Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for jetson_tx1 by nvidia

    CVE-2021-34400 (GCVE-0-2021-34400)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure.
    CWE
    • CWE 226: Sensitive Information in Resource Not Removed Before Reuse
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.808Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:27.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34400",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34400",
        "datePublished": "2021-11-20T14:55:27.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34399 (GCVE-0-2021-34399)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.
    CWE
    • CWE 226: Sensitive Information in Resource Not Removed Before Reuse
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:25.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34399",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34399",
        "datePublished": "2021-11-20T14:55:25.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23219 (GCVE-0-2021-23219)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure.
    CWE
    • CWE 1190: DMA Device Enabled Too Early in Boot Phase
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Maxwell (except GM206), Tegra X1, Tegra X1+
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Maxwell (except GM206), Tegra X1, Tegra X1+"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1190: DMA Device Enabled Too Early in Boot Phase",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-08T18:36:13.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23219",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Maxwell (except GM206), Tegra X1, Tegra X1+"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1190: DMA Device Enabled Too Early in Boot Phase"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23219",
        "datePublished": "2021-11-20T14:55:24.000Z",
        "dateReserved": "2021-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23217 (GCVE-0-2021-23217)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.
    CWE
    • CWE 1190: DMA Device Enabled Too Early in Boot Phase
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1190: DMA Device Enabled Too Early in Boot Phase",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-08T18:36:12.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1190: DMA Device Enabled Too Early in Boot Phase"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23217",
        "datePublished": "2021-11-20T14:55:23.000Z",
        "dateReserved": "2021-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23201 (GCVE-0-2021-23201)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.
    CWE
    • CWE 1240: Use of a Risky Cryptographic Primitive
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1240: Use of a Risky Cryptographic Primitive",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-08T18:36:11.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23201",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1240: Use of a Risky Cryptographic Primitive"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23201",
        "datePublished": "2021-11-20T14:55:21.000Z",
        "dateReserved": "2021-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1125 (GCVE-0-2021-1125)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.
    CWE
    • CWE 325: Missing Cryptographic Step
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 325: Missing Cryptographic Step",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:20.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1125",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 325: Missing Cryptographic Step"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1125",
        "datePublished": "2021-11-20T14:55:20.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1105 (GCVE-0-2021-1105)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.
    CWE
    • CWE 1313: Hardware Allows Activation of Test or Debug Logic at Runtime
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.491Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1313: Hardware Allows Activation of Test or Debug Logic at Runtime",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:18.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1313: Hardware Allows Activation of Test or Debug Logic at Runtime"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1105",
        "datePublished": "2021-11-20T14:55:19.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1088 (GCVE-0-2021-1088)

    Vulnerability from nvd – Published: 2021-11-20 14:55 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.
    CWE
    • CWE 200: Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:17.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1088",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1088",
        "datePublished": "2021-11-20T14:55:17.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5672 (GCVE-0-2019-5672)

    Vulnerability from nvd – Published: 2019-04-11 16:37 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA Jetson TX1 and TX2 Affected: All versions prior to version R28.3
    Create a notification for this product.
    Date Public
    2019-04-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:51.975Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jetson TX1 and TX2",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version R28.3"
                }
              ]
            }
          ],
          "datePublic": "2019-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T14:43:21.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jetson TX1 and TX2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version R28.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5672",
        "datePublished": "2019-04-11T16:37:26.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:51.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3639 (GCVE-0-2018-3639)

    Vulnerability from nvd – Published: 2018-05-22 12:00 – Updated: 2026-05-29 20:14
    VLAI
    Summary
    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    • CWE-203 - Observable Discrepancy
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:1689 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2162 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1641 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3680-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1665 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3407 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2001 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2003 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1645 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3424 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3402 vendor-advisoryx_refsource_REDHAT
    https://www.us-cert.gov/ncas/alerts/TA18-141A third-party-advisoryx_refsource_CERT
    https://access.redhat.com/errata/RHSA-2018:1656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1664 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1688 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1657 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2289 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1666 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1042004 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:1675 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1660 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1965 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1661 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1636 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2006 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2250 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1040949 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:3401 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1826 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3651-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2018/dsa-4210 vendor-advisoryx_refsource_DEBIAN
    https://www.exploit-db.com/exploits/44695/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2018:1651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1638 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2246 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1646 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:1639 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1668 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1637 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://www.kb.cert.org/vuls/id/180049 third-party-advisoryx_refsource_CERT-VN
    https://access.redhat.com/errata/RHSA-2018:1686 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2172 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1663 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3652-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1655 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1640 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1669 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1676 vendor-advisoryx_refsource_REDHAT
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    https://access.redhat.com/errata/RHSA-2018:3425 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2363 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1650 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2364 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2216 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1649 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2309 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/104232 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:1653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2171 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1635 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2394 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1710 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1659 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1711 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2018/dsa-4273 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2018:1738 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1674 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1667 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1662 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1647 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1967 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3399 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2060 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1690 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2161 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2328 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1648 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:0148 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1654 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3679-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3777-3/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1642 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3397 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3756-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3398 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3400 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2228 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:1046 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2019/Jun/36 mailing-listx_refsource_BUGTRAQ
    http://www.openwall.com/lists/oss-security/2020/06/10/1 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/5 mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    http://support.lenovo.com/us/en/solutions/LEN-22133 x_refsource_CONFIRM
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_refsource_CONFIRM
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    https://support.citrix.com/article/CTX235225 x_refsource_CONFIRM
    https://www.intel.com/content/www/us/en/security-… x_refsource_CONFIRM
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://developer.arm.com/support/arm-security-up… x_refsource_CONFIRM
    http://www.fujitsu.com/global/support/products/so… x_refsource_CONFIRM
    http://xenbits.xen.org/xsa/advisory-263.html x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://www.mitel.com/en-ca/support/security-advi… x_refsource_CONFIRM
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    https://bugs.chromium.org/p/project-zero/issues/d… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2018052… x_refsource_CONFIRM
    https://nvidia.custhelp.com/app/answers/detail/a_… x_refsource_CONFIRM
    https://support.oracle.com/knowledge/Sun%20Micros… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Impacted products
    Vendor Product Version
    Intel Corporation Multiple Affected: Multiple
    Create a notification for this product.
