeon_e5 | 4655_v4 | |
| intel | xeon_e5 | 4657l_v2 | |
| intel | xeon_e5 | 4660_v3 | |
| intel | xeon_e5 | 4660_v4 | |
| intel | xeon_e5 | 4667_v3 | |
| intel | xeon_e5 | 4667_v4 | |
| intel | xeon_e5 | 4669_v3 | |
| intel | xeon_e5 | 4669_v4 | |
| intel | xeon_e5_1428l | - | |
| intel | xeon_e5_1428l_v2 | - | |
| intel | xeon_e5_1428l_v3 | - | |
| intel | xeon_e5_1620 | - | |
| intel | xeon_e5_1620_v2 | - | |
| intel | xeon_e5_1620_v3 | - | |
| intel | xeon_e5_1620_v4 | - | |
| intel | xeon_e5_1630_v3 | - | |
| intel | xeon_e5_1630_v4 | - | |
| intel | xeon_e5_1650 | - | |
| intel | xeon_e5_1650_v2 | - | |
| intel | xeon_e5_1650_v3 | - | |
| intel | xeon_e5_1650_v4 | - | |
| intel | xeon_e5_1660 | - | |
| intel | xeon_e5_1660_v2 | - | |
| intel | xeon_e5_1660_v3 | - | |
| intel | xeon_e5_1660_v4 | - | |
| intel | xeon_e5_1680_v3 | - | |
| intel | xeon_e5_1680_v4 | - | |
| intel | xeon_e5_2403 | - | |
| intel | xeon_e5_2403_v2 | - | |
| intel | xeon_e5_2407 | - | |
| intel | xeon_e5_2407_v2 | - | |
| intel | xeon_e5_2408l_v3 | - | |
| intel | xeon_e5_2418l | - | |
| intel | xeon_e5_2418l_v2 | - | |
| intel | xeon_e5_2418l_v3 | - | |
| intel | xeon_e5_2420 | - | |
| intel | xeon_e5_2420_v2 | - | |
| intel | xeon_e5_2428l | - | |
| intel | xeon_e5_2428l_v2 | - | |
| intel | xeon_e5_2428l_v3 | - | |
| intel | xeon_e5_2430 | - | |
| intel | xeon_e5_2430_v2 | - | |
| intel | xeon_e5_2430l | - | |
| intel | xeon_e5_2430l_v2 | - | |
| intel | xeon_e5_2438l_v3 | - | |
| intel | xeon_e5_2440 | - | |
| intel | xeon_e5_2440_v2 | - | |
| intel | xeon_e5_2448l | - | |
| intel | xeon_e5_2448l_v2 | - | |
| intel | xeon_e5_2450 | - | |
| intel | xeon_e5_2450_v2 | - | |
| intel | xeon_e5_2450l | - | |
| intel | xeon_e5_2450l_v2 | - | |
| intel | xeon_e5_2470 | - | |
| intel | xeon_e5_2470_v2 | - | |
| intel | xeon_e5_2603 | - | |
| intel | xeon_e5_2603_v2 | - | |
| intel | xeon_e5_2603_v3 | - | |
| intel | xeon_e5_2603_v4 | - | |
| intel | xeon_e5_2608l_v3 | - | |
| intel | xeon_e5_2608l_v4 | - | |
| intel | xeon_e5_2609 | - | |
| intel | xeon_e5_2609_v2 | - | |
| intel | xeon_e5_2609_v3 | - | |
| intel | xeon_e5_2609_v4 | - | |
| intel | xeon_e5_2618l_v2 | - | |
| intel | xeon_e5_2618l_v3 | - | |
| intel | xeon_e5_2618l_v4 | - | |
| intel | xeon_e5_2620 | - | |
| intel | xeon_e5_2620_v2 | - | |
| intel | xeon_e5_2620_v3 | - | |
| intel | xeon_e5_2620_v4 | - | |
| intel | xeon_e5_2623_v3 | - | |
| intel | xeon_e5_2623_v4 | - | |
| intel | xeon_e5_2628l_v2 | - | |
| intel | xeon_e5_2628l_v3 | - | |
| intel | xeon_e5_2628l_v4 | - | |
| intel | xeon_e5_2630 | - | |
| intel | xeon_e5_2630_v2 | - | |
| intel | xeon_e5_2630_v3 | - | |
| intel | xeon_e5_2630_v4 | - | |
| intel | xeon_e5_2630l | - | |
| intel | xeon_e5_2630l_v2 | - | |
| intel | xeon_e5_2630l_v3 | - | |
| intel | xeon_e5_2630l_v4 | - | |
| intel | xeon_e5_2637 | - | |
| intel | xeon_e5_2637_v2 | - | |
| intel | xeon_e5_2637_v3 | - | |
| intel | xeon_e5_2637_v4 | - | |
| intel | xeon_e5_2640 | - | |
| intel | xeon_e5_2640_v2 | - | |
| intel | xeon_e5_2640_v3 | - | |
| intel | xeon_e5_2640_v4 | - | |
| intel | xeon_e5_2643 | - | |
| intel | xeon_e5_2643_v2 | - | |
| intel | xeon_e5_2643_v3 | - | |
| intel | xeon_e5_2643_v4 | - | |
| intel | xeon_e5_2648l | - | |
| intel | xeon_e5_2648l_v2 | - | |
| intel | xeon_e5_2648l_v3 | - | |
| intel | xeon_e5_2648l_v4 | - | |
| intel | xeon_e5_2650 | - | |
| intel | xeon_e5_2650_v2 | - | |
| intel | xeon_e5_2650_v3 | - | |
| intel | xeon_e5_2650_v4 | - | |
| intel | xeon_e5_2650l | - | |
| intel | xeon_e5_2650l_v2 | - | |
| intel | xeon_e5_2650l_v3 | - | |
| intel | xeon_e7 | 2803 | |
| intel | xeon_e7 | 2820 | |
| intel | xeon_e7 | 2830 | |
| intel | xeon_e7 | 2850 | |
| intel | xeon_e7 | 2850_v2 | |
| intel | xeon_e7 | 2860 | |
| intel | xeon_e7 | 2870 | |
| intel | xeon_e7 | 2870_v2 | |
| intel | xeon_e7 | 2880_v2 | |
| intel | xeon_e7 | 2890_v2 | |
| intel | xeon_e7 | 4807 | |
| intel | xeon_e7 | 4809_v2 | |
| intel | xeon_e7 | 4809_v3 | |
| intel | xeon_e7 | 4809_v4 | |
| intel | xeon_e7 | 4820 | |
| intel | xeon_e7 | 4820_v2 | |
| intel | xeon_e7 | 4820_v3 | |
| intel | xeon_e7 | 4820_v4 | |
| intel | xeon_e7 | 4830 | |
| intel | xeon_e7 | 4830_v2 | |
| intel | xeon_e7 | 4830_v3 | |
| intel | xeon_e7 | 4830_v4 | |
| intel | xeon_e7 | 4850 | |
| intel | xeon_e7 | 4850_v2 | |
| intel | xeon_e7 | 4850_v3 | |
| intel | xeon_e7 | 4850_v4 | |
| intel | xeon_e7 | 4860 | |
| intel | xeon_e7 | 4860_v2 | |
| intel | xeon_e7 | 4870 | |
| intel | xeon_e7 | 4870_v2 | |
| intel | xeon_e7 | 4880_v2 | |
| intel | xeon_e7 | 4890_v2 | |
| intel | xeon_e7 | 8830 | |
| intel | xeon_e7 | 8837 | |
| intel | xeon_e7 | 8850 | |
| intel | xeon_e7 | 8850_v2 | |
| intel | xeon_e7 | 8857_v2 | |
| intel | xeon_e7 | 8860 | |
| intel | xeon_e7 | 8860_v3 | |
| intel | xeon_e7 | 8860_v4 | |
| intel | xeon_e7 | 8867_v3 | |
| intel | xeon_e7 | 8867_v4 | |
| intel | xeon_e7 | 8867l | |
| intel | xeon_e7 | 8870 | |
| intel | xeon_e7 | 8870_v2 | |
| intel | xeon_e7 | 8870_v3 | |
| intel | xeon_e7 | 8870_v4 | |
| intel | xeon_e7 | 8880_v2 | |
| intel | xeon_e7 | 8880_v3 | |
| intel | xeon_e7 | 8880_v4 | |
| intel | xeon_e7 | 8880l_v2 | |
| intel | xeon_e7 | 8880l_v3 | |
| intel | xeon_e7 | 8890_v2 | |
| intel | xeon_e7 | 8890_v3 | |
| intel | xeon_e7 | 8890_v4 | |
| intel | xeon_e7 | 8891_v2 | |
| intel | xeon_e7 | 8891_v3 | |
| intel | xeon_e7 | 8891_v4 | |
| intel | xeon_e7 | 8893_v2 | |
| intel | xeon_e7 | 8893_v3 | |
| intel | xeon_e7 | 8893_v4 | |
| intel | xeon_e7 | 8894_v4 | |
| intel | xeon_gold | 5115 | |
| intel | xeon_gold | 85115 | |
| intel | xeon_gold | 85118 | |
| intel | xeon_gold | 85119t | |
| intel | xeon_gold | 85120 | |
| intel | xeon_gold | 85120t | |
| intel | xeon_gold | 85122 | |
| intel | xeon_gold | 86126 | |
| intel | xeon_gold | 86126f | |
| intel | xeon_gold | 86126t | |
| intel | xeon_gold | 86128 | |
| intel | xeon_gold | 86130 | |
| intel | xeon_gold | 86130f | |
| intel | xeon_gold | 86130t | |
| intel | xeon_gold | 86132 | |
| intel | xeon_gold | 86134 | |
| intel | xeon_gold | 86134m | |
| intel | xeon_gold | 86136 | |
| intel | xeon_gold | 86138 | |
| intel | xeon_gold | 86138f | |
| intel | xeon_gold | 86138t | |
| intel | xeon_gold | 86140 | |
| intel | xeon_gold | 86140m | |
| intel | xeon_gold | 86142 | |
| intel | xeon_gold | 86142f | |
| intel | xeon_gold | 86142m | |
| intel | xeon_gold | 86144 | |
| intel | xeon_gold | 86146 | |
| intel | xeon_gold | 86148 | |
| intel | xeon_gold | 86148f | |
| intel | xeon_gold | 86150 | |
| intel | xeon_gold | 86152 | |
| intel | xeon_gold | 86154 | |
