Vulnerability-Lookup

BDU:2018-01636

Vulnerability from fstec - Published: 30.10.2018

Title

Уязвимость процессоров Intel архитектур Skylake и Kaby Lake, связанная с ошибками реализации технологии одновременной многопоточности (SMT), позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость процессоров Intel архитектур Skylake и Kaby Lake связана с с ошибками реализации технологии одновременной многопоточности (SMT). Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию

Severity ?


                    
                      AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Vendor

Canonical Ltd., ООО «РусБИТех-Астра», Oracle Corp., Red Hat Inc., Сообщество свободного программного обеспечения, Novell Inc., IBM Corp., Intel Corp., Node.js Foundation, OpenSSL Software Foundation

Software Name

Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), API Gateway, Red Hat Enterprise Linux, Debian GNU/Linux, OpenSUSE Leap, IBM Vios, IBM Aix, Enterprise Manager Ops Center, Intel Kaby Lake, rhvm-appliance, redhat-virtualization-host, Tuxedo, PeopleSoft Enterprise PeopleTools, Primavera P6 Enterprise Project Portfolio Management, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, Node.js, SUSE Linux Enterprise Module for Web Scripting, Secure Global Desktop, Enterprise Manager Base Platform, Application Server, MySQL Enterprise Backup, SUSE Studio Onsite, SUSE CaaS Platform, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Module for Legacy Software, SUSE OpenStack Cloud Crowbar, OpenStack Cloud Magnum Orchestration, Red Hat Enterprise Virtualization, SUSE Linux Enterprise High Performance Computing, OpenSSL

Software Version

14.04 LTS (Ubuntu), 1.5 «Смоленск» (Astra Linux Special Edition), 11.1.2.4.0 (API Gateway), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 2.2.1.0 (IBM Vios), 2.2.1.1 (IBM Vios), 2.2.1.3 (IBM Vios), 2.2.1 4 (IBM Vios), 2.2.1.8 (IBM Vios), 2.2.1.9 (IBM Vios), 2.2.2.0 (IBM Vios), 2.2.2.4 (IBM Vios), 2.2.2.5 (IBM Vios), 2.2.2.6 (IBM Vios), 2.2.3.0 (IBM Vios), 2.2.3.2 (IBM Vios), 2.2.3.3 (IBM Vios), 2.2.3.4 (IBM Vios), 2.2.3.50 (IBM Vios), 2.2.4.0 (IBM Vios), 5.3 (IBM Aix), 6.1 (IBM Aix), 7.1 (IBM Aix), 7.2 (IBM Aix), 18.04 LTS (Ubuntu), 12.3.3 (Enterprise Manager Ops Center), 18.10 (Ubuntu), 2.2.3 (IBM Vios), 2.2 (IBM Vios), 2.2.0.13 (IBM Vios), 2.2.0.11 (IBM Vios), 2.2.0.10 (IBM Vios), - (Intel Kaby Lake), - (rhvm-appliance), - (redhat-virtualization-host), 12.1.1.0 (Tuxedo), 8.55 (PeopleSoft Enterprise PeopleTools), 8.56 (PeopleSoft Enterprise PeopleTools), 8.57 (PeopleSoft Enterprise PeopleTools), 1.6 «Смоленск» (Astra Linux Special Edition), 8.4 (Primavera P6 Enterprise Project Portfolio Management), 15.1 (Primavera P6 Enterprise Project Portfolio Management), 15.2 (Primavera P6 Enterprise Project Portfolio Management), 16.1 (Primavera P6 Enterprise Project Portfolio Management), 16.2 (Primavera P6 Enterprise Project Portfolio Management), 18.8 (Primavera P6 Enterprise Project Portfolio Management), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 10 (Node.js), 12 (SUSE Linux Enterprise Module for Web Scripting), 5.4 (Secure Global Desktop), 12.1.0.5 (Enterprise Manager Base Platform), 6 (Node.js), 8 (Node.js), от 17.7 до 17.12 включительно (Primavera P6 Enterprise Project Portfolio Management), 0.9.8 (Application Server), 1.0.0 (Application Server), 1.0.1 (Application Server), до 3.12.3 включительно (MySQL Enterprise Backup), до 4.1.2 включительно (MySQL Enterprise Backup), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 1.3 (SUSE Studio Onsite), 3.0 (SUSE CaaS Platform), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 11 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (SUSE OpenStack Cloud Crowbar), 8 (Debian GNU/Linux), 11 SP3-LTSS (Suse Linux Enterprise Server), 7 (OpenStack Cloud Magnum Orchestration), 12 (SUSE Linux Enterprise Module for Legacy Software), 11-SECURITY (Suse Linux Enterprise Server), 11-SECURITY (SUSE Linux Enterprise Server for SAP Applications), 4 (Red Hat Enterprise Virtualization), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 13.2.0.0 (Enterprise Manager Base Platform), 13.3.0.0 (Enterprise Manager Base Platform), от 1.0.2 до 1.0.2q (OpenSSL), от 1.1.0 до 1.1.0i (OpenSSL)