    Date Public
    2018-05-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:1689",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1689"
              },
              {
                "name": "RHSA-2018:2162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2162"
              },
              {
                "name": "RHSA-2018:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1641"
              },
              {
                "name": "USN-3680-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3680-1/"
              },
              {
                "name": "RHSA-2018:1997",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1997"
              },
              {
                "name": "RHSA-2018:1665",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1665"
              },
              {
                "name": "RHSA-2018:3407",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3407"
              },
              {
                "name": "RHSA-2018:2164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2164"
              },
              {
                "name": "RHSA-2018:2001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2001"
              },
              {
                "name": "RHSA-2018:3423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3423"
              },
              {
                "name": "RHSA-2018:2003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2003"
              },
              {
                "name": "USN-3654-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-1/"
              },
              {
                "name": "RHSA-2018:1645",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1645"
              },
              {
                "name": "RHSA-2018:1643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1643"
              },
              {
                "name": "RHSA-2018:1652",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1652"
              },
              {
                "name": "RHSA-2018:3424",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3424"
              },
              {
                "name": "RHSA-2018:3402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3402"
              },
              {
                "name": "TA18-141A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
              },
              {
                "name": "RHSA-2018:1656",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1656"
              },
              {
                "name": "RHSA-2018:1664",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1664"
              },
              {
                "name": "RHSA-2018:2258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2258"
              },
              {
                "name": "RHSA-2018:1688",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1688"
              },
              {
                "name": "RHSA-2018:1658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1658"
              },
              {
                "name": "RHSA-2018:1657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1657"
              },
              {
                "name": "RHSA-2018:2289",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2289"
              },
              {
                "name": "RHSA-2018:1666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1666"
              },
              {
                "name": "1042004",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042004"
              },
              {
                "name": "RHSA-2018:1675",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1675"
              },
              {
                "name": "RHSA-2018:1660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1660"
              },
              {
                "name": "RHSA-2018:1965",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1965"
              },
              {
                "name": "RHSA-2018:1661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1661"
              },
              {
                "name": "RHSA-2018:1633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1633"
              },
              {
                "name": "RHSA-2018:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1636"
              },
              {
                "name": "RHSA-2018:1854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1854"
              },
              {
                "name": "RHSA-2018:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2006"
              },
              {
                "name": "RHSA-2018:2250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2250"
              },
              {
                "name": "1040949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040949"
              },
              {
                "name": "RHSA-2018:3401",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3401"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "name": "RHSA-2018:1826",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1826"
              },
              {
                "name": "USN-3651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3651-1/"
              },
              {
                "name": "DSA-4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4210"
              },
              {
                "name": "44695",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44695/"
              },
              {
                "name": "RHSA-2018:1651",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1651"
              },
              {
                "name": "RHSA-2018:1638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1638"
              },
              {
                "name": "RHSA-2018:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1696"
              },
              {
                "name": "RHSA-2018:2246",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2246"
              },
              {
                "name": "RHSA-2018:1644",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1644"
              },
              {
                "name": "RHSA-2018:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1646"
              },
              {
                "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
              },
              {
                "name": "RHSA-2018:1639",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1639"
              },
              {
                "name": "RHSA-2018:1668",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1668"
              },
              {
                "name": "RHSA-2018:1637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1637"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "name": "VU#180049",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/180049"
              },
              {
                "name": "RHSA-2018:1686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1686"
              },
              {
                "name": "RHSA-2018:2172",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2172"
              },
              {
                "name": "RHSA-2018:1663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1663"
              },
              {
                "name": "USN-3652-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3652-1/"
              },
              {
                "name": "RHSA-2018:1629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1629"
              },
              {
                "name": "RHSA-2018:1655",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1655"
              },
              {
                "name": "RHSA-2018:1640",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1640"
              },
              {
                "name": "RHSA-2018:1669",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1669"
              },
              {
                "name": "RHSA-2018:1676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1676"
              },
              {
                "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
              },
              {
                "name": "RHSA-2018:3425",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3425"
              },
              {
                "name": "RHSA-2018:2363",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2363"
              },
              {
                "name": "RHSA-2018:1632",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1632"
              },
              {
                "name": "RHSA-2018:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1650"
              },
              {
                "name": "RHSA-2018:2396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2396"
              },
              {
                "name": "RHSA-2018:2364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2364"
              },
              {
                "name": "USN-3653-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-2/"
              },
              {
                "name": "RHSA-2018:2216",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2216"
              },
              {
                "name": "USN-3655-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-1/"
              },
              {
                "name": "RHSA-2018:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1649"
              },
              {
                "name": "RHSA-2018:2309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2309"
              },
              {
                "name": "104232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104232"
              },
              {
                "name": "RHSA-2018:1653",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1653"
              },
              {
                "name": "RHSA-2018:2171",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2171"
              },
              {
                "name": "RHSA-2018:1635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1635"
              },
              {
                "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
              },
              {
                "name": "RHSA-2018:2394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2394"
              },
              {
                "name": "RHSA-2018:1710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1710"
              },
              {
                "name": "RHSA-2018:1659",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1659"
              },
              {
                "name": "RHSA-2018:1711",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1711"
              },
              {
                "name": "DSA-4273",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4273"
              },
              {
                "name": "RHSA-2018:1738",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1738"
              },
              {
                "name": "RHSA-2018:1674",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1674"
              },
              {
                "name": "RHSA-2018:3396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3396"
              },
              {
                "name": "RHSA-2018:1667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1667"
              },
              {
                "name": "USN-3654-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-2/"
              },
              {
                "name": "RHSA-2018:1662",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1662"
              },
              {
                "name": "RHSA-2018:1630",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1630"
              },
              {
                "name": "RHSA-2018:1647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1647"
              },
              {
                "name": "RHSA-2018:1967",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1967"
              },
              {
                "name": "USN-3655-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-2/"
              },
              {
                "name": "RHSA-2018:3399",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3399"
              },
              {
                "name": "RHSA-2018:2060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2060"
              },
              {
                "name": "RHSA-2018:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1690"
              },
              {
                "name": "USN-3653-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-1/"
              },
              {
                "name": "RHSA-2018:2161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2161"
              },
              {
                "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
              },
              {
                "name": "RHSA-2018:2328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2328"
              },
              {
                "name": "RHSA-2018:1648",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1648"
              },
              {
                "name": "RHSA-2018:2387",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2387"
              },
              {
                "name": "RHSA-2019:0148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0148"
              },
              {
                "name": "RHSA-2018:1654",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1654"
              },
              {
                "name": "USN-3679-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3679-1/"
              },
              {
                "name": "USN-3777-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3777-3/"
              },
              {
                "name": "RHSA-2018:1642",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1642"
              },
              {
                "name": "RHSA-2018:3397",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3397"
              },
              {
                "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
              },
              {
                "name": "USN-3756-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3756-1/"
              },
              {
                "name": "RHSA-2018:3398",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3398"
              },
              {
                "name": "RHSA-2018:3400",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3400"
              },
              {
                "name": "RHSA-2018:2228",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2228"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "RHSA-2019:1046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1046"
              },
              {
                "name": "openSUSE-SU-2019:1439",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
              },
              {
                "name": "openSUSE-SU-2019:1438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
              },
              {
                "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/36"
              },
              {
                "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX235225"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xenbits.xen.org/xsa/advisory-263.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
              },
              {
                "name": "openSUSE-SU-2020:1325",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-3639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:13:59.457681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:14:05.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple",
              "vendor": "Intel Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple"
                }
              ]
            }
          ],
          "datePublic": "2018-05-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-02T20:06:27.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "RHSA-2018:1689",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1689"
            },
            {
              "name": "RHSA-2018:2162",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2162"
            },
            {
              "name": "RHSA-2018:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1641"
            },
            {
              "name": "USN-3680-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3680-1/"
            },
            {
              "name": "RHSA-2018:1997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1997"
            },
            {
              "name": "RHSA-2018:1665",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1665"
            },
            {
              "name": "RHSA-2018:3407",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3407"
            },
            {
              "name": "RHSA-2018:2164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "RHSA-2018:2001",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2001"
            },
            {
              "name": "RHSA-2018:3423",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3423"
            },
            {
              "name": "RHSA-2018:2003",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2003"
            },
            {
              "name": "USN-3654-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-1/"
            },
            {
              "name": "RHSA-2018:1645",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1645"
            },
            {
              "name": "RHSA-2018:1643",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1643"
            },
            {
              "name": "RHSA-2018:1652",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1652"
            },
            {
              "name": "RHSA-2018:3424",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3424"
            },
            {
              "name": "RHSA-2018:3402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3402"
            },
            {
              "name": "TA18-141A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "RHSA-2018:1656",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1656"
            },
            {
              "name": "RHSA-2018:1664",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1664"
            },
            {
              "name": "RHSA-2018:2258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2258"
            },
            {
              "name": "RHSA-2018:1688",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1688"
            },
            {
              "name": "RHSA-2018:1658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1658"
            },
            {
              "name": "RHSA-2018:1657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1657"
            },
            {
