TROYANOSYVIRUS
Back to CVEs

CVE-2018-5407

MEDIUM
4.7

Description

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

CVE Details

CVSS v3.1 Score4.7
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published11/15/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

canonical:ubuntu_linuxdebian:debian_linuxnodejs:node.jsopenssl:openssloracle:api_gatewayoracle:application_serveroracle:enterprise_manager_base_platformoracle:enterprise_manager_ops_centeroracle:mysql_enterprise_backuporacle:peoplesoft_enterprise_peopletoolsoracle:primavera_p6_enterprise_project_portfolio_managementoracle:tuxedooracle:vm_virtualboxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationtenable:nessus

Weaknesses (CWE)

CWE-200CWE-203

References

http://www.securityfocus.com/bid/105897(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:0483(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:0651(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:0652(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:2125(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:3929(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:3931(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:3932(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:3933(cret@cert.org)
https://access.redhat.com/errata/RHSA-2019:3935(cret@cert.org)
https://eprint.iacr.org/2018/1060.pdf(cret@cert.org)
https://github.com/bbbrumley/portsmash(cret@cert.org)
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html(cret@cert.org)
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/(cret@cert.org)
https://security.gentoo.org/glsa/201903-10(cret@cert.org)
https://security.netapp.com/advisory/ntap-20181126-0001/(cret@cert.org)
https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS(cret@cert.org)
https://usn.ubuntu.com/3840-1/(cret@cert.org)
https://www.debian.org/security/2018/dsa-4348(cret@cert.org)
https://www.debian.org/security/2018/dsa-4355(cret@cert.org)
https://www.exploit-db.com/exploits/45785/(cret@cert.org)
https://www.oracle.com/security-alerts/cpuapr2020.html(cret@cert.org)
https://www.oracle.com/security-alerts/cpujan2020.html(cret@cert.org)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html(cret@cert.org)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(cret@cert.org)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(cret@cert.org)
https://www.tenable.com/security/tns-2018-16(cret@cert.org)
https://www.tenable.com/security/tns-2018-17(cret@cert.org)
http://www.securityfocus.com/bid/105897(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0483(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0651(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0652(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2125(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3929(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3931(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3932(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3933(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3935(af854a3a-2127-422b-91ae-364da2661108)
https://eprint.iacr.org/2018/1060.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/bbbrumley/portsmash(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html(af854a3a-2127-422b-91ae-364da2661108)
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201903-10(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20181126-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3840-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4348(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4355(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45785/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2018-16(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2018-17(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.