| intel | xeon_platinum | 8153 | |
| intel | xeon_platinum | 8156 | |
| intel | xeon_platinum | 8158 | |
| intel | xeon_platinum | 8160 | |
| intel | xeon_platinum | 8160f | |
| intel | xeon_platinum | 8160m | |
| intel | xeon_platinum | 8160t | |
| intel | xeon_platinum | 8164 | |
| intel | xeon_platinum | 8168 | |
| intel | xeon_platinum | 8170 | |
| intel | xeon_platinum | 8170m | |
| intel | xeon_platinum | 8176 | |
| intel | xeon_platinum | 8176f | |
| intel | xeon_platinum | 8176m | |
| intel | xeon_platinum | 8180 | |
| intel | xeon_silver | 4108 | |
| intel | xeon_silver | 4109t | |
| intel | xeon_silver | 4110 | |
| intel | xeon_silver | 4112 | |
| intel | xeon_silver | 4114 | |
| intel | xeon_silver | 4114t | |
| intel | xeon_silver | 4116 | |
| intel | xeon_silver | 4116t | |
| arm | cortex-a | 15 | |
| arm | cortex-a | 57 | |
| arm | cortex-a | 72 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
"matchCriteriaId": "CD028C10-FD07-4206-A732-CCAC1B6D043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
"matchCriteriaId": "A93010C0-33B3-438F-94F6-8DA7A9D7B451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
"matchCriteriaId": "2A988A78-6B3D-4599-A85C-42B4A294D86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
"matchCriteriaId": "246AA1B0-B6C8-406B-817D-26113DC63858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
"matchCriteriaId": "00EE5B42-FF05-447C-BACC-0E650E773E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
"matchCriteriaId": "B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F0E3C4-7E9B-435F-907E-4BF4F12AF314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
"matchCriteriaId": "5D616C72-0863-478C-9E87-3963C83B87E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
"matchCriteriaId": "CC333B0D-3A0E-4629-8016-68C060343874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
"matchCriteriaId": "6655535C-FF64-4F9E-8168-253AABCC4F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD68F3F-7E38-40B9-A20B-B9BB45E8D042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
"matchCriteriaId": "1EACEF19-83BC-4579-9274-BE367F914432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
"matchCriteriaId": "24128A7F-2B0B-4923-BA9E-9F5093D29423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
"matchCriteriaId": "0990DD71-9E83-499D-9DAF-A466CF896CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7FEDEF-9772-4FB1-9261-020487A795AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7B0F72-DEDF-40C4-887C-83725C52C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
"matchCriteriaId": "9568C222-9816-4520-B01C-C1DC2A79002D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
"matchCriteriaId": "53A1F23D-7226-4479-B51F-36376CC80B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
"matchCriteriaId": "65AAC7A7-77CA-4C6C-BD96-92A253512F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD16C07-0050-495A-8722-7AC46F5920F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
"matchCriteriaId": "01423706-C82C-4457-9638-1A2380DE3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
"matchCriteriaId": "A881E2D3-A668-465F-862B-F8C145BD5E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
"matchCriteriaId": "6602DD69-E59A-417D-B19F-CA16B01E652C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
"matchCriteriaId": "05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
"matchCriteriaId": "40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
"matchCriteriaId": "ED96AC16-12CC-43F6-ACC8-009A06CDD8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE9DC29-C192-4553-AF29-D39290976F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
"matchCriteriaId": "F625E647-B47E-404C-9C5B-72F3EB1C46F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
"matchCriteriaId": "B5878612-9825-4737-85A5-8227BA97CBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
"matchCriteriaId": "F453D348-28CE-402B-9D40-A29436A24ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
"matchCriteriaId": "36322F4B-83D7-468A-BB34-1C03729E9BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A2A50E-94FA-44E9-A45D-3016750CFBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
"matchCriteriaId": "5625CAD8-4A62-4747-B6D9-90E56F09B731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
"matchCriteriaId": "43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE1A01-3AEF-41E6-97EE-CB93429C4A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
"matchCriteriaId": "410184AF-B932-4AC9-984F-73FD58BB4CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
"matchCriteriaId": "B265F073-9E0A-4CA0-8296-AB52DEB1C323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
"matchCriteriaId": "3F664223-1CBC-4D8A-921B-F03AACA6672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
"matchCriteriaId": "987A8470-08BA-45DE-8EC0-CD2B4451EECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBC9542-FB77-4769-BF67-D42829703920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
"matchCriteriaId": "74FDC18B-4662-422E-A86A-48FE821C056F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
"matchCriteriaId": "723E7155-493D-4B5A-99E2-AB261838190E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
"matchCriteriaId": "82E37264-E4BA-4D9D-92E7-56DE6B5F918F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
"matchCriteriaId": "8704BE6D-2857-4328-9298-E0273376F2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
"matchCriteriaId": "C1289B9E-5725-42EF-8848-F545421A29E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:32nm:*:*:*:*:*:*:*",
"matchCriteriaId": "50287A9B-366F-41F2-BEBD-D4C64EF93035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:45nm:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB79F2F-5522-45D3-A1D1-DC2F5A016D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:32nm:*:*:*:*:*:*:*",
"matchCriteriaId": "9749C2B0-B919-4172-A2AD-04C99A479F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:45nm:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1F45A1-A17D-4895-8A71-00010C7E55D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:32nm:*:*:*:*:*:*:*",
"matchCriteriaId": "D46BF41F-C44C-4D87-862E-0D156A2298DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:45nm:*:*:*:*:*:*:*",
"matchCriteriaId": "5927D78A-EE05-4246-A141-4A8815AB228B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:32nm:*:*:*:*:*:*:*",
"matchCriteriaId": "579FC479-DEA0-415D-8E8F-18A81A85A471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:45nm:*:*:*:*:*:*:*",
"matchCriteriaId": "CEECAA34-57F4-4B01-857C-C8454E1EDCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium:n4000:*:*:*:*:*:*:*",