              "name": "RHSA-2018:2289",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2289"
            },
            {
              "name": "RHSA-2018:1666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1666"
            },
            {
              "name": "1042004",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:1675",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1675"
            },
            {
              "name": "RHSA-2018:1660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1660"
            },
            {
              "name": "RHSA-2018:1965",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1965"
            },
            {
              "name": "RHSA-2018:1661",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1661"
            },
            {
              "name": "RHSA-2018:1633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1633"
            },
            {
              "name": "RHSA-2018:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1636"
            },
            {
              "name": "RHSA-2018:1854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1854"
            },
            {
              "name": "RHSA-2018:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2006"
            },
            {
              "name": "RHSA-2018:2250",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2250"
            },
            {
              "name": "1040949",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "RHSA-2018:3401",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3401"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "name": "RHSA-2018:1826",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1826"
            },
            {
              "name": "USN-3651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3651-1/"
            },
            {
              "name": "DSA-4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4210"
            },
            {
              "name": "44695",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44695/"
            },
            {
              "name": "RHSA-2018:1651",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1651"
            },
            {
              "name": "RHSA-2018:1638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1638"
            },
            {
              "name": "RHSA-2018:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1696"
            },
            {
              "name": "RHSA-2018:2246",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2246"
            },
            {
              "name": "RHSA-2018:1644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1644"
            },
            {
              "name": "RHSA-2018:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1646"
            },
            {
              "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
            },
            {
              "name": "RHSA-2018:1639",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1639"
            },
            {
              "name": "RHSA-2018:1668",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1668"
            },
            {
              "name": "RHSA-2018:1637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1637"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "VU#180049",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "RHSA-2018:1686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1686"
            },
            {
              "name": "RHSA-2018:2172",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2172"
            },
            {
              "name": "RHSA-2018:1663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1663"
            },
            {
              "name": "USN-3652-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3652-1/"
            },
            {
              "name": "RHSA-2018:1629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1629"
            },
            {
              "name": "RHSA-2018:1655",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1655"
            },
            {
              "name": "RHSA-2018:1640",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1640"
            },
            {
              "name": "RHSA-2018:1669",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1669"
            },
            {
              "name": "RHSA-2018:1676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1676"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "RHSA-2018:3425",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3425"
            },
            {
              "name": "RHSA-2018:2363",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2363"
            },
            {
              "name": "RHSA-2018:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1632"
            },
            {
              "name": "RHSA-2018:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1650"
            },
            {
              "name": "RHSA-2018:2396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "RHSA-2018:2364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2364"
            },
            {
              "name": "USN-3653-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "RHSA-2018:2216",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2216"
            },
            {
              "name": "USN-3655-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "RHSA-2018:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1649"
            },
            {
              "name": "RHSA-2018:2309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2309"
            },
            {
              "name": "104232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104232"
            },
            {
              "name": "RHSA-2018:1653",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1653"
            },
            {
              "name": "RHSA-2018:2171",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2171"
            },
            {
              "name": "RHSA-2018:1635",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1635"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:1710",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1710"
            },
            {
              "name": "RHSA-2018:1659",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1659"
            },
            {
              "name": "RHSA-2018:1711",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1711"
            },
            {
              "name": "DSA-4273",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "RHSA-2018:1738",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1738"
            },
            {
              "name": "RHSA-2018:1674",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1674"
            },
            {
              "name": "RHSA-2018:3396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3396"
            },
            {
              "name": "RHSA-2018:1667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1667"
            },
            {
              "name": "USN-3654-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-2/"
            },
            {
              "name": "RHSA-2018:1662",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1662"
            },
            {
              "name": "RHSA-2018:1630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1630"
            },
            {
              "name": "RHSA-2018:1647",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1647"
            },
            {
              "name": "RHSA-2018:1967",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1967"
            },
            {
              "name": "USN-3655-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "RHSA-2018:3399",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3399"
            },
            {
              "name": "RHSA-2018:2060",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2060"
            },
            {
              "name": "RHSA-2018:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1690"
            },
            {
              "name": "USN-3653-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "RHSA-2018:2161",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2161"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "RHSA-2018:2328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2328"
            },
            {
              "name": "RHSA-2018:1648",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1648"
            },
            {
              "name": "RHSA-2018:2387",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "RHSA-2019:0148",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0148"
            },
            {
              "name": "RHSA-2018:1654",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1654"
            },
            {
              "name": "USN-3679-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3679-1/"
            },
            {
              "name": "USN-3777-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "RHSA-2018:1642",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1642"
            },
            {
              "name": "RHSA-2018:3397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3397"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "USN-3756-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "RHSA-2018:3398",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3398"
            },
            {
              "name": "RHSA-2018:3400",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3400"
            },
            {
              "name": "RHSA-2018:2228",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2228"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "RHSA-2019:1046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1046"
            },
            {
              "name": "openSUSE-SU-2019:1439",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1438",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX235225"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xenbits.xen.org/xsa/advisory-263.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
            },
            {
              "name": "openSUSE-SU-2020:1325",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "DATE_PUBLIC": "2018-05-21T00:00:00",
              "ID": "CVE-2018-3639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Intel Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:1689",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1689"
                },
                {
                  "name": "RHSA-2018:2162",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2162"
                },
                {
                  "name": "RHSA-2018:1641",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1641"
                },
                {
                  "name": "USN-3680-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3680-1/"
                },
                {
                  "name": "RHSA-2018:1997",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1997"
                },
                {
                  "name": "RHSA-2018:1665",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1665"
                },
                {
                  "name": "RHSA-2018:3407",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3407"
                },
                {
                  "name": "RHSA-2018:2164",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2164"
                },
                {
                  "name": "RHSA-2018:2001",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2001"
                },
                {
                  "name": "RHSA-2018:3423",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3423"
                },
                {
                  "name": "RHSA-2018:2003",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2003"
                },
                {
                  "name": "USN-3654-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-1/"
                },
                {
                  "name": "RHSA-2018:1645",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1645"
                },
                {
                  "name": "RHSA-2018:1643",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1643"
                },
                {
                  "name": "RHSA-2018:1652",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1652"
                },
                {
                  "name": "RHSA-2018:3424",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3424"
                },
                {
                  "name": "RHSA-2018:3402",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3402"
                },
                {
                  "name": "TA18-141A",
                  "refsource": "CERT",
                  "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
                },
                {
                  "name": "RHSA-2018:1656",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1656"
                },
                {
                  "name": "RHSA-2018:1664",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1664"
                },
                {
                  "name": "RHSA-2018:2258",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2258"
                },
                {
                  "name": "RHSA-2018:1688",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1688"
                },
                {
                  "name": "RHSA-2018:1658",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1658"
                },
                {
                  "name": "RHSA-2018:1657",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1657"
                },
                {
                  "name": "RHSA-2018:2289",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2289"
                },
                {
                  "name": "RHSA-2018:1666",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1666"
                },
                {
                  "name": "1042004",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042004"
                },
                {
                  "name": "RHSA-2018:1675",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1675"
                },
                {
                  "name": "RHSA-2018:1660",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1660"
                },
                {
                  "name": "RHSA-2018:1965",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1965"
                },
                {
                  "name": "RHSA-2018:1661",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1661"
                },
                {
                  "name": "RHSA-2018:1633",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1633"
                },
                {
                  "name": "RHSA-2018:1636",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1636"
                },
                {
                  "name": "RHSA-2018:1854",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1854"
                },
                {
                  "name": "RHSA-2018:2006",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2006"
                },
                {
                  "name": "RHSA-2018:2250",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2250"
                },
                {
                  "name": "1040949",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040949"
                },
                {
                  "name": "RHSA-2018:3401",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3401"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "RHSA-2018:1826",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1826"
                },
                {
                  "name": "USN-3651-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3651-1/"
                },
                {
                  "name": "DSA-4210",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4210"
                },
                {
                  "name": "44695",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44695/"
                },
                {
                  "name": "RHSA-2018:1651",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1651"
                },
                {
                  "name": "RHSA-2018:1638",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1638"
                },
                {
                  "name": "RHSA-2018:1696",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1696"
                },
                {
                  "name": "RHSA-2018:2246",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2246"
                },
                {
                  "name": "RHSA-2018:1644",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1644"
                },
                {
                  "name": "RHSA-2018:1646",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1646"
                },
                {
                  "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
                },
                {
                  "name": "RHSA-2018:1639",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1639"
                },
                {
                  "name": "RHSA-2018:1668",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1668"
                },
                {
                  "name": "RHSA-2018:1637",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1637"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "VU#180049",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/180049"
                },
                {
                  "name": "RHSA-2018:1686",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1686"
                },
                {
                  "name": "RHSA-2018:2172",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2172"
                },
                {
                  "name": "RHSA-2018:1663",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1663"
                },
                {
                  "name": "USN-3652-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3652-1/"
                },
                {
                  "name": "RHSA-2018:1629",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1629"
                },
                {
                  "name": "RHSA-2018:1655",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1655"
                },
                {
                  "name": "RHSA-2018:1640",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1640"
                },
                {
                  "name": "RHSA-2018:1669",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1669"
                },
                {
