CVE-2018-5407
Summary
| CVE | CVE-2018-5407 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-15 21:29:00 UTC |
| Updated | 2023-11-07 02:58:00 UTC |
| Description | Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. |
Risk And Classification
Problem Types: CWE-203
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
| Application | Oracle | Api Gateway | 11.1.2.4.0 | All | All | All |
| Application | Oracle | Api Gateway | 11.1.2.4.0 | All | All | All |
| Application | Oracle | Application Server | 0.9.8 | All | All | All |
| Application | Oracle | Application Server | 1.0.0 | All | All | All |
| Application | Oracle | Application Server | 1.0.1 | All | All | All |
| Application | Oracle | Application Server | 0.9.8 | All | All | All |
| Application | Oracle | Application Server | 1.0.0 | All | All | All |
| Application | Oracle | Application Server | 1.0.1 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 12.1.0.5.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.2.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.3.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 12.1.0.5.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.2.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.3.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.3.3 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.3.3 | All | All | All |
| Application | Oracle | Mysql Enterprise Backup | All | All | All | All |
| Application | Oracle | Mysql Enterprise Backup | All | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.55 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.56 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.57 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.55 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.56 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.57 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 18.8 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.4 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 18.8 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.4 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | All | All | All | All |
| Application | Oracle | Tuxedo | 12.1.1.0.0 | All | All | All |
| Application | Oracle | Tuxedo | 12.1.1.0.0 | All | All | All |
| Application | Oracle | Vm Virtualbox | All | All | All | All |
| Application | Oracle | Vm Virtualbox | All | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Tenable | Nessus | All | All | All | All |
| Application | Tenable | Nessus | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| support.f5.com/csp/article/K49711130 | CONFIRM | support.f5.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | Third Party Advisory |
| [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | Third Party Advisory |
| Debian -- Security Information -- DSA-4348-1 openssl | DEBIAN | www.debian.org | Third Party Advisory |
| myF5 | support.f5.com | ||
| CVE-2018-5407 Simultaneous Multithreading Side-Channel Information Disclosure Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| November 2018 Security Releases | Node.js | CONFIRM | nodejs.org | Third Party Advisory |
| OpenSSL: Multiple vulnerabilities (GLSA 201903-10) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| eprint.iacr.org/2018/1060.pdf | MISC | eprint.iacr.org | Technical Description, Third Party Advisory |
| Oracle Critical Patch Update - January 2019 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel - Hardware local Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update - July 2019 | MISC | www.oracle.com | Patch, Third Party Advisory |
| [SECURITY] [DLA 1586-1] openssl security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Debian -- Security Information -- DSA-4355-1 openssl1.0 | DEBIAN | www.debian.org | Third Party Advisory |
| Oracle Critical Patch Update Advisory - January 2020 | MISC | www.oracle.com | Patch, Third Party Advisory |
| USN-3840-1: OpenSSL vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | Patch, Third Party Advisory |
| GitHub - bbbrumley/portsmash | MISC | github.com | Exploit, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2019 | MISC | www.oracle.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296075 Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)
- 296090 Oracle Solaris 11.4 Support Repository Update (SRU) 5.1.3 Missing (CPUJAN2019)
- 377283 Alibaba Cloud Linux Security Update for ovmf security and enhancement update (moderate) (ALINUX2-SA-2019:0106)
- 690613 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (6f170cf2-e6b7-11e8-a9a8-b499baebfeaf)