"matchCriteriaId": "967252A4-EC1F-4B31-97B8-8D25A3D82070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium:n4100:*:*:*:*:*:*:*",
"matchCriteriaId": "3205757B-07DB-4115-B3E0-4DF9D0EA2061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium:n4200:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF8ABFA-BBFD-42F5-9769-00F8CD67F7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
"matchCriteriaId": "88AF1366-8A14-4741-8146-886C31D8D347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver:j5005:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEAA43A-4D97-4E13-82E1-895F3B368B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver:n5000:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6BAE0B-103D-430E-BAE9-429881620DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2832E8BF-7AC7-444C-B297-66F770860571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:125c_:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0A534-1749-4ED3-8F18-BF826D84EB56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1220_:*:*:*:*:*:*:*",
"matchCriteriaId": "B581515E-29CC-462F-BB10-4EA6DE2D6637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1275_:*:*:*:*:*:*:*",
"matchCriteriaId": "036D395E-AFE8-4D61-91CC-E9B3CD8B6380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA72FB-E78D-419E-AA82-B0538C6504D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "687C3BF3-D71A-49AD-8A05-EAC07CBCD949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "90AF90D9-16C4-4F8A-9868-3E2823E3445C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C063C53-8970-45B1-85F8-FB2080BF4695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "64596ED7-794A-4D23-987B-D9AD59D48EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDA48F0-0F35-4A8F-8117-B0B28E00AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "A561A8E8-79E2-4071-B57D-590C22EF86A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "92E46658-60AB-4758-9236-3AC0E6464383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "207B8FBA-E2FF-485A-9AD9-E604AE0FB903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "33F99640-C753-40BE-A0A1-4C2D92E7DB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:3600:*:*:*:*:*:*:*",
"matchCriteriaId": "36609915-9E0D-4204-B544-4832E1195BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:5600:*:*:*:*:*:*:*",
"matchCriteriaId": "3612AC78-4904-4830-85DF-38A38F617379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:7500:*:*:*:*:*:*:*",
"matchCriteriaId": "B79CC0FA-3DA1-4812-8E73-B0FF0752E31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5502:*:*:*:*:*:*:*",
"matchCriteriaId": "D12F3759-48D2-4208-AD5B-3AC8B012D061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5503:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C61D9B-2733-4A67-9D6A-2290123C0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5504:*:*:*:*:*:*:*",
"matchCriteriaId": "44C3C383-6927-44AD-9488-8B916D5959ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5506:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC1E41C-7A17-42B7-936D-09A236D9C4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5507:*:*:*:*:*:*:*",
"matchCriteriaId": "E814CB3E-4542-4E3E-91E8-D97EA17C0B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5520:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD43D7C-932B-463F-8EB2-3A115FBED4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5530:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCD70F8-D81D-467B-8042-5D3B9AC513E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e5540:*:*:*:*:*:*:*",
"matchCriteriaId": "D05C68D0-4771-4338-9761-6428195F0318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e6510:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FC2878-389F-4687-8377-E192A1C519BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e6540:*:*:*:*:*:*:*",
"matchCriteriaId": "4B24CEBE-51B1-4EC5-8770-BFDB0625193A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:e6550:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD85A8-39D9-4248-96FE-CAEF4BC7CD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l3403:*:*:*:*:*:*:*",
"matchCriteriaId": "8320D28B-B10D-47AE-9B65-51304F93F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l3406:*:*:*:*:*:*:*",
"matchCriteriaId": "35AD843A-EBB1-42BE-A305-595C23881404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l3426:*:*:*:*:*:*:*",
"matchCriteriaId": "0D457B8B-50A6-411C-8528-96915B697C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l5506:*:*:*:*:*:*:*",
"matchCriteriaId": "3934C421-BD11-4174-83F4-3E20176F03F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l5508_:*:*:*:*:*:*:*",
"matchCriteriaId": "45EE1BA7-5356-4421-9CF2-48DA09EBAE3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l5518_:*:*:*:*:*:*:*",
"matchCriteriaId": "92FE452A-EE8B-4ACE-96B1-B6BD81FAC9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l5520:*:*:*:*:*:*:*",
"matchCriteriaId": "47195FE7-3692-42C4-B29E-679A6FE0E220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:l5530:*:*:*:*:*:*:*",
"matchCriteriaId": "C033BBFA-67F4-4F24-A042-FF996B327976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:w5580:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF7A770-3E90-4466-8595-8E523D82BC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:w5590:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7922C0-AB84-4331-BE8F-71A0D95D4F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x3430:*:*:*:*:*:*:*",
"matchCriteriaId": "648CB034-89BF-48FF-A3BF-C84C08FE09E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x3440:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7DC164-65FF-483A-AD69-3E23E449E52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x3450:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3DCB95-5139-44C6-8151-8CEFD37F9DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x3460:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5FEA46-49A2-4082-98D2-56E698A56909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x3470:*:*:*:*:*:*:*",
"matchCriteriaId": "0B85D7F3-1FA5-4FE1-AAFF-CEE8DF822CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x3480:*:*:*:*:*:*:*",
"matchCriteriaId": "80607FEB-8908-40F6-B702-FD56D849E2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x5550:*:*:*:*:*:*:*",
"matchCriteriaId": "97F20575-82C0-466D-8FDD-AAC034247D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x5560:*:*:*:*:*:*:*",
"matchCriteriaId": "648E21A8-6B5F-4C97-A71A-44B97DBB4FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:x5570:*:*:*:*:*:*:*",