                  "name": "RHSA-2018:1676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1676"
                },
                {
                  "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
                },
                {
                  "name": "RHSA-2018:3425",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3425"
                },
                {
                  "name": "RHSA-2018:2363",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2363"
                },
                {
                  "name": "RHSA-2018:1632",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1632"
                },
                {
                  "name": "RHSA-2018:1650",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1650"
                },
                {
                  "name": "RHSA-2018:2396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2396"
                },
                {
                  "name": "RHSA-2018:2364",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2364"
                },
                {
                  "name": "USN-3653-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-2/"
                },
                {
                  "name": "RHSA-2018:2216",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2216"
                },
                {
                  "name": "USN-3655-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-1/"
                },
                {
                  "name": "RHSA-2018:1649",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1649"
                },
                {
                  "name": "RHSA-2018:2309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2309"
                },
                {
                  "name": "104232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104232"
                },
                {
                  "name": "RHSA-2018:1653",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1653"
                },
                {
                  "name": "RHSA-2018:2171",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2171"
                },
                {
                  "name": "RHSA-2018:1635",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1635"
                },
                {
                  "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
                },
                {
                  "name": "RHSA-2018:2394",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2394"
                },
                {
                  "name": "RHSA-2018:1710",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1710"
                },
                {
                  "name": "RHSA-2018:1659",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1659"
                },
                {
                  "name": "RHSA-2018:1711",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1711"
                },
                {
                  "name": "DSA-4273",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4273"
                },
                {
                  "name": "RHSA-2018:1738",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1738"
                },
                {
                  "name": "RHSA-2018:1674",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1674"
                },
                {
                  "name": "RHSA-2018:3396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3396"
                },
                {
                  "name": "RHSA-2018:1667",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1667"
                },
                {
                  "name": "USN-3654-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-2/"
                },
                {
                  "name": "RHSA-2018:1662",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1662"
                },
                {
                  "name": "RHSA-2018:1630",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1630"
                },
                {
                  "name": "RHSA-2018:1647",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1647"
                },
                {
                  "name": "RHSA-2018:1967",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1967"
                },
                {
                  "name": "USN-3655-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-2/"
                },
                {
                  "name": "RHSA-2018:3399",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3399"
                },
                {
                  "name": "RHSA-2018:2060",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2060"
                },
                {
                  "name": "RHSA-2018:1690",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1690"
                },
                {
                  "name": "USN-3653-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-1/"
                },
                {
                  "name": "RHSA-2018:2161",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2161"
                },
                {
                  "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
                },
                {
                  "name": "RHSA-2018:2328",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2328"
                },
                {
                  "name": "RHSA-2018:1648",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1648"
                },
                {
                  "name": "RHSA-2018:2387",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2387"
                },
                {
                  "name": "RHSA-2019:0148",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0148"
                },
                {
                  "name": "RHSA-2018:1654",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1654"
                },
                {
                  "name": "USN-3679-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3679-1/"
                },
                {
                  "name": "USN-3777-3",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3777-3/"
                },
                {
                  "name": "RHSA-2018:1642",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1642"
                },
                {
                  "name": "RHSA-2018:3397",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3397"
                },
                {
                  "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
                },
                {
                  "name": "USN-3756-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3756-1/"
                },
                {
                  "name": "RHSA-2018:3398",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3398"
                },
                {
                  "name": "RHSA-2018:3400",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3400"
                },
                {
                  "name": "RHSA-2018:2228",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2228"
                },
                {
                  "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
                },
                {
                  "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
                },
                {
                  "name": "RHSA-2019:1046",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:1046"
                },
                {
                  "name": "openSUSE-SU-2019:1439",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
                },
                {
                  "name": "openSUSE-SU-2019:1438",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
                },
                {
                  "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/36"
                },
                {
                  "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
                },
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
                },
                {
                  "name": "https://support.citrix.com/article/CTX235225",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX235225"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_23",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_23"
                },
                {
                  "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
                },
                {
                  "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
                },
                {
                  "name": "http://xenbits.xen.org/xsa/advisory-263.html",
                  "refsource": "CONFIRM",
                  "url": "http://xenbits.xen.org/xsa/advisory-263.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
                },
                {
                  "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
                },
                {
                  "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
                },
                {
                  "name": "openSUSE-SU-2020:1325",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2018-3639",
        "datePublished": "2018-05-22T12:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:14:05.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-1000251 (GCVE-0-2017-1000251)

    Vulnerability from nvd – Published: 2017-09-12 17:00 – Updated: 2024-08-05 22:00
    VLAI
    Summary
    The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:2732 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/42762/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2017:2705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2683 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2682 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/vulnerabilitie… x_refsource_CONFIRM
    https://www.armis.com/blueborne x_refsource_MISC
    http://www.securitytracker.com/id/1039373 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2017:2731 vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2017/dsa-3981 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:2706 vendor-advisoryx_refsource_REDHAT
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://github.com/torvalds/linux/commit/f2fcfcd6… x_refsource_MISC
    http://nvidia.custhelp.com/app/answers/detail/a_id/4561 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/100809 vdb-entryx_refsource_BID
    https://www.kb.cert.org/vuls/id/240311 third-party-advisoryx_refsource_CERT-VN
    https://access.redhat.com/errata/RHSA-2017:2681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2679 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2680 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2707 vendor-advisoryx_refsource_REDHAT
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:00:39.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:2732",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2732"
              },
              {
                "name": "42762",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42762/"
              },
              {
                "name": "RHSA-2017:2705",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2705"
              },
              {
                "name": "RHSA-2017:2683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2683"
              },
              {
                "name": "RHSA-2017:2704",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2704"
              },
              {
                "name": "RHSA-2017:2682",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2682"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.armis.com/blueborne"
              },
              {
                "name": "1039373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039373"
              },
              {
                "name": "RHSA-2017:2731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2731"
              },
              {
                "name": "DSA-3981",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3981"
              },
              {
                "name": "RHSA-2017:2706",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2706"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
              },
              {
                "name": "100809",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100809"
              },
              {
                "name": "VU#240311",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/240311"
              },
              {
                "name": "RHSA-2017:2681",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2681"
              },
              {
                "name": "RHSA-2017:2679",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2679"
              },
              {
                "name": "RHSA-2017:2680",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2680"
              },
              {
                "name": "RHSA-2017:2707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2707"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-09-08T00:00:00.000Z",
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-16T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2017:2732",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2732"
            },
            {
              "name": "42762",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42762/"
            },
            {
              "name": "RHSA-2017:2705",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2705"
            },
            {
              "name": "RHSA-2017:2683",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2683"
            },
            {
              "name": "RHSA-2017:2704",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2704"
            },
            {
              "name": "RHSA-2017:2682",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2682"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.armis.com/blueborne"
            },
            {
              "name": "1039373",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039373"
            },
            {
              "name": "RHSA-2017:2731",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2731"
            },
            {
              "name": "DSA-3981",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3981"
            },
            {
              "name": "RHSA-2017:2706",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2706"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
            },
            {
              "name": "100809",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100809"
            },
            {
              "name": "VU#240311",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/240311"
            },
            {
              "name": "RHSA-2017:2681",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2681"
            },
            {
              "name": "RHSA-2017:2679",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2679"
            },
            {
              "name": "RHSA-2017:2680",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2680"
            },
            {
              "name": "RHSA-2017:2707",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2707"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-09-08",
              "ID": "CVE-2017-1000251",
              "REQUESTER": "security@armis.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:2732",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2732"
                },
                {
                  "name": "42762",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42762/"
                },
                {
                  "name": "RHSA-2017:2705",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2705"
                },
                {
                  "name": "RHSA-2017:2683",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2683"
                },
                {
                  "name": "RHSA-2017:2704",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2704"
                },
                {
                  "name": "RHSA-2017:2682",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2682"
                },
                {
                  "name": "https://access.redhat.com/security/vulnerabilities/blueborne",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
                },
                {
                  "name": "https://www.armis.com/blueborne",
                  "refsource": "MISC",
                  "url": "https://www.armis.com/blueborne"
                },
                {
                  "name": "1039373",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039373"
                },
                {
                  "name": "RHSA-2017:2731",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2731"
                },
                {
                  "name": "DSA-3981",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3981"
                },
                {
                  "name": "RHSA-2017:2706",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2706"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
                },
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
                },
                {
                  "name": "100809",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100809"
                },
                {
                  "name": "VU#240311",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/240311"
                },
                {
                  "name": "RHSA-2017:2681",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2681"
                },
                {
                  "name": "RHSA-2017:2679",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2679"
                },
                {
                  "name": "RHSA-2017:2680",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2680"
                },
                {
                  "name": "RHSA-2017:2707",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2707"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000251",
        "datePublished": "2017-09-12T17:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:00:39.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34400 (GCVE-0-2021-34400)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure.
    CWE
    • CWE 226: Sensitive Information in Resource Not Removed Before Reuse
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.808Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:27.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34400",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34400",
        "datePublished": "2021-11-20T14:55:27.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34399 (GCVE-0-2021-34399)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-04 00:12
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.
    CWE
    • CWE 226: Sensitive Information in Resource Not Removed Before Reuse
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:49.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:25.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-34399",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 226: Sensitive Information in Resource Not Removed Before Reuse"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-34399",
        "datePublished": "2021-11-20T14:55:25.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:12:49.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23219 (GCVE-0-2021-23219)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure.
    CWE
    • CWE 1190: DMA Device Enabled Too Early in Boot Phase
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Maxwell (except GM206), Tegra X1, Tegra X1+
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Maxwell (except GM206), Tegra X1, Tegra X1+"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1190: DMA Device Enabled Too Early in Boot Phase",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-08T18:36:13.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23219",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Maxwell (except GM206), Tegra X1, Tegra X1+"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1190: DMA Device Enabled Too Early in Boot Phase"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23219",
        "datePublished": "2021-11-20T14:55:24.000Z",
        "dateReserved": "2021-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23217 (GCVE-0-2021-23217)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.
    CWE
    • CWE 1190: DMA Device Enabled Too Early in Boot Phase
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1190: DMA Device Enabled Too Early in Boot Phase",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-08T18:36:12.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Maxwell, GP100, Tegra X1, Tegra X1+, Tegra TX2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1190: DMA Device Enabled Too Early in Boot Phase"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23217",
        "datePublished": "2021-11-20T14:55:23.000Z",
        "dateReserved": "2021-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23201 (GCVE-0-2021-23201)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.
    CWE
    • CWE 1240: Use of a Risky Cryptographic Primitive
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1240: Use of a Risky Cryptographic Primitive",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-08T18:36:11.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-23201",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1240: Use of a Risky Cryptographic Primitive"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-23201",
        "datePublished": "2021-11-20T14:55:21.000Z",
        "dateReserved": "2021-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1125 (GCVE-0-2021-1125)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.
    CWE
    • CWE 325: Missing Cryptographic Step
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 325: Missing Cryptographic Step",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:20.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1125",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Maxwell, Pascal, Volta, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 325: Missing Cryptographic Step"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1125",
        "datePublished": "2021-11-20T14:55:20.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1105 (GCVE-0-2021-1105)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.
    CWE
    • CWE 1313: Hardware Allows Activation of Test or Debug Logic at Runtime
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.491Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 1313: Hardware Allows Activation of Test or Debug Logic at Runtime",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:18.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 1313: Hardware Allows Activation of Test or Debug Logic at Runtime"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1105",
        "datePublished": "2021-11-20T14:55:19.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1088 (GCVE-0-2021-1088)

    Vulnerability from cvelistv5 – Published: 2021-11-20 14:55 – Updated: 2024-08-03 15:55
    VLAI
    Summary
    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.
    CWE
    • CWE 200: Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA NVIDIA GPU and Tegra hardware Affected: Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:55:18.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NVIDIA GPU and Tegra hardware",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T14:55:17.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2021-1088",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NVIDIA GPU and Tegra hardware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Turing, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 4.1,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE 200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2021-1088",
        "datePublished": "2021-11-20T14:55:17.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T15:55:18.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5672 (GCVE-0-2019-5672)

    Vulnerability from cvelistv5 – Published: 2019-04-11 16:37 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NVIDIA Jetson TX1 and TX2 Affected: All versions prior to version R28.3
    Create a notification for this product.
    Date Public
    2019-04-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:51.975Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jetson TX1 and TX2",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version R28.3"
                }
              ]
            }
          ],
          "datePublic": "2019-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T14:43:21.000Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@nvidia.com",
              "ID": "CVE-2019-5672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jetson TX1 and TX2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version R28.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NVIDIA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2019-5672",
        "datePublished": "2019-04-11T16:37:26.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:51.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3639 (GCVE-0-2018-3639)

    Vulnerability from cvelistv5 – Published: 2018-05-22 12:00 – Updated: 2026-05-29 20:14
    VLAI
    Summary
    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    • CWE-203 - Observable Discrepancy
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:1689 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2162 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1641 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3680-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1665 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3407 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2001 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2003 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1645 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3424 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3402 vendor-advisoryx_refsource_REDHAT
    https://www.us-cert.gov/ncas/alerts/TA18-141A third-party-advisoryx_refsource_CERT
    https://access.redhat.com/errata/RHSA-2018:1656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1664 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1688 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1657 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2289 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1666 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1042004 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:1675 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1660 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1965 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1661 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1636 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2006 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2250 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1040949 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:3401 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1826 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3651-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2018/dsa-4210 vendor-advisoryx_refsource_DEBIAN
    https://www.exploit-db.com/exploits/44695/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2018:1651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1638 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2246 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1646 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:1639 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1668 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1637 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://www.kb.cert.org/vuls/id/180049 third-party-advisoryx_refsource_CERT-VN
    https://access.redhat.com/errata/RHSA-2018:1686 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2172 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1663 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3652-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1655 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1640 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1669 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1676 vendor-advisoryx_refsource_REDHAT
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    https://access.redhat.com/errata/RHSA-2018:3425 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2363 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1650 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2364 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2216 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1649 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2309 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/104232 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:1653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2171 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1635 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2394 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1710 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1659 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1711 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2018/dsa-4273 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2018:1738 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1674 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1667 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1662 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1647 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1967 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3399 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2060 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1690 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2161 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2328 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1648 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:0148 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1654 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3679-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3777-3/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1642 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3397 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3756-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3398 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3400 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2228 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:1046 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2019/Jun/36 mailing-listx_refsource_BUGTRAQ
    http://www.openwall.com/lists/oss-security/2020/06/10/1 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/5 mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    http://support.lenovo.com/us/en/solutions/LEN-22133 x_refsource_CONFIRM
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_refsource_CONFIRM
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    https://support.citrix.com/article/CTX235225 x_refsource_CONFIRM
    https://www.intel.com/content/www/us/en/security-… x_refsource_CONFIRM
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://developer.arm.com/support/arm-security-up… x_refsource_CONFIRM
    http://www.fujitsu.com/global/support/products/so… x_refsource_CONFIRM
    http://xenbits.xen.org/xsa/advisory-263.html x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://www.mitel.com/en-ca/support/security-advi… x_refsource_CONFIRM
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    https://bugs.chromium.org/p/project-zero/issues/d… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2018052… x_refsource_CONFIRM
    https://nvidia.custhelp.com/app/answers/detail/a_… x_refsource_CONFIRM
    https://support.oracle.com/knowledge/Sun%20Micros… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Impacted products
    Vendor Product Version
    Intel Corporation Multiple Affected: Multiple
    Create a notification for this product.
