DEBIAN-CVE-2018-3639

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2018-3639

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-3639.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2018-3639

Upstream

CVE-2018-3639

Published

2018-05-22T12:29:00Z

Modified

2025-09-19T07:29:41.341065Z

Summary

[none]

Details

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

References

https://security-tracker.debian.org/tracker/CVE-2018-3639

Affected packages

Debian:11

intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/debian/intel-microcode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20180703.1

Affected versions

0.*

0.20080131-1

0.20080220-1

0.20080401-1

0.20080910-1

0.20080910-2

0.20090330-1

0.20090927-1

0.20100826-1

0.20100914-1

0.20101123-1

0.20110428-1

0.20110915-1

0.20111110-1

0.20120606-1

1.*

1.20120606.1

1.20120606.2

1.20120606.3

1.20120606.4

1.20120606.5

1.20120606.6~bpo60+1

1.20120606.6

1.20120606.v2.1

1.20120606.v2.2~bpo60+1

1.20120606.v2.2

1.20130222.1~bpo60+1

1.20130222.1

1.20130222.3

1.20130222.4

1.20130222.5

1.20130222.6

1.20130808.1

1.20130808.2

1.20130906.1

1.20140122.1~bpo60+1

1.20140122.1

1.20140430.1~bpo60+1

1.20140430.1

1.20140624.1~bpo60+1

1.20140624.1

1.20140913.1~bpo60+1

1.20140913.1

1.20150121.1

2.*

2.20130808.1~bpo70+1

2.20130808.1

2.20130906.1~bpo70+1

2.20130906.1

2.20140122.1~bpo70+1

2.20140122.1

2.20140430.1~bpo70+1

2.20140430.1

2.20140624.1~bpo70+1

2.20140624.1

3.*

3.20140913.1~bpo70+1

3.20140913.1~bpo70+2

3.20140913.1

3.20150107.1~bpo70+1

3.20150107.1

3.20150121.1~bpo70+1

3.20150121.1

3.20151106.1~bpo7+1

3.20151106.1~bpo8+1

3.20151106.1~deb8u1

3.20151106.1

3.20151106.2

3.20160607.1

3.20160607.2~bpo8+1

3.20160607.2

3.20160714.1~bpo8+1

3.20160714.1~deb8u1~bpo7+1

3.20160714.1~deb8u1

3.20160714.1

3.20161104.1~bpo8+1

3.20161104.1~deb8u1~bpo7+1

3.20161104.1~deb8u1

3.20161104.1

3.20170511.1~bpo8+1

3.20170511.1

3.20170707.1~bpo8+1

3.20170707.1~bpo9+1

3.20170707.1~deb8u1

3.20170707.1~deb9u1

3.20170707.1

3.20171117.1~bpo8+1

3.20171117.1~bpo9+1

3.20171117.1

3.20171215.1

3.20180108.1

3.20180108.1+really20171117.1

3.20180312.1~bpo8+1

3.20180312.1~bpo9+1

3.20180312.1

3.20180425.1~bpo8+1

3.20180425.1~bpo9+1

3.20180425.1~deb8u1

3.20180425.1~deb9u1

3.20180425.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/debian/intel-microcode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20180703.1

Affected versions

0.*

0.20080131-1

0.20080220-1

0.20080401-1

0.20080910-1

0.20080910-2

0.20090330-1

0.20090927-1

0.20100826-1

0.20100914-1

0.20101123-1

0.20110428-1

0.20110915-1

0.20111110-1

0.20120606-1

1.*

1.20120606.1

1.20120606.2

1.20120606.3

1.20120606.4

1.20120606.5

1.20120606.6~bpo60+1

1.20120606.6

1.20120606.v2.1

1.20120606.v2.2~bpo60+1

1.20120606.v2.2

1.20130222.1~bpo60+1

1.20130222.1

1.20130222.3

1.20130222.4

1.20130222.5

1.20130222.6

1.20130808.1

1.20130808.2

1.20130906.1

1.20140122.1~bpo60+1

1.20140122.1

1.20140430.1~bpo60+1

1.20140430.1

1.20140624.1~bpo60+1

1.20140624.1

1.20140913.1~bpo60+1

1.20140913.1

1.20150121.1

2.*

2.20130808.1~bpo70+1

2.20130808.1

2.20130906.1~bpo70+1

2.20130906.1

2.20140122.1~bpo70+1

2.20140122.1

2.20140430.1~bpo70+1

2.20140430.1

2.20140624.1~bpo70+1

2.20140624.1

3.*

3.20140913.1~bpo70+1

3.20140913.1~bpo70+2

3.20140913.1

3.20150107.1~bpo70+1

3.20150107.1

3.20150121.1~bpo70+1

3.20150121.1

3.20151106.1~bpo7+1

3.20151106.1~bpo8+1

3.20151106.1~deb8u1

3.20151106.1

3.20151106.2

3.20160607.1

3.20160607.2~bpo8+1

3.20160607.2

3.20160714.1~bpo8+1

3.20160714.1~deb8u1~bpo7+1

3.20160714.1~deb8u1

3.20160714.1

3.20161104.1~bpo8+1

3.20161104.1~deb8u1~bpo7+1

3.20161104.1~deb8u1

3.20161104.1

3.20170511.1~bpo8+1

3.20170511.1

3.20170707.1~bpo8+1

3.20170707.1~bpo9+1

3.20170707.1~deb8u1

3.20170707.1~deb9u1

3.20170707.1

3.20171117.1~bpo8+1

3.20171117.1~bpo9+1

3.20171117.1

3.20171215.1

3.20180108.1

3.20180108.1+really20171117.1

3.20180312.1~bpo8+1

3.20180312.1~bpo9+1

3.20180312.1

3.20180425.1~bpo8+1

3.20180425.1~bpo9+1

3.20180425.1~deb8u1

3.20180425.1~deb9u1

3.20180425.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/debian/intel-microcode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20180703.1

