CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2020:0174 https://cdrdv2.intel.com/v1/dl/getContent/685359 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180823-0001 https://www.oracle.com/s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-3619
https://notcve.org/view.php?id=CVE-2018-3619
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access. Vulnerabilidad de divulgación de información en el medio de almacenamiento en sistemas con el módulo de memoria Intel Optane con Whole Disk Encryption podría permitir que un atacante recupere datos mediante el acceso físico. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00114.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-3628
https://notcve.org/view.php?id=CVE-2018-3628
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet. Desbordamiento de búfer en el manipulador HTTP en Intel Active Management Technology en Intel Converged Security Manageability Engine con versiones de firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x y 11.x podría permitir que un atacante ejecute código arbitrario mediante la misma subred. • http://www.securitytracker.com/id/1041362 https://security.netapp.com/advisory/ntap-20190327-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-5704
https://notcve.org/view.php?id=CVE-2017-5704
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. El firmware de código de muestra de la aplataforma en los procesadores Intel Core de 4ª, 5ª, 6ª y 7ª generación podría exponer información de contraseñas en la memoria a un atacante local con privilegios administrativos. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00160.html • CWE-522: Insufficiently Protected Credentials •
CVE-2018-3629
https://notcve.org/view.php?id=CVE-2018-3629
Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet. Desbordamiento de búfer en el manipulador de eventos en Intel Active Management Technology en Intel Converged Security Manageability Engine con versiones de firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x y 11.x podría permitir que un atacante provoque una denegación de servicio (DoS) mediante la misma subred. • http://www.securitytracker.com/id/1041362 https://security.netapp.com/advisory/ntap-20190327-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •