Vulnerability-Lookup

CVE-2018-3640 (GCVE-0-2018-3640)

Vulnerability from cvelistv5 – Published: 2018-05-22 12:00 – Updated: 2024-09-16 19:31

Summary

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

intel

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-22133	x_refsource_CONFIRM
	https://www.us-cert.gov/ncas/alerts/TA18-141A	third-party-advisoryx_refsource_CERT
	http://www.securitytracker.com/id/1042004	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1040949	vdb-entryx_refsource_SECTRACK
	https://psirt.global.sonicwall.com/vuln-detail/SN…	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synolog…	x_refsource_CONFIRM
	https://developer.arm.com/support/arm-security-up…	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/180049	third-party-advisoryx_refsource_CERT-VN
	http://www.fujitsu.com/global/support/products/so…	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-us/security-…	x_refsource_CONFIRM
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	https://www.mitel.com/en-ca/support/security-advi…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2018/dsa-4273	vendor-advisoryx_refsource_DEBIAN
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104228	vdb-entryx_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/3756-1/	vendor-advisoryx_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-2018052…	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Multiple	Affected: Multiple

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
          },
          {
            "name": "TA18-141A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
          },
          {
            "name": "1042004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "1040949",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040949"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "name": "VU#180049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/180049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
          },
          {
            "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "DSA-4273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
          },
          {
            "name": "104228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104228"
          },
          {
            "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
          },
          {
            "name": "USN-3756-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3756-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-05-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-08T12:06:05.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
        },
        {
          "name": "TA18-141A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
        },
        {
          "name": "1042004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042004"
        },
        {
          "name": "1040949",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040949"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "name": "VU#180049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/180049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
        },
        {
          "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "DSA-4273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
        },
        {
          "name": "104228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104228"
        },
        {
          "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
        },
        {
          "name": "USN-3756-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3756-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-05-21T00:00:00",
          "ID": "CVE-2018-3640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "name": "TA18-141A",
              "refsource": "CERT",
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "1040949",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_23",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "VU#180049",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
              "refsource": "CONFIRM",
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "DSA-4273",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "name": "104228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104228"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "USN-3756-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3640",
    "datePublished": "2018-05-22T12:00:00.000Z",
    "dateReserved": "2017-12-28T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:31:35.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2018-3640

Vulnerability from fkie_nvd - Published: 2018-05-22 12:29 - Updated: 2024-11-21 04:05

Severity ?

5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

References

URL	Tags
secure@intel.com	http://support.lenovo.com/us/en/solutions/LEN-22133	Third Party Advisory
