What is CVE-2018-3639?

CVE-2018-3639 is a medium-severity vulnerability in Arm Cortex-a, classified under Observable Discrepancy. CVSS score: 5.5/10. Published 2018-05-22.

How severe is CVE-2018-3639?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2018-3639 known to be exploited?

70 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Arm Cortex-a

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local use…

EPSS: 0.467 (97.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Arm Cortex-a — versions 15, 57, 72
Intel Atom_c — versions c2308, c3308, c3338
Intel Atom_e — versions e3805, e3815, e3825
Intel Atom_x5-e3930
Intel Atom_x5-e3940
Intel Atom_x7-e3950
Intel Atom_z — versions z2420, z2460, z2480
Intel Celeron_j — versions j3455, j4005, j4105
Intel Celeron_n — versions n3450
Intel Core_i3 — versions 32nm, 45nm

Weakness classification (CWE)

CWE-203 — Observable Discrepancy

Public proof-of-concept exploits

References

secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2018-3639?: CVE-2018-3639 is a medium-severity vulnerability in Arm Cortex-a, classified under Observable Discrepancy. CVSS score: 5.5/10. Published 2018-05-22.
How severe is CVE-2018-3639?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2018-3639 known to be exploited?: 70 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.