"matchCriteriaId": "172EA906-A08F-4D2A-9814-937C07F77C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBA35BD-1048-4B6E-96B2-1CFF615EB49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979FEE9F-A957-43B6-BB6D-1A851D6FA11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7AF59D-D05E-47F9-B493-B5CD6781FDDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF7EC93-0170-45A9-86C7-5460320B2AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7B1C2-D2CE-485A-9376-27E14F3FA05A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F803AC-DCC7-43FC-BEB3-AA7984E0506C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "560993AA-299D-42B7-B77F-1BD0D2114CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C582B1C-1DAC-48FD-82DD-7334C10A2175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7862B0C-2C44-4110-A62A-083116129612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "048C5996-F719-4338-B148-0DD1C13E02FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9FF7FB-AB5A-4549-8C15-E69458C649E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF6608-B650-4C77-9823-0AD57B3484F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE6A2D7-901C-45F9-B487-D674047D522E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADCB509-5B0E-4592-8B23-EC25A3F79D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB51691F-089F-4016-B25E-238074B06C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAAC728-6A0F-4675-9677-AAF7DD5D38ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA37503-FD3D-4220-933C-234631D6EDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72992831-2A76-456B-A80C-944BDD8591E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A79C2131-5566-4CC2-B6ED-38E3F6964500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60BFDAA6-3DFC-4908-BC33-B05BAB462F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6266056-770A-4E2D-A4FC-F1475257648E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "929AA8F3-8BDF-4614-9806-6D4231735616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "605D7552-8184-4B11-96FD-FE501A6C97DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3144BBDE-CC96-4408-AA02-ECC3BF902A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8BA77A-34E3-4B9E-822A-7B7A90D35790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7165B43-ED22-4714-8FA4-1E201D1BFA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67CFB133-FAF0-431A-9765-8A9738D6D87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2975B0F2-DB7C-4257-985A-482ED2725883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70221E07-3C2E-4A82-8259-AD583EB5CDDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "427DFD78-56CD-43C4-948E-F53AF9D669F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75AD7649-3FEA-4971-9886-6C9312B937A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE972C-6BAE-4342-BA01-1D685487F9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27CDFE3B-C064-49A9-BD43-3F7612257A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD0EEC1-D695-41A5-8CD6-9E987A547CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF25B8-D474-4C6B-8E45-F57DDC7074E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF18FD1-6670-4C3C-8000-A079C69D575E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "921EB5A5-F911-4FCE-A6F1-C66818B34678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13878C13-1C7C-4B83-AF27-4998E8F659DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "023063E1-2DD7-487C-A8A7-939FAEE666A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77255CE6-D7B7-4B48-993C-7100A1170BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40AC368-3A14-4EFF-A8D0-7EFB4C83045D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C07E80D5-70A5-49C9-9044-D683C7ECCFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63668AF4-F29C-4424-8EC5-2F0A5950DD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09C1C7CD-538D-4D7A-A81C-10DF5376A479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5922F749-2B23-44B8-8A46-F31BCAEAD279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48BBAF-6B27-43D6-B86B-40CD8E7BA056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D75D0EEB-707C-4C86-A569-E91E9F00BA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FB0E20-0243-40A1-8DEF-37150791222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CFF26D-8AD3-4179-9E4C-F06D7C858C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7541572C-229F-4963-B7F0-06EB3323E53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "479F7C77-D16F-4E40-9026-3EB8422E0401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB08C8-0018-4A8E-A206-097BDDF83B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7193E85-30BE-42D5-A26B-3F88817F3574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "446E8515-45FC-4B8B-8D12-60643D64C07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBDF6B2-D388-4639-87D8-064AA3F6B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00AAB8B6-B614-4EAA-BA90-C5326CB5D07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A371DF9-E224-404F-99C2-C2A4607E62D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F40E356-365D-44B7-8C38-A0C89DDD6D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3132029-89F8-4359-A0DC-A275785266A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B02F5685-0636-48AB-B222-434CA1F3B336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED4693C-DECF-4434-90C0-56158F102E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB408A6B-0842-43DA-9180-B0A299FCBCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6215EBAC-7C75-4647-9970-482120897F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1BD2B6-1AF6-4AD4-94FA-94B453A21908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1FD6E8-80EC-461F-9ED1-CE5912399E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E96F585E-BDEF-45EE-B0AB-94FE23753AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "3279C067-3058-4D46-A739-05404FD0E9B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0855225-F501-486A-BD03-2A86FD252B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "214C7B0C-C438-4000-9F9B-6D83294243AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91AA2E-4BB2-49C8-9364-4E363DF42CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA26781F-5A1C-4DA5-835E-D984D697F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEA4222-F25D-4457-80AA-6D05CA918D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "6777AC35-9D1F-4153-94AC-B25627D730E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F063F4-8994-4E46-BA7B-A12A112009BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6F2DE5-AF11-439A-8D37-30CB882ECD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E213DD86-5419-42C8-BF38-7795DDB3C582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "A972291E-5231-439D-873B-2F87BCAF800A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C089CC54-3229-43D7-AA15-73CFA1A43EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