secure@intel.com	http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html	Third Party Advisory
secure@intel.com	http://www.securityfocus.com/bid/104228	Third Party Advisory, VDB Entry
secure@intel.com	http://www.securitytracker.com/id/1040949	Third Party Advisory, VDB Entry
secure@intel.com	http://www.securitytracker.com/id/1042004
secure@intel.com	https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
secure@intel.com	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
secure@intel.com	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	Vendor Advisory
secure@intel.com	https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
secure@intel.com	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
secure@intel.com	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013	Patch, Third Party Advisory, Vendor Advisory
secure@intel.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
secure@intel.com	https://security.netapp.com/advisory/ntap-20180521-0001/	Third Party Advisory
secure@intel.com	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us	Third Party Advisory
secure@intel.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel	Third Party Advisory
secure@intel.com	https://usn.ubuntu.com/3756-1/
secure@intel.com	https://www.debian.org/security/2018/dsa-4273
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html	Vendor Advisory
secure@intel.com	https://www.kb.cert.org/vuls/id/180049	Third Party Advisory, US Government Resource
secure@intel.com	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
secure@intel.com	https://www.synology.com/support/security/Synology_SA_18_23	Third Party Advisory
secure@intel.com	https://www.us-cert.gov/ncas/alerts/TA18-141A	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://support.lenovo.com/us/en/solutions/LEN-22133	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104228	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040949	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042004
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
af854a3a-2127-422b-91ae-364da2661108	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013	Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180521-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3756-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4273
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/180049	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/support/security/Synology_SA_18_23	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ncas/alerts/TA18-141A	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
intel	atom_c	c2308
intel	atom_c	c3308
intel	atom_c	c3338
intel	atom_c	c3508
intel	atom_c	c3538
intel	atom_c	c3558
intel	atom_c	c3708
intel	atom_c	c3750
intel	atom_c	c3758
intel	atom_c	c3808
intel	atom_c	c3830
intel	atom_c	c3850
intel	atom_c	c3858
intel	atom_c	c3950
intel	atom_c	c3955
intel	atom_c	c3958
intel	atom_e	e3805
intel	atom_e	e3815
intel	atom_e	e3825
intel	atom_e	e3826
intel	atom_e	e3827
intel	atom_e	e3845
intel	atom_z	z2420
intel	atom_z	z2460
intel	atom_z	z2480
intel	atom_z	z2520
intel	atom_z	z2560
intel	atom_z	z2580
intel	atom_z	z2760
intel	atom_z	z3460
intel	atom_z	z3480
intel	atom_z	z3530
intel	atom_z	z3560
intel	atom_z	z3570
intel	atom_z	z3580
intel	atom_z	z3590
intel	atom_z	z3735d
intel	atom_z	z3735e
intel	atom_z	z3735f
intel	atom_z	z3735g
intel	atom_z	z3736f
intel	atom_z	z3736g
intel	atom_z	z3740
intel	atom_z	z3740d
intel	atom_z	z3745
intel	atom_z	z3745d
intel	atom_z	z3770
intel	atom_z	z3770d
intel	atom_z	z3775
intel	atom_z	z3775d
intel	atom_z	z3785
intel	atom_z	z3795
intel	celeron_j	j3455
intel	celeron_j	j4005
intel	celeron_j	j4105
intel	celeron_n	n3450
intel	core_i3	32nm
intel	core_i3	45nm
intel	core_i5	32nm
intel	core_i5	45nm
intel	core_i7	32nm
intel	core_i7	45nm
intel	core_m	32nm
intel	core_m	45nm
intel	pentium	n4000
intel	pentium	n4100
intel	pentium	n4200
intel	pentium_j	j4205
intel	pentium_silver	j5005
intel	pentium_silver	n5000
intel	xeon_e-1105c	-
intel	xeon_e3	125c_
intel	xeon_e3	1220_
intel	xeon_e3	1275_
intel	xeon_e3	1505m_v6
intel	xeon_e3	1515m_v5
intel	xeon_e3	1535m_v5
intel	xeon_e3	1535m_v6
intel	xeon_e3	1545m_v5
intel	xeon_e3	1558l_v5
intel	xeon_e3	1565l_v5
intel	xeon_e3	1575m_v5
intel	xeon_e3	1578l_v5
intel	xeon_e3	1585_v5
intel	xeon_e3	1585l_v5
intel	xeon_e3	3600
intel	xeon_e3	5600
intel	xeon_e3	7500
intel	xeon_e3	e5502
intel	xeon_e3	e5503
intel	xeon_e3	e5504
intel	xeon_e3	e5506
intel	xeon_e3	e5507
intel	xeon_e3	e5520
intel	xeon_e3	e5530
intel	xeon_e3	e5540
intel	xeon_e3	e6510
intel	xeon_e3	e6540
intel	xeon_e3	e6550
intel	xeon_e3	l3403
intel	xeon_e3	l3406
intel	xeon_e3	l3426
intel	xeon_e3	l5506
intel	xeon_e3	l5508_
intel	xeon_e3	l5518_
intel	xeon_e3	l5520
intel	xeon_e3	l5530
intel	xeon_e3	w5580
intel	xeon_e3	w5590
intel	xeon_e3	x3430
intel	xeon_e3	x3440
intel	xeon_e3	x3450
intel	xeon_e3	x3460
intel	xeon_e3	x3470
intel	xeon_e3	x3480
intel	xeon_e3	x5550
intel	xeon_e3	x5560
intel	xeon_e3	x5570
intel	xeon_e3_1105c_v2	-
intel	xeon_e3_1125c_v2	-
intel	xeon_e3_1220_v2	-
intel	xeon_e3_1220_v3	-
intel	xeon_e3_1220_v5	-
intel	xeon_e3_1220_v6	-
intel	xeon_e3_12201	-
intel	xeon_e3_12201_v2	-
intel	xeon_e3_1220l_v3	-
intel	xeon_e3_1225	-
intel	xeon_e3_1225_v2	-
intel	xeon_e3_1225_v3	-
intel	xeon_e3_1225_v5	-
intel	xeon_e3_1225_v6	-
intel	xeon_e3_1226_v3	-
intel	xeon_e3_1230	-
intel	xeon_e3_1230_v2	-
intel	xeon_e3_1230_v3	-
intel	xeon_e3_1230_v5	-
intel	xeon_e3_1230_v6	-
intel	xeon_e3_1230l_v3	-
intel	xeon_e3_1231_v3	-
intel	xeon_e3_1235	-
intel	xeon_e3_1235l_v5	-
intel	xeon_e3_1240	-
intel	xeon_e3_1240_v2	-
intel	xeon_e3_1240_v3	-
intel	xeon_e3_1240_v5	-
intel	xeon_e3_1240_v6	-
intel	xeon_e3_1240l_v3	-
intel	xeon_e3_1240l_v5	-
intel	xeon_e3_1241_v3	-
intel	xeon_e3_1245	-
intel	xeon_e3_1245_v2	-
intel	xeon_e3_1245_v3	-
intel	xeon_e3_1245_v5	-
intel	xeon_e3_1245_v6	-
intel	xeon_e3_1246_v3	-
intel	xeon_e3_1258l_v4	-
intel	xeon_e3_1260l	-
intel	xeon_e3_1260l_v5	-
intel	xeon_e3_1265l_v2	-
intel	xeon_e3_1265l_v3	-
intel	xeon_e3_1265l_v4	-
intel	xeon_e3_1268l_v3	-
intel	xeon_e3_1268l_v5	-
intel	xeon_e3_1270	-
intel	xeon_e3_1270_v2	-
intel	xeon_e3_1270_v3	-
intel	xeon_e3_1270_v5	-
intel	xeon_e3_1270_v6	-
intel	xeon_e3_1271_v3	-
intel	xeon_e3_1275_v2	-
intel	xeon_e3_1275_v3	-
intel	xeon_e3_1275_v5	-
intel	xeon_e3_1275_v6	-
intel	xeon_e3_1275l_v3	-
intel	xeon_e3_1276_v3	-
intel	xeon_e3_1278l_v4	-
intel	xeon_e3_1280	-
intel	xeon_e3_1280_v2	-
intel	xeon_e3_1280_v3	-
intel	xeon_e3_1280_v5	-
intel	xeon_e3_1280_v6	-
intel	xeon_e3_1281_v3	-
intel	xeon_e3_1285_v3	-
intel	xeon_e3_1285_v4	-
intel	xeon_e3_1285_v6	-
intel	xeon_e3_1285l_v3	-
intel	xeon_e3_1285l_v4	-
intel	xeon_e3_1286_v3	-
intel	xeon_e3_1286l_v3	-
intel	xeon_e3_1290	-
intel	xeon_e3_1290_v2	-
intel	xeon_e3_1501l_v6	-
intel	xeon_e3_1501m_v6	-
intel	xeon_e3_1505l_v5	-
intel	xeon_e3_1505l_v6	-
intel	xeon_e3_1505m_v5	-
intel	xeon_e5	2650l_v4
intel	xeon_e5	2658
intel	xeon_e5	2658_v2
intel	xeon_e5	2658_v3
intel	xeon_e5	2658_v4
intel	xeon_e5	2658a_v3
intel	xeon_e5	2660
intel	xeon_e5	2660_v2
intel	xeon_e5	2660_v3
intel	xeon_e5	2660_v4
intel	xeon_e5	2665
intel	xeon_e5	2667
intel	xeon_e5	2667_v2
intel	xeon_e5	2667_v3
intel	xeon_e5	2667_v4
intel	xeon_e5	2670
intel	xeon_e5	2670_v2
intel	xeon_e5	2670_v3
intel	xeon_e5	2680
intel	xeon_e5	2680_v2
intel	xeon_e5	2680_v3
intel	xeon_e5	2680_v4
intel	xeon_e5	2683_v3
intel	xeon_e5	2683_v4
intel	xeon_e5	2687w
intel	xeon_e5	2687w_v2
intel	xeon_e5	2687w_v3
intel	xeon_e5	2687w_v4
intel	xeon_e5	2690
intel	xeon_e5	2690_v2
intel	xeon_e5	2690_v3
intel	xeon_e5	2690_v4
intel	xeon_e5	2695_v2
intel	xeon_e5	2695_v3
intel	xeon_e5	2695_v4
intel	xeon_e5	2697_v2
intel	xeon_e5	2697_v3
intel	xeon_e5	2697_v4
intel	xeon_e5	2697a_v4
intel	xeon_e5	2698_v3
intel	xeon_e5	2698_v4
intel	xeon_e5	2699_v3
intel	xeon_e5	2699_v4
intel	xeon_e5	2699a_v4
intel	xeon_e5	2699r_v4
intel	xeon_e5	4603
intel	xeon_e5	4603_v2
intel	xeon_e5	4607
intel	xeon_e5	4607_v2
intel	xeon_e5	4610
intel	xeon_e5	4610_v2
intel	xeon_e5	4610_v3
intel	xeon_e5	4610_v4
intel	xeon_e5	4617
intel	xeon_e5	4620
intel	xeon_e5	4620_v2
intel	xeon_e5	4620_v3
intel	xeon_e5	4620_v4
intel	xeon_e5	4624l_v2
intel	xeon_e5	4627_v2
intel	xeon_e5	4627_v3
intel	xeon_e5	4627_v4
intel	xeon_e5	4628l_v4
intel	xeon_e5	4640
intel	xeon_e5	4640_v2
intel	xeon_e5	4640_v3
intel	xeon_e5	4640_v4
intel	xeon_e5	4648_v3
intel	xeon_e5	4650
intel	xeon_e5	4650_v2
intel	xeon_e5	4650_v3
intel	xeon_e5	4650_v4
intel	xeon_e5	4650l
intel	xeon_e5	4655_v3
intel	xeon_e5	4655_v4
intel	xeon_e5	4657l_v2
intel	xeon_e5	4660_v3
intel	xeon_e5	4660_v4
intel	xeon_e5	4667_v3
intel	xeon_e5	4667_v4
intel	xeon_e5	4669_v3
intel	xeon_e5	4669_v4
intel	xeon_e5_1428l	-
intel	xeon_e5_1428l_v2	-
intel	xeon_e5_1428l_v3	-
intel	xeon_e5_1620	-
intel	xeon_e5_1620_v2	-
intel	xeon_e5_1620_v3	-
intel	xeon_e5_1620_v4	-
intel	xeon_e5_1630_v3	-
intel	xeon_e5_1630_v4	-
intel	xeon_e5_1650	-
intel	xeon_e5_1650_v2	-
intel	xeon_e5_1650_v3	-
intel	xeon_e5_1650_v4	-
intel	xeon_e5_1660	-
intel	xeon_e5_1660_v2	-
intel	xeon_e5_1660_v3	-
intel	xeon_e5_1660_v4	-
intel	xeon_e5_1680_v3	-
intel	xeon_e5_1680_v4	-
intel	xeon_e5_2403	-
intel	xeon_e5_2403_v2	-
intel	xeon_e5_2407	-
intel	xeon_e5_2407_v2	-
intel	xeon_e5_2408l_v3	-
intel	xeon_e5_2418l	-
intel	xeon_e5_2418l_v2	-
intel	xeon_e5_2418l_v3	-
intel	xeon_e5_2420	-
intel	xeon_e5_2420_v2	-
intel	xeon_e5_2428l	-
intel	xeon_e5_2428l_v2	-
intel	xeon_e5_2428l_v3	-
intel	xeon_e5_2430	-
intel	xeon_e5_2430_v2	-
intel	xeon_e5_2430l	-
intel	xeon_e5_2430l_v2	-
intel	xeon_e5_2438l_v3	-
intel	xeon_e5_2440	-
intel	xeon_e5_2440_v2	-
intel	xeon_e5_2448l	-
intel	xeon_e5_2448l_v2	-
intel	xeon_e5_2450	-
intel	xeon_e5_2450_v2	-
intel	xeon_e5_2450l	-
intel	xeon_e5_2450l_v2	-
intel	xeon_e5_2470	-
intel	xeon_e5_2470_v2	-
intel	xeon_e5_2603	-
intel	xeon_e5_2603_v2	-
