CVE-2018-3639

NameCVE-2018-3639
DescriptionSystems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1423-1, DLA-1446-1, DLA-1529-1, DLA-1715-1, DLA-1731-1, DSA-4210-1, DSA-4273-1, DSA-4273-2, ELA-111-1, ELA-18-1, ELA-50-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
intel-microcode (PTS)jessie/non-free3.20240910.1~deb8u1fixed
jessie/non-free (lts)3.20230214.1~deb8u1fixed
stretch/non-free3.20240910.1~deb9u1fixed
stretch/non-free (security)3.20210608.2~deb9u2fixed
stretch/non-free (lts)3.20230214.1~deb9u1fixed
buster/non-free3.20240910.1~deb10u1fixed
buster/non-free (security)3.20240312.1~deb10u1fixed
bullseye/non-free3.20240813.1~deb11u1fixed
bullseye/non-free (security)3.20240910.1~deb11u1fixed
bookworm/non-free-firmware3.20240910.1~deb12u1fixed
bookworm/non-free-firmware (security)3.20231114.1~deb12u1fixed
trixie/non-free-firmware, sid/non-free-firmware3.20241112.1fixed
linux (PTS)jessie, jessie (lts)3.16.84-1fixed
stretch (security)4.9.320-2fixed
stretch (lts), stretch4.9.320-3fixed
buster (security), buster, buster (lts)4.19.316-1fixed
bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.119-1fixed
trixie6.12.5-1fixed
sid6.12.6-1fixed
linux-4.9 (PTS)jessie, jessie (lts)4.9.303-1~deb8u3fixed
xen (PTS)jessie, jessie (lts)4.4.4lts5-0+deb8u1vulnerable
stretch (security), stretch (lts), stretch4.8.5.final+shim4.10.4-1+deb9u12fixed
buster (security), buster, buster (lts)4.11.4+107-gef32c7afa2-1fixed
bullseye4.14.6-1fixed
bullseye (security)4.14.5+94-ge49571868d-1fixed
bookworm4.17.3+10-g091466ba55-1~deb12u1fixed
sid, trixie4.17.3+36-g54dacb5c02-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
intel-microcodesourcewheezy3.20180703.2~bpo8+1~deb7u1ELA-18-1
intel-microcodesourcejessie3.20180703.2~deb8u1DLA-1446-1
intel-microcodesourcestretch3.20180807a.1~deb9u1DSA-4273-2
intel-microcodesource(unstable)3.20180703.1
linuxsourcewheezy3.16.64-2~deb7u1ELA-111-1
linuxsourcejessie3.16.64-1DLA-1731-1
linuxsourcestretch4.9.107-1
linuxsource(unstable)4.16.12-1
linux-4.9sourcejessie4.9.144-3.1~deb8u1DLA-1715-1
xensourcestretch4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7DSA-4210-1
xensource(unstable)4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7

Notes

[wheezy] - linux <ignored> (Too much work to backport)
[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
https://xenbits.xen.org/xsa/advisory-263.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
most server type CPUs, additional models were supported in the 3.20180807a.1 release
Qemu part of the mitigations for the speculative store buffer bypass
vulnerabilities on x86 are needed: #908682
https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
https://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd

Search for package or bug name: Reporting problems