"matchCriteriaId": "EF268D83-C15D-4559-A46F-844E1D9264F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE97C0D-3EA1-4314-A74A-7845C7778FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "34293F29-F327-4ADD-BF62-78F63F79BB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
"matchCriteriaId": "528C0A46-1CC4-4882-985A-0BB41525BC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "643F3522-A452-4927-944D-532574EC4243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "58F40B78-4DBA-44EE-8420-086789EFF53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "423BFD8F-4B50-43DA-9979-75FD18FBC953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAD4A68-0481-476F-BBBD-3D515331368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "838CEB7C-7C4C-416C-86CE-6E8DD47EF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7D021F-3C97-45B3-B1F7-0AC26959F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A31AEF3-448D-417B-9589-4BA0A06F2FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A1D96F-7FFD-413F-ABCE-4530C3D63040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8343FE-1320-40AE-A37F-70EF1A4AC4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD42BA5A-7DA0-409D-8685-E43CF9B61D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FF80E9-CF28-4EF6-9CFE-4B500A434674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "647B77A4-2F49-4989-AF43-961D69037370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "805B1E33-F279-4303-9DF3-C81039A40C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E0AAE-6539-4024-9055-BE0BAD702143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1A8828-0765-4799-AD6C-143F45FAAD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D34618-1CCA-405B-A49C-EB384A09C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "575D6061-66BC-4862-BC84-ECD82D436E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "56B6EE64-1AD4-46B2-BA65-BB6282E56EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "11650B45-0BDA-42BF-AEF3-83B48DD6A71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3C92BA-827B-48AF-BBB3-FB60A9053C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB44CA7-DFE6-4B1A-9A63-97AE30017E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B305EFA-6226-412C-90EE-F0691F2DDDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3874FA-63CB-4B5D-8B64-CE920320A4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "0800ED17-50E4-43F3-B46C-591DFA818BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
"matchCriteriaId": "A46B0405-F301-4209-8766-6E12EAFAD157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99F9F1F-A967-4884-96CF-4488102DC0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9B37AD-4599-425B-B39F-E571F4975266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A5F1CF-A1E6-45F1-8B09-36566778DB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "698C8A49-888B-4675-B3B0-25EDE2FD515E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "70D98F97-8EF4-48B5-84BE-C3CC27031FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
"matchCriteriaId": "B473D1FA-909B-492E-9C5B-94B0E20E1C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD5EA7E-322E-4CE6-89D4-7DB1055C9034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "67836379-4E1A-45CD-9506-7D3F612E47C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1BBC61-8664-4452-93A7-DDB4D2E4C802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "044F0375-DF2F-4D9B-AD7E-473D34165E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0655CA-A88C-4632-9A18-560E3F63B2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6965851-3B29-4C21-9556-97FD731EAA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
"matchCriteriaId": "52984FD2-44E0-4E91-B290-0376737EEF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF933366-7503-4F8D-B7AA-F6A16210EC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2DAF5D-5BB7-49C6-8426-8B547505B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EABB21D-D021-434B-B147-CAF687097A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
"matchCriteriaId": "7609424D-95F1-4493-A20C-B1BA4EC6439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "966DC636-C802-4D9F-8162-652AFB931203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "A75794EB-A5AF-43F0-985F-D9E36F04C6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "31C2CFF0-98FD-4A0D-8949-D554B2FE53D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
"matchCriteriaId": "05F9217F-5028-4659-AA8E-F60548DE4D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC769DC-CF2E-4A3C-A610-264F024E6279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2B1CBF-D155-49BC-81A4-4172F177A5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "370B2B32-519E-4373-8A04-5C5025D688BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "83D9B562-C279-4A55-A347-F28FC4F9CD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A8C2BA0-48A8-4107-8681-A7C34C553D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B009DE-A82F-4569-9B42-EC1EC4DA8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "683B6E83-37FF-4F9B-915F-059EBB29DB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E218718F-4BE6-48B0-A204-9DD4A932A654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0AB327-B60A-473C-9D36-97766EE62D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA249EE-4786-4E27-8787-5E8B88C2AEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBD0529-1CF3-44E5-85B3-19A3323C9493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D664EE97-07EC-410F-94C3-AEAB2C6A627D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31DB981-03B1-4A84-8D87-CD407C3C149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBD155D-89D9-4677-A621-4D7613BE65C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D02BD0D4-FFFD-4355-97D8-170362F10B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6635781A-2651-4EF2-A5AC-AEEEE63FDE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCE6930-760A-48C0-B964-1E3ED6A8517C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E52DE90-DF96-4CE7-B8D1-226BA50E4D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EB40E7-9B91-4106-B303-2B70AF395BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB0D5CD-8AF3-409D-96A7-718641D4B90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E420B0B-0CD5-41C7-B25A-3DB856055F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0C295B-0D63-4BE7-830D-D927E00C301C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "605C340D-2220-4669-B827-9009CB099E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8791879D-