intel	xeon_e5_2603_v3	-
intel	xeon_e5_2603_v4	-
intel	xeon_e5_2608l_v3	-
intel	xeon_e5_2608l_v4	-
intel	xeon_e5_2609	-
intel	xeon_e5_2609_v2	-
intel	xeon_e5_2609_v3	-
intel	xeon_e5_2609_v4	-
intel	xeon_e5_2618l_v2	-
intel	xeon_e5_2618l_v3	-
intel	xeon_e5_2618l_v4	-
intel	xeon_e5_2620	-
intel	xeon_e5_2620_v2	-
intel	xeon_e5_2620_v3	-
intel	xeon_e5_2620_v4	-
intel	xeon_e5_2623_v3	-
intel	xeon_e5_2623_v4	-
intel	xeon_e5_2628l_v2	-
intel	xeon_e5_2628l_v3	-
intel	xeon_e5_2628l_v4	-
intel	xeon_e5_2630	-
intel	xeon_e5_2630_v2	-
intel	xeon_e5_2630_v3	-
intel	xeon_e5_2630_v4	-
intel	xeon_e5_2630l	-
intel	xeon_e5_2630l_v2	-
intel	xeon_e5_2630l_v3	-
intel	xeon_e5_2630l_v4	-
intel	xeon_e5_2637	-
intel	xeon_e5_2637_v2	-
intel	xeon_e5_2637_v3	-
intel	xeon_e5_2637_v4	-
intel	xeon_e5_2640	-
intel	xeon_e5_2640_v2	-
intel	xeon_e5_2640_v3	-
intel	xeon_e5_2640_v4	-
intel	xeon_e5_2643	-
intel	xeon_e5_2643_v2	-
intel	xeon_e5_2643_v3	-
intel	xeon_e5_2643_v4	-
intel	xeon_e5_2648l	-
intel	xeon_e5_2648l_v2	-
intel	xeon_e5_2648l_v3	-
intel	xeon_e5_2648l_v4	-
intel	xeon_e5_2650	-
intel	xeon_e5_2650_v2	-
intel	xeon_e5_2650_v3	-
intel	xeon_e5_2650_v4	-
intel	xeon_e5_2650l	-
intel	xeon_e5_2650l_v2	-
intel	xeon_e5_2650l_v3	-
intel	xeon_e7	2803
intel	xeon_e7	2820
intel	xeon_e7	2830
intel	xeon_e7	2850
intel	xeon_e7	2850_v2
intel	xeon_e7	2860
intel	xeon_e7	2870
intel	xeon_e7	2870_v2
intel	xeon_e7	2880_v2
intel	xeon_e7	2890_v2
intel	xeon_e7	4807
intel	xeon_e7	4809_v2
intel	xeon_e7	4809_v3
intel	xeon_e7	4809_v4
intel	xeon_e7	4820
intel	xeon_e7	4820_v2
intel	xeon_e7	4820_v3
intel	xeon_e7	4820_v4
intel	xeon_e7	4830
intel	xeon_e7	4830_v2
intel	xeon_e7	4830_v3
intel	xeon_e7	4830_v4
intel	xeon_e7	4850
intel	xeon_e7	4850_v2
intel	xeon_e7	4850_v3
intel	xeon_e7	4850_v4
intel	xeon_e7	4860
intel	xeon_e7	4860_v2
intel	xeon_e7	4870
intel	xeon_e7	4870_v2
intel	xeon_e7	4880_v2
intel	xeon_e7	4890_v2
intel	xeon_e7	8830
intel	xeon_e7	8837
intel	xeon_e7	8850
intel	xeon_e7	8850_v2
intel	xeon_e7	8857_v2
intel	xeon_e7	8860
intel	xeon_e7	8860_v3
intel	xeon_e7	8860_v4
intel	xeon_e7	8867_v3
intel	xeon_e7	8867_v4
intel	xeon_e7	8867l
intel	xeon_e7	8870
intel	xeon_e7	8870_v2
intel	xeon_e7	8870_v3
intel	xeon_e7	8870_v4
intel	xeon_e7	8880_v2
intel	xeon_e7	8880_v3
intel	xeon_e7	8880_v4
intel	xeon_e7	8880l_v2
intel	xeon_e7	8880l_v3
intel	xeon_e7	8890_v2
intel	xeon_e7	8890_v3
intel	xeon_e7	8890_v4
intel	xeon_e7	8891_v2
intel	xeon_e7	8891_v3
intel	xeon_e7	8891_v4
intel	xeon_e7	8893_v2
intel	xeon_e7	8893_v3
intel	xeon_e7	8893_v4
intel	xeon_e7	8894_v4
intel	xeon_gold	5115
intel	xeon_gold	85115
intel	xeon_gold	85118
intel	xeon_gold	85119t
intel	xeon_gold	85120
intel	xeon_gold	85120t
intel	xeon_gold	85122
intel	xeon_gold	86126
intel	xeon_gold	86126f
intel	xeon_gold	86126t
intel	xeon_gold	86128
intel	xeon_gold	86130
intel	xeon_gold	86130f
intel	xeon_gold	86130t
intel	xeon_gold	86132
intel	xeon_gold	86134
intel	xeon_gold	86134m
intel	xeon_gold	86136
intel	xeon_gold	86138
intel	xeon_gold	86138f
intel	xeon_gold	86138t
intel	xeon_gold	86140
intel	xeon_gold	86140m
intel	xeon_gold	86142
intel	xeon_gold	86142f
intel	xeon_gold	86142m
intel	xeon_gold	86144
intel	xeon_gold	86146
intel	xeon_gold	86148
intel	xeon_gold	86148f
intel	xeon_gold	86150
intel	xeon_gold	86152
intel	xeon_gold	86154
intel	xeon_platinum	8153
intel	xeon_platinum	8156
intel	xeon_platinum	8158
intel	xeon_platinum	8160
intel	xeon_platinum	8160f
intel	xeon_platinum	8160m
intel	xeon_platinum	8160t
intel	xeon_platinum	8164
intel	xeon_platinum	8168
intel	xeon_platinum	8170
intel	xeon_platinum	8170m
intel	xeon_platinum	8176
intel	xeon_platinum	8176f
intel	xeon_platinum	8176m
intel	xeon_platinum	8180
intel	xeon_silver	4108
intel	xeon_silver	4109t
intel	xeon_silver	4110
intel	xeon_silver	4112
intel	xeon_silver	4114
intel	xeon_silver	4114t
intel	xeon_silver	4116
intel	xeon_silver	4116t
arm	cortex-a	15
arm	cortex-a	57
arm	cortex-a	72

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD028C10-FD07-4206-A732-CCAC1B6D043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93010C0-33B3-438F-94F6-8DA7A9D7B451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A988A78-6B3D-4599-A85C-42B4A294D86D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
              "matchCriteriaId": "246AA1B0-B6C8-406B-817D-26113DC63858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EE5B42-FF05-447C-BACC-0E650E773E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F0E3C4-7E9B-435F-907E-4BF4F12AF314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D616C72-0863-478C-9E87-3963C83B87E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC333B0D-3A0E-4629-8016-68C060343874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655535C-FF64-4F9E-8168-253AABCC4F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD68F3F-7E38-40B9-A20B-B9BB45E8D042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EACEF19-83BC-4579-9274-BE367F914432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