Possible Mitigations

Для openssl: Обновление программного обеспечения до 1.1.1a-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета openssl) до 1.0.1t-1+deb8u10 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета openssl) до 1.0.1t-1+deb8u10 или более поздней версии Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2018-5407 Для Node.js: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ Для программных продуктов Canonical Ltd.: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5407.html Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2018-5407 Для ОС Astra Linux 1.6 «Смоленск»: - обновить пакет openssl1.0 до 1.0.2s-1~deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186 - обновить пакет openssl до 1.1.0k-1~deb9u1~astra0u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186

Reference

https://xakep.ru/2018/11/02/portsmash/ https://access.redhat.com/security/cve/cve-2018-5407 https://www.securityfocus.com/bid/105897 https://usn.ubuntu.com/3840-1/ https://nvd.nist.gov/vuln/detail/CVE-2018-5407 https://security-tracker.debian.org/tracker/CVE-2018-5407 https://access.redhat.com/security/cve/cve-2018-5407 https://github.com/bbbrumley/portsmash https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16

CWE

CWE-200, CWE-208

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Oracle Corp., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., IBM Corp., Intel Corp., Node.js Foundation, OpenSSL Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 11.1.2.4.0 (API Gateway), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 2.2.1.0 (IBM Vios), 2.2.1.1 (IBM Vios), 2.2.1.3 (IBM Vios), 2.2.1 4 (IBM Vios), 2.2.1.8 (IBM Vios), 2.2.1.9 (IBM Vios), 2.2.2.0 (IBM Vios), 2.2.2.4 (IBM Vios), 2.2.2.5 (IBM Vios), 2.2.2.6 (IBM Vios), 2.2.3.0 (IBM Vios), 2.2.3.2 (IBM Vios), 2.2.3.3 (IBM Vios), 2.2.3.4 (IBM Vios), 2.2.3.50 (IBM Vios), 2.2.4.0 (IBM Vios), 5.3 (IBM Aix), 6.1 (IBM Aix), 7.1 (IBM Aix), 7.2 (IBM Aix), 18.04 LTS (Ubuntu), 12.3.3 (Enterprise Manager Ops Center), 18.10 (Ubuntu), 2.2.3 (IBM Vios), 2.2 (IBM Vios), 2.2.0.13 (IBM Vios), 2.2.0.11 (IBM Vios), 2.2.0.10 (IBM Vios), - (Intel Kaby Lake), - (rhvm-appliance), - (redhat-virtualization-host), 12.1.1.0 (Tuxedo), 8.55 (PeopleSoft Enterprise PeopleTools), 8.56 (PeopleSoft Enterprise PeopleTools), 8.57 (PeopleSoft Enterprise PeopleTools), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8.4 (Primavera P6 Enterprise Project Portfolio Management), 15.1 (Primavera P6 Enterprise Project Portfolio Management), 15.2 (Primavera P6 Enterprise Project Portfolio Management), 16.1 (Primavera P6 Enterprise Project Portfolio Management), 16.2 (Primavera P6 Enterprise Project Portfolio Management), 18.8 (Primavera P6 Enterprise Project Portfolio Management), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 10 (Node.js), 12 (SUSE Linux Enterprise Module for Web Scripting), 5.4 (Secure Global Desktop), 12.1.0.5 (Enterprise Manager Base Platform), 6 (Node.js), 8 (Node.js), \u043e\u0442 17.7 \u0434\u043e 17.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Primavera P6 Enterprise Project Portfolio Management), 0.9.8 (Application Server), 1.0.0 (Application Server), 1.0.1 (Application Server), \u0434\u043e 3.12.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Backup), \u0434\u043e 4.1.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Backup), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 1.3 (SUSE Studio Onsite), 3.0 (SUSE CaaS Platform), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 11 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (SUSE OpenStack Cloud Crowbar), 8 (Debian GNU/Linux), 11 SP3-LTSS (Suse Linux Enterprise Server), 7 (OpenStack Cloud Magnum Orchestration), 12 (SUSE Linux Enterprise Module for Legacy Software), 11-SECURITY (Suse Linux Enterprise Server), 11-SECURITY (SUSE Linux Enterprise Server for SAP Applications), 4 (Red Hat Enterprise Virtualization), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 13.2.0.0 (Enterprise Manager Base Platform), 13.3.0.0 (Enterprise Manager Base Platform), \u043e\u0442 1.0.2 \u0434\u043e 1.0.2q (OpenSSL), \u043e\u0442 1.1.0 \u0434\u043e 1.1.0i (OpenSSL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f openssl:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1.1.1a-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openssl) \u0434\u043e 1.0.1t-1+deb8u10 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openssl) \u0434\u043e 1.0.1t-1+deb8u10 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2018-5407\n\n\u0414\u043b\u044f Node.js:\nhttps://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ \n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Canonical Ltd.:\nhttps://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5407.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-5407\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 openssl1.0 \u0434\u043e 1.0.2s-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 openssl \u0434\u043e 1.1.0k-1~deb9u1~astra0u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.10.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.12.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01636",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-5407",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), API Gateway, Red Hat Enterprise Linux, Debian GNU/Linux, OpenSUSE Leap, IBM Vios, IBM Aix, Enterprise Manager Ops Center, Intel Kaby Lake, rhvm-appliance, redhat-virtualization-host, Tuxedo, PeopleSoft Enterprise PeopleTools, Primavera P6 Enterprise Project Portfolio Management, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, Node.js, SUSE Linux Enterprise Module for Web Scripting, Secure Global Desktop, Enterprise Manager Base Platform, Application Server, MySQL Enterprise Backup, SUSE Studio Onsite, SUSE CaaS Platform, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Module for Legacy Software, SUSE OpenStack Cloud Crowbar, OpenStack Cloud Magnum Orchestration, Red Hat Enterprise Virtualization, SUSE Linux Enterprise High Performance Computing, OpenSSL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440 Skylake \u0438 Kaby Lake, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u0442\u043e\u0447\u043d\u043e\u0441\u0442\u0438 (SMT), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0423\u0442\u0435\u0447\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0438\u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0439 (CWE-208)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440 Skylake \u0438 Kaby Lake \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u0442\u043e\u0447\u043d\u043e\u0441\u0442\u0438 (SMT). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://xakep.ru/2018/11/02/portsmash/\n\nhttps://access.redhat.com/security/cve/cve-2018-5407\n\nhttps://www.securityfocus.com/bid/105897\n\nhttps://usn.ubuntu.com/3840-1/\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5407\nhttps://security-tracker.debian.org/tracker/CVE-2018-5407 https://access.redhat.com/security/cve/cve-2018-5407\nhttps://github.com/bbbrumley/portsmash\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-208",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}