2908-4F57-8DB3-6D24100A9108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E823DC5B-98BE-4656-BFBF-3A7018F8F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64E8D558-ADE0-4358-9C76-7BD77BF23AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7973B3D0-F244-4E26-88F5-A2D9BF2E4503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5CB567-4F86-4466-BE4D-BFF557ACAE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A52611B-6583-4660-90D7-C9472728072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E80C6E89-B57C-47BB-8B95-50C03DFB3B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB685B-FEE1-41EF-A046-1B34619E12A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9F6724-967A-4AF0-9896-12BF6164B2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1116BF-12D7-47CC-98DB-18B200CF9C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBB28DE-726B-4AF0-88A5-35987E1E648B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1880E2B8-5E0E-4603-8D17-3ABA43D28179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAFBB92-1917-4238-832B-195FBE418271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91DFDF3F-9A3F-42B8-99A1-A3F76B198358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8778F972-BF34-482F-9FA7-71A77F6138E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F288BB0-FE7A-4900-B227-BE80E4F4AADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E16338-A094-4CA9-B77F-6FE42D3B422C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E07AB33-5351-487D-9602-495489C7C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22115ED6-1707-4840-B0D1-AD36BC0C75A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C633BC-831F-4CB7-9D62-16693444B216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD501E1-E78F-44C6-8A13-C29337B07EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9085BA0B-B7E2-4908-90C0-B4183891C718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81971C2F-137A-4F11-8C93-3B99D4CD1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0BDAC-398E-406B-B2DB-AE049D6E98B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86AFDE6C-DE58-4C4D-882E-474EF6C3D934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
"matchCriteriaId": "950C6BF9-AA47-4287-AC01-D183237490FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2355181D-D8EE-4F80-8280-13D5CBCF4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5209343F-66B0-4DC0-9111-E2E64CFF7409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "720109A6-B79E-48E1-9AE7-7708B154788E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82FF0DBD-AE13-4232-80F7-F4C2E2CC9721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E944ED-8C02-46B8-BF95-0CE4C352753B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77AEA3D1-4846-46E2-9B80-20B19F00DC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1576978F-E93D-4A47-90B6-6A4E3A7DE558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D339FE5-001F-4005-88A5-CFFE37F9B63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDABA86-497E-497E-A5BA-46F913A4840A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD886F4C-DB6F-4DDD-9807-8BCBB625C226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C454B7-E5F4-4AAE-B577-FD71FA002C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38BE2781-3A06-4D62-AC8B-68B721DA526B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA23772-2EB8-4BEE-8703-26D967EC4503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DC766A-B1F9-4B83-9F9B-CF603EE476BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA594740-43C5-4F42-BA5B-00CA8AE7BB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572B16E2-8118-43A0-9A80-5D96831D55FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB5C551-BADC-4A3A-93E5-2EBCA0704C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5383B7A3-1569-4FEB-B299-B87CE8C8A87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A05BBDE0-6C47-4489-9455-7DA7D230ECA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1789AA69-EA31-44D1-82E6-228E48E18586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7D5FF-3B1F-4C64-BB81-7A349765520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F0498B3-393A-4C32-B338-E6014B956755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C451F752-6869-4AFA-BAE5-5C9A54427BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83710FD1-099B-436D-9640-061D515E10BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "517B71CE-6156-40E1-B068-A2B733E205E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11DEEEE5-5055-4CE1-962C-C5F075F4CC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8718DDAB-3208-48CF-9BCE-54DA1257C16A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1AA901-E822-4240-9D82-C9311E4F87B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CDE3DF-8E79-4997-94EB-B517FFCAE55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A0DE13-EB0B-493B-BC84-3AEB3D454776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1727697B-1F59-4E29-B036-C32E9076C523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E69E827C-C0D0-46C7-913A-1C1E02CEAACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2528F3F9-34DC-41DA-8926-382CB3EF5560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E452C262-5A8D-4D97-BC7F-A4F5FF53A659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D57BF69-D750-4278-98AA-976B0D28E347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76ADAE30-6CAD-4F5B-B6F7-C18953144C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A25D792-E21D-43EE-8B9D-67DE066DE5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C669783-C058-4B4F-BB9A-84B2C4682247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "159B088B-9A85-4CAA-854A-AA080E528F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE74A94-FE8F-4749-A35A-AB7D57E24913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "990AC341-0E67-4A81-87E9-EE3EFD9E847E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53BC18B0-58F1-4477-9978-CA7383C197FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "474992FB-842D-4661-A565-44AF2CD78693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "476E1B79-5342-4895-96D7-E97DFC1F5334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD318D5-89A6-4E28-939C-C5B61396806B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A32C7E89-32ED-4328-9313-FA7D3DDBDC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2792EED8-2CBD-478E-BC09-05FE830B3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97B1AF2F-6E48-4DBD-A60E-3088CA4C3771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
"matchCriteriaId": "34E1691D-65B3-45E4-A544-8B29E38D569D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