              "matchCriteriaId": "24128A7F-2B0B-4923-BA9E-9F5093D29423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
              "matchCriteriaId": "0990DD71-9E83-499D-9DAF-A466CF896CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7FEDEF-9772-4FB1-9261-020487A795AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE7B0F72-DEDF-40C4-887C-83725C52C92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
              "matchCriteriaId": "9568C222-9816-4520-B01C-C1DC2A79002D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A1F23D-7226-4479-B51F-36376CC80B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
              "matchCriteriaId": "65AAC7A7-77CA-4C6C-BD96-92A253512F09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD16C07-0050-495A-8722-7AC46F5920F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
              "matchCriteriaId": "01423706-C82C-4457-9638-1A2380DE3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
              "matchCriteriaId": "A881E2D3-A668-465F-862B-F8C145BD5E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
              "matchCriteriaId": "6602DD69-E59A-417D-B19F-CA16B01E652C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED96AC16-12CC-43F6-ACC8-009A06CDD8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE9DC29-C192-4553-AF29-D39290976F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
              "matchCriteriaId": "F625E647-B47E-404C-9C5B-72F3EB1C46F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5878612-9825-4737-85A5-8227BA97CBA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
              "matchCriteriaId": "F453D348-28CE-402B-9D40-A29436A24ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
              "matchCriteriaId": "36322F4B-83D7-468A-BB34-1C03729E9BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A2A50E-94FA-44E9-A45D-3016750CFBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5625CAD8-4A62-4747-B6D9-90E56F09B731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DE1A01-3AEF-41E6-97EE-CB93429C4A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
              "matchCriteriaId": "410184AF-B932-4AC9-984F-73FD58BB4CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
              "matchCriteriaId": "B265F073-9E0A-4CA0-8296-AB52DEB1C323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F664223-1CBC-4D8A-921B-F03AACA6672B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
              "matchCriteriaId": "987A8470-08BA-45DE-8EC0-CD2B4451EECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBC9542-FB77-4769-BF67-D42829703920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
              "matchCriteriaId": "74FDC18B-4662-422E-A86A-48FE821C056F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
              "matchCriteriaId": "723E7155-493D-4B5A-99E2-AB261838190E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E37264-E4BA-4D9D-92E7-56DE6B5F918F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
              "matchCriteriaId": "8704BE6D-2857-4328-9298-E0273376F2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1289B9E-5725-42EF-8848-F545421A29E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "50287A9B-366F-41F2-BEBD-D4C64EF93035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB79F2F-5522-45D3-A1D1-DC2F5A016D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "9749C2B0-B919-4172-A2AD-04C99A479F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1F45A1-A17D-4895-8A71-00010C7E55D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "D46BF41F-C44C-4D87-862E-0D156A2298DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "5927D78A-EE05-4246-A141-4A8815AB228B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "579FC479-DEA0-415D-8E8F-18A81A85A471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEECAA34-57F4-4B01-857C-C8454E1EDCAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium:n4000:*:*:*:*:*:*:*",
              "matchCriteriaId": "967252A4-EC1F-4B31-97B8-8D25A3D82070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium:n4100:*:*:*:*:*:*:*",
              "matchCriteriaId": "3205757B-07DB-4115-B3E0-4DF9D0EA2061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium:n4200:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF8ABFA-BBFD-42F5-9769-00F8CD67F7FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AF1366-8A14-4741-8146-886C31D8D347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_silver:j5005:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEAA43A-4D97-4E13-82E1-895F3B368B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_silver:n5000:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB6BAE0B-103D-430E-BAE9-429881620DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2832E8BF-7AC7-444C-B297-66F770860571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:125c_:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9D0A534-1749-4ED3-8F18-BF826D84EB56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1220_:*:*:*:*:*:*:*",