    Date Public
    2018-05-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:1689",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1689"
              },
              {
                "name": "RHSA-2018:2162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2162"
              },
              {
                "name": "RHSA-2018:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1641"
              },
              {
                "name": "USN-3680-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3680-1/"
              },
              {
                "name": "RHSA-2018:1997",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1997"
              },
              {
                "name": "RHSA-2018:1665",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1665"
              },
              {
                "name": "RHSA-2018:3407",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3407"
              },
              {
                "name": "RHSA-2018:2164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2164"
              },
              {
                "name": "RHSA-2018:2001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2001"
              },
              {
                "name": "RHSA-2018:3423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3423"
              },
              {
                "name": "RHSA-2018:2003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2003"
              },
              {
                "name": "USN-3654-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-1/"
              },
              {
                "name": "RHSA-2018:1645",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1645"
              },
              {
                "name": "RHSA-2018:1643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1643"
              },
              {
                "name": "RHSA-2018:1652",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1652"
              },
              {
                "name": "RHSA-2018:3424",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3424"
              },
              {
                "name": "RHSA-2018:3402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3402"
              },
              {
                "name": "TA18-141A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
              },
              {
                "name": "RHSA-2018:1656",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1656"
              },
              {
                "name": "RHSA-2018:1664",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1664"
              },
              {
                "name": "RHSA-2018:2258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2258"
              },
              {
                "name": "RHSA-2018:1688",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1688"
              },
              {
                "name": "RHSA-2018:1658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1658"
              },
              {
                "name": "RHSA-2018:1657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1657"
              },
              {
                "name": "RHSA-2018:2289",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2289"
              },
              {
                "name": "RHSA-2018:1666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1666"
              },
              {
                "name": "1042004",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042004"
              },
              {
                "name": "RHSA-2018:1675",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1675"
              },
              {
                "name": "RHSA-2018:1660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1660"
              },
              {
                "name": "RHSA-2018:1965",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1965"
              },
              {
                "name": "RHSA-2018:1661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1661"
              },
              {
                "name": "RHSA-2018:1633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1633"
              },
              {
                "name": "RHSA-2018:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1636"
              },
              {
                "name": "RHSA-2018:1854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1854"
              },
              {
                "name": "RHSA-2018:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2006"
              },
              {
                "name": "RHSA-2018:2250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2250"
              },
              {
                "name": "1040949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040949"
              },
              {
                "name": "RHSA-2018:3401",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3401"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "name": "RHSA-2018:1826",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1826"
              },
              {
                "name": "USN-3651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3651-1/"
              },
              {
                "name": "DSA-4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4210"
              },
              {
                "name": "44695",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44695/"
              },
              {
                "name": "RHSA-2018:1651",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1651"
              },
              {
                "name": "RHSA-2018:1638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1638"
              },
              {
                "name": "RHSA-2018:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1696"
              },
              {
                "name": "RHSA-2018:2246",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2246"
              },
              {
                "name": "RHSA-2018:1644",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1644"
              },
              {
                "name": "RHSA-2018:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1646"
              },
              {
                "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
              },
              {
                "name": "RHSA-2018:1639",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1639"
              },
              {
                "name": "RHSA-2018:1668",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1668"
              },
              {
                "name": "RHSA-2018:1637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1637"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "name": "VU#180049",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/180049"
              },
              {
                "name": "RHSA-2018:1686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1686"
              },
              {
                "name": "RHSA-2018:2172",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2172"
              },
              {
                "name": "RHSA-2018:1663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1663"
              },
              {
                "name": "USN-3652-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3652-1/"
              },
              {
                "name": "RHSA-2018:1629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1629"
              },
              {
                "name": "RHSA-2018:1655",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1655"
              },
              {
                "name": "RHSA-2018:1640",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1640"
              },
              {
                "name": "RHSA-2018:1669",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1669"
              },
              {
                "name": "RHSA-2018:1676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1676"
              },
              {
                "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
              },
              {
                "name": "RHSA-2018:3425",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3425"
              },
              {
                "name": "RHSA-2018:2363",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2363"
              },
              {
                "name": "RHSA-2018:1632",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1632"
              },
              {
                "name": "RHSA-2018:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1650"
              },
              {
                "name": "RHSA-2018:2396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2396"
              },
              {
                "name": "RHSA-2018:2364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2364"
              },
              {
                "name": "USN-3653-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-2/"
              },
              {
                "name": "RHSA-2018:2216",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2216"
              },
              {
                "name": "USN-3655-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-1/"
              },
              {
                "name": "RHSA-2018:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1649"
              },
              {
                "name": "RHSA-2018:2309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2309"
              },
              {
                "name": "104232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104232"
              },
              {
                "name": "RHSA-2018:1653",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1653"
              },
              {
                "name": "RHSA-2018:2171",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2171"
              },
              {
                "name": "RHSA-2018:1635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1635"
              },
              {
                "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
              },
              {
                "name": "RHSA-2018:2394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2394"
              },
              {
                "name": "RHSA-2018:1710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1710"
              },
              {
                "name": "RHSA-2018:1659",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1659"
              },
              {
                "name": "RHSA-2018:1711",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1711"
              },
              {
                "name": "DSA-4273",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4273"
              },
              {
                "name": "RHSA-2018:1738",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1738"
              },
              {
                "name": "RHSA-2018:1674",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1674"
              },
              {
                "name": "RHSA-2018:3396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3396"
              },
              {
                "name": "RHSA-2018:1667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1667"
              },
              {
                "name": "USN-3654-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-2/"
              },
              {
                "name": "RHSA-2018:1662",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1662"
              },
              {
                "name": "RHSA-2018:1630",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1630"
              },
              {
                "name": "RHSA-2018:1647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1647"
              },
              {
                "name": "RHSA-2018:1967",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1967"
              },
              {
                "name": "USN-3655-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-2/"
              },
              {
                "name": "RHSA-2018:3399",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3399"
              },
              {
                "name": "RHSA-2018:2060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2060"
              },
              {
                "name": "RHSA-2018:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1690"
              },
              {
                "name": "USN-3653-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-1/"
              },
              {
                "name": "RHSA-2018:2161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2161"
              },
              {
                "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
              },
              {
                "name": "RHSA-2018:2328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2328"
              },
              {
                "name": "RHSA-2018:1648",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1648"
              },
              {
                "name": "RHSA-2018:2387",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2387"
              },
              {
                "name": "RHSA-2019:0148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0148"
              },
              {
                "name": "RHSA-2018:1654",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1654"
              },
              {
                "name": "USN-3679-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3679-1/"
              },
              {
                "name": "USN-3777-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3777-3/"
              },
              {
                "name": "RHSA-2018:1642",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1642"
              },
              {
                "name": "RHSA-2018:3397",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3397"
              },
              {
                "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
              },
              {
                "name": "USN-3756-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3756-1/"
              },
              {
                "name": "RHSA-2018:3398",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3398"
              },
              {
                "name": "RHSA-2018:3400",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3400"
              },
              {
                "name": "RHSA-2018:2228",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2228"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "RHSA-2019:1046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1046"
              },
              {
                "name": "openSUSE-SU-2019:1439",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
              },
              {
                "name": "openSUSE-SU-2019:1438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
              },
              {
                "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/36"
              },
              {
                "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX235225"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xenbits.xen.org/xsa/advisory-263.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
              },
              {
                "name": "openSUSE-SU-2020:1325",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-3639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:13:59.457681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:14:05.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple",
              "vendor": "Intel Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple"
                }
              ]
            }
          ],
          "datePublic": "2018-05-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-02T20:06:27.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "RHSA-2018:1689",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1689"
            },
            {
              "name": "RHSA-2018:2162",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2162"
            },
            {
              "name": "RHSA-2018:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1641"
            },
            {
              "name": "USN-3680-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3680-1/"
            },
            {
              "name": "RHSA-2018:1997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1997"
            },
            {
              "name": "RHSA-2018:1665",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1665"
            },
            {
              "name": "RHSA-2018:3407",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3407"
            },
            {
              "name": "RHSA-2018:2164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "RHSA-2018:2001",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2001"
            },
            {
              "name": "RHSA-2018:3423",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3423"
            },
            {
              "name": "RHSA-2018:2003",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2003"
            },
            {
              "name": "USN-3654-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-1/"
            },
            {
              "name": "RHSA-2018:1645",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1645"
            },
            {
              "name": "RHSA-2018:1643",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1643"
            },
            {
              "name": "RHSA-2018:1652",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1652"
            },
            {
              "name": "RHSA-2018:3424",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3424"
            },
            {
              "name": "RHSA-2018:3402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3402"
            },
            {
              "name": "TA18-141A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "RHSA-2018:1656",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1656"
            },
            {
              "name": "RHSA-2018:1664",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1664"
            },
            {
              "name": "RHSA-2018:2258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2258"
            },
            {
              "name": "RHSA-2018:1688",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1688"
            },
            {
              "name": "RHSA-2018:1658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1658"