"matchCriteriaId": "E42F2703-B8AB-410E-AF7B-CD0BE777F061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
"matchCriteriaId": "31244C94-00A3-499C-A91A-1BEF2FB0E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
"matchCriteriaId": "878FF6E8-8A6D-44CE-9DD1-2C912AB8A193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "5078A95B-2BD8-4A37-A356-F53D1A53CB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFE67CD-DE53-4C4E-8245-35902AEFA6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
"matchCriteriaId": "9F231D31-3AAD-4C5D-A225-D2DF94486718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "5998DF5D-E785-45EC-B8D0-1F4EC4F96D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "EADFD013-0BFB-427C-98E6-F9E4774DCBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "58620B10-FEA6-456D-B6B5-2745F5DBE82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4858A1F0-97F2-4258-AB98-027BF1EC5117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C961A8B-EAFD-4F66-9432-BCC0D154ECCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "052DE6CD-A1E7-4E81-B476-66EF451061C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "751B3AC8-D45E-46B6-83D5-311B693F3C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "9588277A-0B97-4408-9CF7-11271CDAADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "479FE854-85E5-4ED0-BFAF-2618C9053082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
"matchCriteriaId": "E048B9BF-77C8-49F7-9F2D-9999F79BA264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD16D4D-E816-486D-96F4-5A2BF75B959F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "169C558E-1A83-47D5-A66B-035BD1DD56FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "D683E509-3FB2-4175-BCAB-4EB1B5C04958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCFA915-5445-4732-9F8F-D7561BA4177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "63A9FD98-C22D-48F6-87A1-60791C818A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "85F99F24-1783-4E6E-BE61-04C2E80356ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
"matchCriteriaId": "85289E4C-C813-4677-867D-EE8E98F4A1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "27C8150F-BEFA-406D-9F0D-E7CB187E26AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
"matchCriteriaId": "1E807F90-819F-4103-B1F7-4CE46971BD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD93203F-71B9-4F87-B5D8-FD273451C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E652C74-C48D-4F29-9E85-09325632443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "99158191-3013-4182-8A53-5DFCA1E2C60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E39A3E-7EAE-47C9-930B-58A980B73FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDA54BA-C00D-4890-9B7F-328257607B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5EFB1E-334C-4B55-8E2E-6AE19B34774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8260DCA-2F0C-45F7-B35F-D489AF5639F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "7778F81B-6D05-4666-B1D4-53DB0EC16858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC6706A-61F7-4AA0-B2FF-0FFDF739A644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF1B16B-02F2-4ECA-938E-B5CDCFC67816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5501D8-1B0D-4F5A-AFD7-C63181D3281F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "1751F0CE-A0D3-40E2-8EEC-D31141FE33A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF9AFA7-BBE8-4229-94CB-5A9596728BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
"matchCriteriaId": "E23A777F-68A4-4217-A75A-4D8A27E6451A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "392A4337-11F6-4980-A138-4FDBCAD0EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E9BB67-F1FF-4190-889F-78B965CCE934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "35607317-0928-4297-A33E-D44BEE1BBEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "D48323B1-7FEB-451F-A064-23E7CE7F6403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5763189-7980-4A72-92C9-1908FE9E15EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "C53ACD49-DA21-4DDE-A0AA-FCCD59D29886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4326D350-EBC2-48E6-A2C6-0499F6826CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8594E6FE-B6DB-4343-B3DD-AEC19923DAF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCADA00-E453-414D-9933-FCB43D21BBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62212D9-F707-4A8E-AB2A-A3985E7A4049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "561755A8-8AAD-4F41-8266-747EFDAF2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F4BB0F-DAF4-479B-B78A-7929C151AA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "A207312E-1D35-4464-A111-22C4C793E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B16E32-07D5-445B-BAA5-4E4A0881BFC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF08F6B-2ECB-414C-82D7-C06085BF8B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "21032BE3-74D8-4C3F-B461-158F475B6853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9AC992-59B7-44EE-9FF3-567AC48938AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:85115:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB6A2ED-D433-4A8E-8044-02571D0BBD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:85118:*:*:*:*:*:*:*",
"matchCriteriaId": "4F819519-61B6-4ED0-8A23-509D6B26ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:85119t:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D81C40-4BD0-4D25-95B4-44BE2011F117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:85120:*:*:*:*:*:*:*",
"matchCriteriaId": "85C3A39E-29D3-4C02-89A6-D5B3475EF592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:85120t:*:*:*:*:*:*:*",
"matchCriteriaId": "C70340A2-71DC-4D4D-BA2E-2B2E9ACDBE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:85122:*:*:*:*:*:*:*",
"matchCriteriaId": "586DB792-9FF6-4253-9DAE-F3ACA3F1C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86126:*:*:*:*:*:*:*",
"matchCriteriaId": "330576E9-3A92-4E22-BBC0-94A12ACE1032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86126f:*:*:*:*:*:*:*",
"matchCriteriaId": "5C644430-A075-40E1-8E35-15B97D8E9078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86126t:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC094AC-0A3A-43F3-823A-089235D04A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86128:*:*:*:*:*:*:*",
"matchCriteriaId": "5835FB20-922D-4478-8E4B-A53CCEE46198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86130:*:*:*:*:*:*:*",
"matchCriteriaId": "667A34BF-8699-477D-B30A-CEF0A36FC81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86130f:*:*:*:*:*:*:*",
"matchCriteriaId": "FE586938-ED60-40EA-8177-30267C7A3E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86130t:*:*:*:*:*:*:*",