              "matchCriteriaId": "B581515E-29CC-462F-BB10-4EA6DE2D6637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1275_:*:*:*:*:*:*:*",
              "matchCriteriaId": "036D395E-AFE8-4D61-91CC-E9B3CD8B6380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "44AA72FB-E78D-419E-AA82-B0538C6504D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C3BF3-D71A-49AD-8A05-EAC07CBCD949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90AF90D9-16C4-4F8A-9868-3E2823E3445C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C063C53-8970-45B1-85F8-FB2080BF4695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64596ED7-794A-4D23-987B-D9AD59D48EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDA48F0-0F35-4A8F-8117-B0B28E00AB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A561A8E8-79E2-4071-B57D-590C22EF86A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E46658-60AB-4758-9236-3AC0E6464383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "207B8FBA-E2FF-485A-9AD9-E604AE0FB903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F99640-C753-40BE-A0A1-4C2D92E7DB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:3600:*:*:*:*:*:*:*",
              "matchCriteriaId": "36609915-9E0D-4204-B544-4832E1195BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:5600:*:*:*:*:*:*:*",
              "matchCriteriaId": "3612AC78-4904-4830-85DF-38A38F617379",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:7500:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79CC0FA-3DA1-4812-8E73-B0FF0752E31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5502:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12F3759-48D2-4208-AD5B-3AC8B012D061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5503:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7C61D9B-2733-4A67-9D6A-2290123C0405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5504:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C3C383-6927-44AD-9488-8B916D5959ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FC1E41C-7A17-42B7-936D-09A236D9C4D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5507:*:*:*:*:*:*:*",
              "matchCriteriaId": "E814CB3E-4542-4E3E-91E8-D97EA17C0B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD43D7C-932B-463F-8EB2-3A115FBED4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CCD70F8-D81D-467B-8042-5D3B9AC513E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5540:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05C68D0-4771-4338-9761-6428195F0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e6510:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FC2878-389F-4687-8377-E192A1C519BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e6540:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B24CEBE-51B1-4EC5-8770-BFDB0625193A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e6550:*:*:*:*:*:*:*",
              "matchCriteriaId": "61BD85A8-39D9-4248-96FE-CAEF4BC7CD44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l3403:*:*:*:*:*:*:*",
              "matchCriteriaId": "8320D28B-B10D-47AE-9B65-51304F93F9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l3406:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AD843A-EBB1-42BE-A305-595C23881404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l3426:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D457B8B-50A6-411C-8528-96915B697C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "3934C421-BD11-4174-83F4-3E20176F03F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5508_:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EE1BA7-5356-4421-9CF2-48DA09EBAE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5518_:*:*:*:*:*:*:*",
              "matchCriteriaId": "92FE452A-EE8B-4ACE-96B1-B6BD81FAC9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "47195FE7-3692-42C4-B29E-679A6FE0E220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "C033BBFA-67F4-4F24-A042-FF996B327976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:w5580:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF7A770-3E90-4466-8595-8E523D82BC62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:w5590:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7922C0-AB84-4331-BE8F-71A0D95D4F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3430:*:*:*:*:*:*:*",