Affected versions

0.*

0.20080131-1

0.20080220-1

0.20080401-1

0.20080910-1

0.20080910-2

0.20090330-1

0.20090927-1

0.20100826-1

0.20100914-1

0.20101123-1

0.20110428-1

0.20110915-1

0.20111110-1

0.20120606-1

1.*

1.20120606.1

1.20120606.2

1.20120606.3

1.20120606.4

1.20120606.5

1.20120606.6~bpo60+1

1.20120606.6

1.20120606.v2.1

1.20120606.v2.2~bpo60+1

1.20120606.v2.2

1.20130222.1~bpo60+1

1.20130222.1

1.20130222.3

1.20130222.4

1.20130222.5

1.20130222.6

1.20130808.1

1.20130808.2

1.20130906.1

1.20140122.1~bpo60+1

1.20140122.1

1.20140430.1~bpo60+1

1.20140430.1

1.20140624.1~bpo60+1

1.20140624.1

1.20140913.1~bpo60+1

1.20140913.1

1.20150121.1

2.*

2.20130808.1~bpo70+1

2.20130808.1

2.20130906.1~bpo70+1

2.20130906.1

2.20140122.1~bpo70+1

2.20140122.1

2.20140430.1~bpo70+1

2.20140430.1

2.20140624.1~bpo70+1

2.20140624.1

3.*

3.20140913.1~bpo70+1

3.20140913.1~bpo70+2

3.20140913.1

3.20150107.1~bpo70+1

3.20150107.1

3.20150121.1~bpo70+1

3.20150121.1

3.20151106.1~bpo7+1

3.20151106.1~bpo8+1

3.20151106.1~deb8u1

3.20151106.1

3.20151106.2

3.20160607.1

3.20160607.2~bpo8+1

3.20160607.2

3.20160714.1~bpo8+1

3.20160714.1~deb8u1~bpo7+1

3.20160714.1~deb8u1

3.20160714.1

3.20161104.1~bpo8+1

3.20161104.1~deb8u1~bpo7+1

3.20161104.1~deb8u1

3.20161104.1

3.20170511.1~bpo8+1

3.20170511.1

3.20170707.1~bpo8+1

3.20170707.1~bpo9+1

3.20170707.1~deb8u1

3.20170707.1~deb9u1

3.20170707.1

3.20171117.1~bpo8+1

3.20171117.1~bpo9+1

3.20171117.1

3.20171215.1

3.20180108.1

3.20180108.1+really20171117.1

3.20180312.1~bpo8+1

3.20180312.1~bpo9+1

3.20180312.1

3.20180425.1~bpo8+1

3.20180425.1~bpo9+1

3.20180425.1~deb8u1

3.20180425.1~deb9u1

3.20180425.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/debian/intel-microcode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20180703.1

Affected versions

0.*

0.20080131-1

0.20080220-1

0.20080401-1

0.20080910-1

0.20080910-2

0.20090330-1

0.20090927-1

0.20100826-1

0.20100914-1

0.20101123-1

0.20110428-1

0.20110915-1

0.20111110-1

0.20120606-1

1.*

1.20120606.1

1.20120606.2

1.20120606.3

1.20120606.4

1.20120606.5

1.20120606.6~bpo60+1

1.20120606.6

1.20120606.v2.1

1.20120606.v2.2~bpo60+1

1.20120606.v2.2

1.20130222.1~bpo60+1

1.20130222.1

1.20130222.3

1.20130222.4

1.20130222.5

1.20130222.6

1.20130808.1

1.20130808.2

1.20130906.1

1.20140122.1~bpo60+1

1.20140122.1

1.20140430.1~bpo60+1

1.20140430.1

1.20140624.1~bpo60+1

1.20140624.1

1.20140913.1~bpo60+1

1.20140913.1

1.20150121.1

2.*

2.20130808.1~bpo70+1

2.20130808.1

2.20130906.1~bpo70+1

2.20130906.1

2.20140122.1~bpo70+1

2.20140122.1

2.20140430.1~bpo70+1

2.20140430.1

2.20140624.1~bpo70+1

2.20140624.1

3.*

3.20140913.1~bpo70+1

3.20140913.1~bpo70+2

3.20140913.1

3.20150107.1~bpo70+1

3.20150107.1

3.20150121.1~bpo70+1

3.20150121.1

3.20151106.1~bpo7+1

3.20151106.1~bpo8+1

3.20151106.1~deb8u1

3.20151106.1

3.20151106.2

3.20160607.1

3.20160607.2~bpo8+1

3.20160607.2

3.20160714.1~bpo8+1

3.20160714.1~deb8u1~bpo7+1

3.20160714.1~deb8u1

3.20160714.1

3.20161104.1~bpo8+1

3.20161104.1~deb8u1~bpo7+1

3.20161104.1~deb8u1

3.20161104.1

3.20170511.1~bpo8+1

3.20170511.1

3.20170707.1~bpo8+1

3.20170707.1~bpo9+1

3.20170707.1~deb8u1

3.20170707.1~deb9u1

3.20170707.1

3.20171117.1~bpo8+1

3.20171117.1~bpo9+1

3.20171117.1

3.20171215.1

3.20180108.1

3.20180108.1+really20171117.1

3.20180312.1~bpo8+1

3.20180312.1~bpo9+1

3.20180312.1

3.20180425.1~bpo8+1

3.20180425.1~bpo9+1

3.20180425.1~deb8u1

3.20180425.1~deb9u1

3.20180425.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}