            },
            {
              "name": "RHSA-2018:1657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1657"
            },
            {
              "name": "RHSA-2018:2289",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2289"
            },
            {
              "name": "RHSA-2018:1666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1666"
            },
            {
              "name": "1042004",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:1675",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1675"
            },
            {
              "name": "RHSA-2018:1660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1660"
            },
            {
              "name": "RHSA-2018:1965",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1965"
            },
            {
              "name": "RHSA-2018:1661",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1661"
            },
            {
              "name": "RHSA-2018:1633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1633"
            },
            {
              "name": "RHSA-2018:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1636"
            },
            {
              "name": "RHSA-2018:1854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1854"
            },
            {
              "name": "RHSA-2018:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2006"
            },
            {
              "name": "RHSA-2018:2250",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2250"
            },
            {
              "name": "1040949",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "RHSA-2018:3401",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3401"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "name": "RHSA-2018:1826",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1826"
            },
            {
              "name": "USN-3651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3651-1/"
            },
            {
              "name": "DSA-4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4210"
            },
            {
              "name": "44695",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44695/"
            },
            {
              "name": "RHSA-2018:1651",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1651"
            },
            {
              "name": "RHSA-2018:1638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1638"
            },
            {
              "name": "RHSA-2018:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1696"
            },
            {
              "name": "RHSA-2018:2246",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2246"
            },
            {
              "name": "RHSA-2018:1644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1644"
            },
            {
              "name": "RHSA-2018:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1646"
            },
            {
              "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
            },
            {
              "name": "RHSA-2018:1639",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1639"
            },
            {
              "name": "RHSA-2018:1668",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1668"
            },
            {
              "name": "RHSA-2018:1637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1637"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "VU#180049",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "RHSA-2018:1686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1686"
            },
            {
              "name": "RHSA-2018:2172",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2172"
            },
            {
              "name": "RHSA-2018:1663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1663"
            },
            {
              "name": "USN-3652-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3652-1/"
            },
            {
              "name": "RHSA-2018:1629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1629"
            },
            {
              "name": "RHSA-2018:1655",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1655"
            },
            {
              "name": "RHSA-2018:1640",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1640"
            },
            {
              "name": "RHSA-2018:1669",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1669"
            },
            {
              "name": "RHSA-2018:1676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1676"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "RHSA-2018:3425",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3425"
            },
            {
              "name": "RHSA-2018:2363",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2363"
            },
            {
              "name": "RHSA-2018:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1632"
            },
            {
              "name": "RHSA-2018:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1650"
            },
            {
              "name": "RHSA-2018:2396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "RHSA-2018:2364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2364"
            },
            {
              "name": "USN-3653-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "RHSA-2018:2216",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2216"
            },
            {
              "name": "USN-3655-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "RHSA-2018:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1649"
            },
            {
              "name": "RHSA-2018:2309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2309"
            },
            {
              "name": "104232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104232"
            },
            {
              "name": "RHSA-2018:1653",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1653"
            },
            {
              "name": "RHSA-2018:2171",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2171"
            },
            {
              "name": "RHSA-2018:1635",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1635"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:1710",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1710"
            },
            {
              "name": "RHSA-2018:1659",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1659"
            },
            {
              "name": "RHSA-2018:1711",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1711"
            },
            {
              "name": "DSA-4273",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "RHSA-2018:1738",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1738"
            },
            {
              "name": "RHSA-2018:1674",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1674"
            },
            {
              "name": "RHSA-2018:3396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3396"
            },
            {
              "name": "RHSA-2018:1667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1667"
            },
            {
              "name": "USN-3654-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-2/"
            },
            {
              "name": "RHSA-2018:1662",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1662"
            },
            {
              "name": "RHSA-2018:1630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1630"
            },
            {
              "name": "RHSA-2018:1647",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1647"
            },
            {
              "name": "RHSA-2018:1967",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1967"
            },
            {
              "name": "USN-3655-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "RHSA-2018:3399",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3399"
            },
            {
              "name": "RHSA-2018:2060",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2060"
            },
            {
              "name": "RHSA-2018:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1690"
            },
            {
              "name": "USN-3653-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "RHSA-2018:2161",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2161"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "RHSA-2018:2328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2328"
            },
            {
              "name": "RHSA-2018:1648",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1648"
            },
            {
              "name": "RHSA-2018:2387",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "RHSA-2019:0148",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0148"
            },
            {
              "name": "RHSA-2018:1654",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1654"
            },
            {
              "name": "USN-3679-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3679-1/"
            },
            {
              "name": "USN-3777-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "RHSA-2018:1642",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1642"
            },
            {
              "name": "RHSA-2018:3397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3397"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "USN-3756-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "RHSA-2018:3398",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3398"
            },
            {
              "name": "RHSA-2018:3400",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3400"
            },
            {
              "name": "RHSA-2018:2228",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2228"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "RHSA-2019:1046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1046"
            },
            {
              "name": "openSUSE-SU-2019:1439",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1438",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX235225"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xenbits.xen.org/xsa/advisory-263.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
            },
            {
              "name": "openSUSE-SU-2020:1325",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "DATE_PUBLIC": "2018-05-21T00:00:00",
              "ID": "CVE-2018-3639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Intel Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:1689",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1689"
                },
                {
                  "name": "RHSA-2018:2162",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2162"
                },
                {
                  "name": "RHSA-2018:1641",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1641"
                },
                {
                  "name": "USN-3680-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3680-1/"
                },
                {
                  "name": "RHSA-2018:1997",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1997"
                },
                {
                  "name": "RHSA-2018:1665",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1665"
                },
                {
                  "name": "RHSA-2018:3407",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3407"
                },
                {
                  "name": "RHSA-2018:2164",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2164"
                },
                {
                  "name": "RHSA-2018:2001",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2001"
                },
                {
                  "name": "RHSA-2018:3423",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3423"
                },
                {
                  "name": "RHSA-2018:2003",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2003"
                },
                {
                  "name": "USN-3654-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-1/"
                },
                {
                  "name": "RHSA-2018:1645",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1645"
                },
                {
                  "name": "RHSA-2018:1643",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1643"
                },
                {
                  "name": "RHSA-2018:1652",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1652"
                },
                {
                  "name": "RHSA-2018:3424",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3424"
                },
                {
                  "name": "RHSA-2018:3402",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3402"
                },
                {
                  "name": "TA18-141A",
                  "refsource": "CERT",
                  "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
                },
                {
                  "name": "RHSA-2018:1656",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1656"
                },
                {
                  "name": "RHSA-2018:1664",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1664"
                },
                {
                  "name": "RHSA-2018:2258",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2258"
                },
                {
                  "name": "RHSA-2018:1688",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1688"
                },
                {
                  "name": "RHSA-2018:1658",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1658"
                },
                {
                  "name": "RHSA-2018:1657",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1657"
                },
                {
                  "name": "RHSA-2018:2289",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2289"
                },
                {
                  "name": "RHSA-2018:1666",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1666"
                },
                {
                  "name": "1042004",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042004"
                },
                {
                  "name": "RHSA-2018:1675",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1675"
                },
                {
                  "name": "RHSA-2018:1660",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1660"
                },
                {
                  "name": "RHSA-2018:1965",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1965"
                },
                {
                  "name": "RHSA-2018:1661",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1661"
                },
                {
                  "name": "RHSA-2018:1633",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1633"
                },
                {
                  "name": "RHSA-2018:1636",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1636"
                },
                {
                  "name": "RHSA-2018:1854",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1854"
                },
                {
                  "name": "RHSA-2018:2006",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2006"
                },
                {
                  "name": "RHSA-2018:2250",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2250"
                },
                {
                  "name": "1040949",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040949"
                },
                {
                  "name": "RHSA-2018:3401",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3401"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "RHSA-2018:1826",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1826"
                },
                {
                  "name": "USN-3651-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3651-1/"
                },
                {
                  "name": "DSA-4210",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4210"
                },
                {
                  "name": "44695",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44695/"
                },
                {
                  "name": "RHSA-2018:1651",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1651"
                },
                {
                  "name": "RHSA-2018:1638",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1638"
                },
                {
                  "name": "RHSA-2018:1696",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1696"
                },
                {
                  "name": "RHSA-2018:2246",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2246"
                },
                {
                  "name": "RHSA-2018:1644",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1644"
                },
                {
                  "name": "RHSA-2018:1646",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1646"
                },
                {
                  "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
                },
                {
                  "name": "RHSA-2018:1639",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1639"
                },
                {
                  "name": "RHSA-2018:1668",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1668"
                },
                {
                  "name": "RHSA-2018:1637",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1637"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "VU#180049",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/180049"
                },
                {
                  "name": "RHSA-2018:1686",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1686"
                },
                {
                  "name": "RHSA-2018:2172",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2172"
                },
                {
                  "name": "RHSA-2018:1663",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1663"
                },
                {
                  "name": "USN-3652-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3652-1/"
                },
                {
                  "name": "RHSA-2018:1629",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1629"
                },
                {
                  "name": "RHSA-2018:1655",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1655"
                },
                {
