Vulnerability Details : CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2018-5407
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-5407
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
[email protected] |
|
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.0
|
3.6
|
[email protected] |
CWE ids for CVE-2018-5407
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: [email protected] (Secondary)
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by: [email protected] (Primary)
References for CVE-2018-5407
-
https://www.oracle.com/security-alerts/cpujan2020.html
Patch;Third Party Advisory
-
https://eprint.iacr.org/2018/1060.pdf
Technical Description;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch;Third Party Advisory
-
https://www.tenable.com/security/tns-2018-17
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3931
Third Party Advisory
-
https://usn.ubuntu.com/3840-1/
Third Party Advisory
-
https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2125
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0483
Third Party Advisory
-
https://www.tenable.com/security/tns-2018-16
Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch;Third Party Advisory
-
https://github.com/bbbrumley/portsmash
Exploit;Third Party Advisory
-
http://www.securityfocus.com/bid/105897
Third Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20181126-0001/
Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
Mailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/45785/
Exploit;Third Party Advisory;VDB Entry
-
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0651
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3935
Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:3932
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3933
Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4348
Third Party Advisory
-
https://security.gentoo.org/glsa/201903-10
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3929
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0652
Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4355
Third Party Advisory
Products affected by CVE-2018-5407
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
- Oracle » Primavera P6 Enterprise Project Portfolio ManagementVersions from including (>=) 17.7 and up to, including, (<=) 17.12cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*
- Oracle » Mysql Enterprise BackupVersions from including (>=) 3.12.4 and up to, including, (<=) 4.1.2cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*