"matchCriteriaId": "CF902C36-0708-4B93-9504-5EA7EEDD628F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86132:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BC5EBB-2F1A-45C4-A8A7-122FBE4CBC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86134:*:*:*:*:*:*:*",
"matchCriteriaId": "795F5800-8C06-426B-80AA-20F8E402ACAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86134m:*:*:*:*:*:*:*",
"matchCriteriaId": "173E49AF-95A9-4DAE-8C74-13CFCA8F0726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86136:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE96391-4F25-4505-B757-D1F15ABD9FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86138:*:*:*:*:*:*:*",
"matchCriteriaId": "D037E4BA-35B9-42CB-9DDE-BED3DF49B958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86138f:*:*:*:*:*:*:*",
"matchCriteriaId": "43288516-FA4D-4D8F-9E69-EA27115EB43B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86138t:*:*:*:*:*:*:*",
"matchCriteriaId": "13EF19E9-FE9A-4ED7-8D9E-848F10C088B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86140:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB72D0E-0E34-4EF3-98FB-52BE4A135D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86140m:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE7F94-D938-40BA-A1F6-CE52D0B74ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86142:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E39247-337C-49D1-BF1B-504F2DA4EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86142f:*:*:*:*:*:*:*",
"matchCriteriaId": "A45FA7CB-6523-4042-8832-193D87102F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86142m:*:*:*:*:*:*:*",
"matchCriteriaId": "61E350A6-9EC7-4E14-9790-040F154CE15D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86144:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D70B4E-6B85-459C-AACA-59AB5CCC0B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86146:*:*:*:*:*:*:*",
"matchCriteriaId": "565EB5E9-3B86-4353-BFF6-3F5D27140B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86148:*:*:*:*:*:*:*",
"matchCriteriaId": "A32CBB5D-392A-4CD1-82D3-A97D822FADFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86148f:*:*:*:*:*:*:*",
"matchCriteriaId": "383E08FE-EE7A-4E41-9AAD-786779D4B5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86150:*:*:*:*:*:*:*",
"matchCriteriaId": "2D50C6D5-3452-4214-B3FF-9F8009D75C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86152:*:*:*:*:*:*:*",
"matchCriteriaId": "A93954C6-9B01-4CEB-8925-5D3F415AFC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:86154:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7D54E5-6EDE-44DE-AEA6-F7F76E3EC36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB2949C-4699-49EF-83EB-31199E0CE2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
"matchCriteriaId": "66C169DC-EEFE-4DE6-A3D0-65B606527240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
"matchCriteriaId": "FD28227A-8888-43B2-BC41-8D54B49DA58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
"matchCriteriaId": "7984BAEA-4518-4E17-830E-B34D09648BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2214E5-491E-448F-A4B6-A497FB44D722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE93013-C262-46A5-8E77-D647881EE632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
"matchCriteriaId": "85B53CEC-943F-4966-8EC1-CB2C6AD6A15B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAC04A3-EBE3-406B-B784-A3547162ECE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
"matchCriteriaId": "15720FFE-B2A4-4347-BCD7-DFA6774C0B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
"matchCriteriaId": "50F46B0E-C746-44B4-B343-E3DCAB4B98DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE30903-4F75-4D71-A8BB-44D1099E9837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
"matchCriteriaId": "98311EAA-26C8-4092-8BE5-4E7BEAA68DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8CF348-811C-4342-ACB9-AFCABCC34331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
"matchCriteriaId": "71998EC5-EC0F-496C-B658-3CD91D824944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F19B2A-E7A1-4B97-AC40-02B0D3673555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6387C9-C0A8-4B26-BC62-802775CD0AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEB0164-77C2-4EC2-92FD-5FCE246119CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB20210-337C-4220-8CA1-F4B2BC54EBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
"matchCriteriaId": "F699569F-4F52-4CC0-90D9-CC4CBC32428A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAED22B-D097-49C4-ADDF-4B3F3E1262D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
"matchCriteriaId": "7756B588-5A63-4508-8BDD-92DB8CB0F4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
"matchCriteriaId": "316E26AE-67A5-4E75-8F9B-ECF4A03AED51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
"matchCriteriaId": "001AB619-157E-40B4-B86C-5DB18245D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
"matchCriteriaId": "38D51E27-28A3-47A1-9C36-1A223858E352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
"matchCriteriaId": "365DF3EF-E7D1-41FC-8382-D3B095542D59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
},
{
"lang": "es",
"value": "Los sistemas con microprocesadores que emplean la ejecuci\u00f3n especulativa y que realizan lecturas especulativas de registros del sistema podr\u00edan permitir la divulgaci\u00f3n no autorizada de par\u00e1metros del sistema a un atacante con acceso de usuario local mediante un an\u00e1lisis de canal lateral. Esto tambi\u00e9n se conoce como Rogue System Register Read (RSRE), Variant 3a."
}
],
"id": "CVE-2018-3640",
"lastModified": "2024-11-21T04:05:49.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-22T12:29:00.327",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104228"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"source": "secure@intel.com",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"source": "secure@intel.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"source": "secure@intel.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"source": "secure@intel.com",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"source": "secure@intel.com",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"source": "secure@intel.com",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"source": "secure@intel.com",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"source": "secure@intel.com",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"source": "secure@intel.com",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…