CVE-2018-5407 (GCVE-0-2018-5407)

Vulnerability from cvelistv5 – Published: 2018-11-15 21:00 – Updated: 2024-08-05 05:33

Summary

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Severity ?

No CVSS data available.

CWE

CWE-200

Assigner

certcc

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2019:0483	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advis…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2018112…	x_refsource_CONFIRM
	https://usn.ubuntu.com/3840-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4355	vendor-advisoryx_refsource_DEBIAN
	https://www.tenable.com/security/tns-2018-17	x_refsource_CONFIRM
	https://nodejs.org/en/blog/vulnerability/november…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201903-10	vendor-advisoryx_refsource_GENTOO
	https://www.tenable.com/security/tns-2018-16	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/45785/	exploitx_refsource_EXPLOIT-DB
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://github.com/bbbrumley/portsmash	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4348	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/105897	vdb-entryx_refsource_BID
	https://eprint.iacr.org/2018/1060.pdf	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:0651	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0652	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:2125	vendor-advisoryx_refsource_REDHAT
	https://support.f5.com/csp/article/K49711130?utm_…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3929	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3933	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3931	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3935	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3932	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	N/A	Processors supporting Simultaneous Multi-Threading	Affected: N/A

Date Public ?

2018-11-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0483",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0483"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "45785",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45785/"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/bbbrumley/portsmash"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "105897",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eprint.iacr.org/2018/1060.pdf"
          },
          {
            "name": "RHSA-2019:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0651"
          },
          {
            "name": "RHSA-2019:0652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0652"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:2125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Processors supporting Simultaneous Multi-Threading",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2018-11-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:46.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2019:0483",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0483"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "45785",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45785/"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "name": "105897",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eprint.iacr.org/2018/1060.pdf"
        },
        {
          "name": "RHSA-2019:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0651"
        },
        {
          "name": "RHSA-2019:0652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0652"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:2125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5407",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Processors supporting Simultaneous Multi-Threading",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "N/A"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0483",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0483"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "45785",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45785/"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "https://github.com/bbbrumley/portsmash",
              "refsource": "MISC",
              "url": "https://github.com/bbbrumley/portsmash"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "105897",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105897"
            },
            {
              "name": "https://eprint.iacr.org/2018/1060.pdf",
              "refsource": "MISC",
              "url": "https://eprint.iacr.org/2018/1060.pdf"
            },
            {
              "name": "RHSA-2019:0651",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0651"
            },
            {
              "name": "RHSA-2019:0652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0652"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:2125",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2125"
            },
            {
              "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5407",
    "datePublished": "2018-11-15T21:00:00.000Z",
    "dateReserved": "2018-01-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:33:44.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2018-01636

CVE-2018-5407 (GCVE-0-2018-5407)

Tags

Sightings

Nomenclature