                  "name": "RHSA-2018:1640",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1640"
                },
                {
                  "name": "RHSA-2018:1669",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1669"
                },
                {
                  "name": "RHSA-2018:1676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1676"
                },
                {
                  "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
                },
                {
                  "name": "RHSA-2018:3425",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3425"
                },
                {
                  "name": "RHSA-2018:2363",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2363"
                },
                {
                  "name": "RHSA-2018:1632",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1632"
                },
                {
                  "name": "RHSA-2018:1650",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1650"
                },
                {
                  "name": "RHSA-2018:2396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2396"
                },
                {
                  "name": "RHSA-2018:2364",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2364"
                },
                {
                  "name": "USN-3653-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-2/"
                },
                {
                  "name": "RHSA-2018:2216",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2216"
                },
                {
                  "name": "USN-3655-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-1/"
                },
                {
                  "name": "RHSA-2018:1649",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1649"
                },
                {
                  "name": "RHSA-2018:2309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2309"
                },
                {
                  "name": "104232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104232"
                },
                {
                  "name": "RHSA-2018:1653",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1653"
                },
                {
                  "name": "RHSA-2018:2171",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2171"
                },
                {
                  "name": "RHSA-2018:1635",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1635"
                },
                {
                  "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
                },
                {
                  "name": "RHSA-2018:2394",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2394"
                },
                {
                  "name": "RHSA-2018:1710",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1710"
                },
                {
                  "name": "RHSA-2018:1659",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1659"
                },
                {
                  "name": "RHSA-2018:1711",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1711"
                },
                {
                  "name": "DSA-4273",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4273"
                },
                {
                  "name": "RHSA-2018:1738",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1738"
                },
                {
                  "name": "RHSA-2018:1674",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1674"
                },
                {
                  "name": "RHSA-2018:3396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3396"
                },
                {
                  "name": "RHSA-2018:1667",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1667"
                },
                {
                  "name": "USN-3654-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-2/"
                },
                {
                  "name": "RHSA-2018:1662",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1662"
                },
                {
                  "name": "RHSA-2018:1630",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1630"
                },
                {
                  "name": "RHSA-2018:1647",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1647"
                },
                {
                  "name": "RHSA-2018:1967",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1967"
                },
                {
                  "name": "USN-3655-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-2/"
                },
                {
                  "name": "RHSA-2018:3399",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3399"
                },
                {
                  "name": "RHSA-2018:2060",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2060"
                },
                {
                  "name": "RHSA-2018:1690",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1690"
                },
                {
                  "name": "USN-3653-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-1/"
                },
                {
                  "name": "RHSA-2018:2161",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2161"
                },
                {
                  "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
                },
                {
                  "name": "RHSA-2018:2328",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2328"
                },
                {
                  "name": "RHSA-2018:1648",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1648"
                },
                {
                  "name": "RHSA-2018:2387",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2387"
                },
                {
                  "name": "RHSA-2019:0148",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0148"
                },
                {
                  "name": "RHSA-2018:1654",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1654"
                },
                {
                  "name": "USN-3679-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3679-1/"
                },
                {
                  "name": "USN-3777-3",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3777-3/"
                },
                {
                  "name": "RHSA-2018:1642",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1642"
                },
                {
                  "name": "RHSA-2018:3397",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3397"
                },
                {
                  "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
                },
                {
                  "name": "USN-3756-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3756-1/"
                },
                {
                  "name": "RHSA-2018:3398",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3398"
                },
                {
                  "name": "RHSA-2018:3400",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3400"
                },
                {
                  "name": "RHSA-2018:2228",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2228"
                },
                {
                  "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
                },
                {
                  "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
                },
                {
                  "name": "RHSA-2019:1046",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:1046"
                },
                {
                  "name": "openSUSE-SU-2019:1439",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
                },
                {
                  "name": "openSUSE-SU-2019:1438",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
                },
                {
                  "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/36"
                },
                {
                  "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
                },
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
                },
                {
                  "name": "https://support.citrix.com/article/CTX235225",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX235225"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_23",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_23"
                },
                {
                  "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
                },
                {
                  "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
                },
                {
                  "name": "http://xenbits.xen.org/xsa/advisory-263.html",
                  "refsource": "CONFIRM",
                  "url": "http://xenbits.xen.org/xsa/advisory-263.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
                },
                {
                  "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
                },
                {
                  "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
                },
                {
                  "name": "openSUSE-SU-2020:1325",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2018-3639",
        "datePublished": "2018-05-22T12:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:14:05.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-1000251 (GCVE-0-2017-1000251)

    Vulnerability from cvelistv5 – Published: 2017-09-12 17:00 – Updated: 2024-08-05 22:00
    VLAI
    Summary
    The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:2732 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/42762/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2017:2705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2683 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2682 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/vulnerabilitie… x_refsource_CONFIRM
    https://www.armis.com/blueborne x_refsource_MISC
    http://www.securitytracker.com/id/1039373 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2017:2731 vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2017/dsa-3981 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2017:2706 vendor-advisoryx_refsource_REDHAT
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://github.com/torvalds/linux/commit/f2fcfcd6… x_refsource_MISC
    http://nvidia.custhelp.com/app/answers/detail/a_id/4561 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/100809 vdb-entryx_refsource_BID
    https://www.kb.cert.org/vuls/id/240311 third-party-advisoryx_refsource_CERT-VN
    https://access.redhat.com/errata/RHSA-2017:2681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2679 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2680 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2707 vendor-advisoryx_refsource_REDHAT
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:00:39.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:2732",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2732"
              },
              {
                "name": "42762",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42762/"
              },
              {
                "name": "RHSA-2017:2705",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2705"
              },
              {
                "name": "RHSA-2017:2683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2683"
              },
              {
                "name": "RHSA-2017:2704",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2704"
              },
              {
                "name": "RHSA-2017:2682",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2682"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.armis.com/blueborne"
              },
              {
                "name": "1039373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039373"
              },
              {
                "name": "RHSA-2017:2731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2731"
              },
              {
                "name": "DSA-3981",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3981"
              },
              {
                "name": "RHSA-2017:2706",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2706"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
              },
              {
                "name": "100809",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100809"
              },
              {
                "name": "VU#240311",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/240311"
              },
              {
                "name": "RHSA-2017:2681",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2681"
              },
              {
                "name": "RHSA-2017:2679",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2679"
              },
              {
                "name": "RHSA-2017:2680",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2680"
              },
              {
                "name": "RHSA-2017:2707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2707"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-09-08T00:00:00.000Z",
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-16T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2017:2732",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2732"
            },
            {
              "name": "42762",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42762/"
            },
            {
              "name": "RHSA-2017:2705",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2705"
            },
            {
              "name": "RHSA-2017:2683",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2683"
            },
            {
              "name": "RHSA-2017:2704",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2704"
            },
            {
              "name": "RHSA-2017:2682",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2682"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.armis.com/blueborne"
            },
            {
              "name": "1039373",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039373"
            },
            {
              "name": "RHSA-2017:2731",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2731"
            },
            {
              "name": "DSA-3981",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3981"
            },
            {
              "name": "RHSA-2017:2706",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2706"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
            },
            {
              "name": "100809",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100809"
            },
            {
              "name": "VU#240311",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/240311"
            },
            {
              "name": "RHSA-2017:2681",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2681"
            },
            {
              "name": "RHSA-2017:2679",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2679"
            },
            {
              "name": "RHSA-2017:2680",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2680"
            },
            {
              "name": "RHSA-2017:2707",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2707"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-09-08",
              "ID": "CVE-2017-1000251",
              "REQUESTER": "security@armis.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:2732",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2732"
                },
                {
                  "name": "42762",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42762/"
                },
                {
                  "name": "RHSA-2017:2705",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2705"
                },
                {
                  "name": "RHSA-2017:2683",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2683"
                },
                {
                  "name": "RHSA-2017:2704",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2704"
                },
                {
                  "name": "RHSA-2017:2682",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2682"
                },
                {
                  "name": "https://access.redhat.com/security/vulnerabilities/blueborne",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
                },
                {
                  "name": "https://www.armis.com/blueborne",
                  "refsource": "MISC",
                  "url": "https://www.armis.com/blueborne"
                },
                {
                  "name": "1039373",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039373"
                },
                {
                  "name": "RHSA-2017:2731",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2731"
                },
                {
                  "name": "DSA-3981",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3981"
                },
                {
                  "name": "RHSA-2017:2706",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2706"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"
                },
                {
                  "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
                  "refsource": "CONFIRM",
                  "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
                },
                {
                  "name": "100809",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100809"
                },
                {
                  "name": "VU#240311",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/240311"
                },
                {
                  "name": "RHSA-2017:2681",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2681"
                },
                {
                  "name": "RHSA-2017:2679",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2679"
                },
                {
                  "name": "RHSA-2017:2680",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2680"
                },
                {
                  "name": "RHSA-2017:2707",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2707"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000251",
        "datePublished": "2017-09-12T17:00:00.000Z",
        "dateReserved": "2017-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:00:39.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }