CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9989
https://notcve.org/view.php?id=CVE-2018-9989
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. ARM mbed TLS, en versiones anteriores a la 2.1.11, anteriores a la 2.7.2 y anteriores a la 2.8.0, tiene una sobrelectura de búfer en ssl_parse_server_psk_hint() que podría provocar un cierre inesperado o una entrada no válida. • https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9988
https://notcve.org/view.php?id=CVE-2018-9988
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. ARM mbed TLS, en versiones anteriores a la 2.1.11, anteriores a la 2.7.2 y anteriores a la 2.8.0, tiene una sobrelectura de búfer en ssl_parse_server_key_exchange() que podría provocar un cierre inesperado o una entrada no válida. • https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1 https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215 https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released • CWE-125: Out-of-bounds Read •
CVSS: 5.6EPSS: 0%CPEs: 1065EXPL: 1CVE-2018-9056
https://notcve.org/view.php?id=CVE-2018-9056
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. Los sistemas con microprocesadores que utilizan ejecución especulativa podrían permitir la revelación de información no autorizada a un atacante con acceso de usuario local mediante un ataque de canal lateral en el predictor de saltos direccional, como se ha demostrado por una tabla de historial de patrones (PHT), también conocido como BranchScope. • http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-more-branch-prediction-attacks • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-18187
https://notcve.org/view.php?id=CVE-2017-18187
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. En ARM mbed TLS, en versiones anteriores a la 2.7.0, hay una omisión de comprobación de límites mediante un desbordamiento de enteros en el análisis de identidad PSK en la función ssl_parse_client_psk_identity() en library/ssl_srv.c. • http://www.securityfocus.com/bid/103055 https://github.com/ARMmbed/mbedtls/blob/master/ChangeLog https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28 https://security.gentoo.org/glsa/201804-19 https://usn.ubuntu.com/4267-1 https://www.debian.org/security/2018/dsa-4138 https://www.debian.org/security/2018/dsa-4147 • CWE-190: Integer Overflow or Wraparound •