Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability

Risk

Low

Date Discovered

May 21, 2018

Description

Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Technologies Affected

  • ARM Cortex A15
  • ARM Cortex A57
  • ARM Cortex A72
  • IBM AIX 5.3
  • IBM AIX 6.1
  • IBM AIX 7.1
  • IBM Aix 7.2
  • IBM Vios 2.2.0
  • Intel 2nd generation Core processors
  • Intel 3rd generation Core processors
  • Intel 4th generation Core processors
  • Intel 5th generation Core processors
  • Intel 6th generation Core processors
  • Intel 7th generation Core processors
  • Intel 8th generation Core processors
  • Intel Atom Processor A Series
  • Intel Atom Processor C Series
  • Intel Atom Processor E Series
  • Intel Atom Processor T Series
  • Intel Atom Processor X Series
  • Intel Atom Processor Z Series
  • Intel Celeron Processor J Series
  • Intel Celeron Processor N Series
  • Intel Core M processor family
  • Intel Core X-series Processor Family for Intel X299 platforms
  • Intel Core X-series Processor Family for Intel X99 platforms
  • Intel Pentium Processor J Series
  • Intel Pentium Processor N Series
  • Intel Pentium Processor Silver Series
  • Intel Xeon Processor E3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon processor 3400 series
  • Intel Xeon processor 3600 series
  • Intel Xeon processor 5500 series
  • Intel Xeon processor 5600 series
  • Intel Xeon processor 6500 series
  • Intel Xeon processor 7500 series
  • Microsoft Surface Book 2
  • Microsoft Surface Laptop
  • Microsoft Surface Pro 3
  • Microsoft Surface Pro 4
  • Microsoft Surface Pro Model 1796
  • Microsoft Surface Pro with Advanced LTE Model 1807
  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 Version 1803 for 32-bit Systems
  • Microsoft Windows 10 Version 1803 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1703 for 32-bit Systems
  • Microsoft Windows 10 version 1703 for x64-based Systems
  • Microsoft Windows 10 version 1709 for 32-bit Systems
  • Microsoft Windows 10 version 1709 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for 64-bit Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 1709
  • Microsoft Windows Server 1803
  • Microsoft Windows Server 2008 R2 for x64-based Systems (Server Core instal SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems (Server Core installation SP2
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems (Server Core installat SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • NetApp SolidFire Element OS Management Node
  • Oracle Solaris 11
  • Redhat Enterprise Linux Desktop 6
  • Redhat Enterprise Linux Desktop 7
  • Redhat Enterprise Linux EUS Compute Node 6.7
  • Redhat Enterprise Linux EUS Compute Node 7.3
  • Redhat Enterprise Linux EUS Compute Node 7.4
  • Redhat Enterprise Linux EUS Compute Node 7.5
  • Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3
  • Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4
  • Redhat Enterprise Linux Server - AUS 6.6
  • Redhat Enterprise Linux Server - AUS 7.2
  • Redhat Enterprise Linux Server - AUS 7.3
  • Redhat Enterprise Linux Server - AUS 7.4
  • Redhat Enterprise Linux Server - Extended Update Support 6.7
  • Redhat Enterprise Linux Server - Extended Update Support 7.3
  • Redhat Enterprise Linux Server - Extended Update Support 7.4
  • Redhat Enterprise Linux Server - Extended Update Support 7.5
  • Redhat Enterprise Linux Server - TUS 6.6
  • Redhat Enterprise Linux Server - TUS 7.2
  • Redhat Enterprise Linux Server - TUS 7.3
  • Redhat Enterprise Linux Server - TUS 7.4
  • Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.2
  • Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.3
  • Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.4
  • Redhat Enterprise Linux Server 6
  • Redhat Enterprise Linux Server 7
  • Redhat Enterprise Linux Server AUS 6.4
  • Redhat Enterprise Linux Server AUS 6.5
  • Redhat Enterprise Linux Workstation 6
  • Redhat Enterprise Linux Workstation 7
  • Redhat Enterprise Linux for ARM 64 7
  • Redhat Enterprise Linux for IBM System z (Structure A) 7
  • Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7
  • Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.3
  • Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
  • Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.5
  • Redhat Enterprise Linux for IBM z Systems 7
  • Redhat Enterprise Linux for Power 9 7
  • Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7
  • Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3
  • Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
  • Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.5
  • Redhat Enterprise Linux for Power, big endian 6
  • Redhat Enterprise Linux for Power, big endian 7
  • Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3
  • Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
  • Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.5
  • Redhat Enterprise Linux for Power, little endian 7
  • Redhat Enterprise Linux for Real Time 7
  • Redhat Enterprise Linux for Real Time for NFV 7
  • Redhat Enterprise Linux for Scientific Computing 6
  • Redhat Enterprise Linux for Scientific Computing 7
  • Redhat Gluster Storage Server for On-premise 3 for RHEL 7
  • Redhat MRG Realtime 2
  • Redhat OpenStack 10.0
  • Redhat OpenStack 12.0
  • Redhat OpenStack 7.0
  • Redhat OpenStack 8.0
  • Redhat OpenStack 9.0
  • Redhat OpenStack for IBM Power 12.0
  • Redhat Virtualization - ELS 3
  • Redhat Virtualization 4
  • Redhat Virtualization Host 4
  • Redhat Virtualization Manager 4.2
  • Redhat Virtualization for IBM Power LE 4
  • Synology Dsm 5.2
  • Synology Dsm 6.0
  • Synology Dsm 6.1
  • Synology Sky NAS
  • Synology Virtual DSM
  • Ubuntu Ubuntu Linux 14.04 LTS
  • Ubuntu Ubuntu Linux 16.04 LTS
  • Ubuntu Ubuntu Linux 17.10
  • Ubuntu Ubuntu Linux 18.04 LTS
  • VMWare Fusion 10.0
  • VMWare Fusion 10.1.1
  • VMWare Fusion Pro 10.0
  • VMWare Fusion Pro 10.1.1
  • VMWare Workstation Player 14.0
  • VMWare Workstation Player 14.1
  • VMWare Workstation Player 14.1.1
  • VMWare Workstation Pro 14.0
  • VMWare Workstation Pro 14.1
  • VMWare Workstation Pro 14.1.1
  • VMWare vCenter Server 5.5
  • VMWare vCenter Server 6.0
  • VMWare vCenter Server 6.5
  • VMWare vCenter Server 6.7
  • VMWare vSphere ESXi 5.5
  • VMWare vSphere ESXi 6.0
  • VMWare vSphere ESXi 6.5
  • VMWare vSphere ESXi 6.7
  • Xen Xen

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the local nature of this issue, grant only trusted and accountable individuals access to affected computers.

Updates are available. Please see the references or vendor advisory for more information.

References

Credits

Ken Johnson of Microsoft Corporation and Jann Horn of Google Project Zero


© 1995- Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.