              "matchCriteriaId": "648CB034-89BF-48FF-A3BF-C84C08FE09E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3440:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7DC164-65FF-483A-AD69-3E23E449E52C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3DCB95-5139-44C6-8151-8CEFD37F9DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED5FEA46-49A2-4082-98D2-56E698A56909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3470:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B85D7F3-1FA5-4FE1-AAFF-CEE8DF822CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "80607FEB-8908-40F6-B702-FD56D849E2D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x5550:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F20575-82C0-466D-8FDD-AAC034247D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x5560:*:*:*:*:*:*:*",
              "matchCriteriaId": "648E21A8-6B5F-4C97-A71A-44B97DBB4FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x5570:*:*:*:*:*:*:*",
              "matchCriteriaId": "172EA906-A08F-4D2A-9814-937C07F77C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBA35BD-1048-4B6E-96B2-1CFF615EB49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "979FEE9F-A957-43B6-BB6D-1A851D6FA11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AF59D-D05E-47F9-B493-B5CD6781FDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF7EC93-0170-45A9-86C7-5460320B2AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A7B1C2-D2CE-485A-9376-27E14F3FA05A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F803AC-DCC7-43FC-BEB3-AA7984E0506C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "560993AA-299D-42B7-B77F-1BD0D2114CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C582B1C-1DAC-48FD-82DD-7334C10A2175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7862B0C-2C44-4110-A62A-083116129612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "048C5996-F719-4338-B148-0DD1C13E02FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9FF7FB-AB5A-4549-8C15-E69458C649E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEF6608-B650-4C77-9823-0AD57B3484F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE6A2D7-901C-45F9-B487-D674047D522E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADCB509-5B0E-4592-8B23-EC25A3F79D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB51691F-089F-4016-B25E-238074B06C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBAAC728-6A0F-4675-9677-AAF7DD5D38ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA37503-FD3D-4220-933C-234631D6EDEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72992831-2A76-456B-A80C-944BDD8591E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C2131-5566-4CC2-B6ED-38E3F6964500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BFDAA6-3DFC-4908-BC33-B05BAB462F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6266056-770A-4E2D-A4FC-F1475257648E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "929AA8F3-8BDF-4614-9806-6D4231735616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605D7552-8184-4B11-96FD-FE501A6C97DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3144BBDE-CC96-4408-AA02-ECC3BF902A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8BA77A-34E3-4B9E-822A-7B7A90D35790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7165B43-ED22-4714-8FA4-1E201D1BFA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CFB133-FAF0-431A-9765-8A9738D6D87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2975B0F2-DB7C-4257-985A-482ED2725883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70221E07-3C2E-4A82-8259-AD583EB5CDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "427DFD78-56CD-43C4-948E-F53AF9D669F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75AD7649-3FEA-4971-9886-6C9312B937A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4EE972C-6BAE-4342-BA01-1D685487F9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27CDFE3B-C064-49A9-BD43-3F7612257A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0EEC1-D695-41A5-8CD6-9E987A547CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF25B8-D474-4C6B-8E45-F57DDC7074E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF18FD1-6670-4C3C-8000-A079C69D575E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "921EB5A5-F911-4FCE-A6F1-C66818B34678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13878C13-1C7C-4B83-AF27-4998E8F659DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "023063E1-2DD7-487C-A8A7-939FAEE666A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255CE6-D7B7-4B48-993C-7100A1170BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40AC368-3A14-4EFF-A8D0-7EFB4C83045D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07E80D5-70A5-49C9-9044-D683C7ECCFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63668AF4-F29C-4424-8EC5-2F0A5950DD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C1C7CD-538D-4D7A-A81C-10DF5376A479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5922F749-2B23-44B8-8A46-F31BCAEAD279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C48BBAF-6B27-43D6-B86B-40CD8E7BA056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D75D0EEB-707C-4C86-A569-E91E9F00BA77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FB0E20-0243-40A1-8DEF-37150791222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CFF26D-8AD3-4179-9E4C-F06D7C858C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7541572C-229F-4963-B7F0-06EB3323E53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "479F7C77-D16F-4E40-9026-3EB8422E0401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DB08C8-0018-4A8E-A206-097BDDF83B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7193E85-30BE-42D5-A26B-3F88817F3574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "446E8515-45FC-4B8B-8D12-60643D64C07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBBDF6B2-D388-4639-87D8-064AA3F6B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AAB8B6-B614-4EAA-BA90-C5326CB5D07A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A371DF9-E224-404F-99C2-C2A4607E62D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F40E356-365D-44B7-8C38-A0C89DDD6D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3132029-89F8-4359-A0DC-A275785266A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02F5685-0636-48AB-B222-434CA1F3B336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED4693C-DECF-4434-90C0-56158F102E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB408A6B-0842-43DA-9180-B0A299FCBCE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6215EBAC-7C75-4647-9970-482120897F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B1BD2B6-1AF6-4AD4-94FA-94B453A21908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D1FD6E8-80EC-461F-9ED1-CE5912399E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96F585E-BDEF-45EE-B0AB-94FE23753AC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3279C067-3058-4D46-A739-05404FD0E9B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0855225-F501-486A-BD03-2A86FD252B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "214C7B0C-C438-4000-9F9B-6D83294243AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C91AA2E-4BB2-49C8-9364-4E363DF42CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA26781F-5A1C-4DA5-835E-D984D697F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EEA4222-F25D-4457-80AA-6D05CA918D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6777AC35-9D1F-4153-94AC-B25627D730E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F063F4-8994-4E46-BA7B-A12A112009BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6F2DE5-AF11-439A-8D37-30CB882ECD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E213DD86-5419-42C8-BF38-7795DDB3C582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A972291E-5231-439D-873B-2F87BCAF800A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C089CC54-3229-43D7-AA15-73CFA1A43EE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF268D83-C15D-4559-A46F-844E1D9264F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE97C0D-3EA1-4314-A74A-7845C7778FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34293F29-F327-4ADD-BF62-78F63F79BB96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
              "matchCriteriaId": "528C0A46-1CC4-4882-985A-0BB41525BC6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "643F3522-A452-4927-944D-532574EC4243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F40B78-4DBA-44EE-8420-086789EFF53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "423BFD8F-4B50-43DA-9979-75FD18FBC953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BAD4A68-0481-476F-BBBD-3D515331368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "838CEB7C-7C4C-416C-86CE-6E8DD47EF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7D021F-3C97-45B3-B1F7-0AC26959F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A31AEF3-448D-417B-9589-4BA0A06F2FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A1D96F-7FFD-413F-ABCE-4530C3D63040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B8343FE-1320-40AE-A37F-70EF1A4AC4B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD42BA5A-7DA0-409D-8685-E43CF9B61D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5FF80E9-CF28-4EF6-9CFE-4B500A434674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "647B77A4-2F49-4989-AF43-961D69037370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "805B1E33-F279-4303-9DF3-C81039A40C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7E0AAE-6539-4024-9055-BE0BAD702143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1A8828-0765-4799-AD6C-143F45FAAD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D34618-1CCA-405B-A49C-EB384A09C2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "575D6061-66BC-4862-BC84-ECD82D436E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B6EE64-1AD4-46B2-BA65-BB6282E56EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11650B45-0BDA-42BF-AEF3-83B48DD6A71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C92BA-827B-48AF-BBB3-FB60A9053C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB44CA7-DFE6-4B1A-9A63-97AE30017E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B305EFA-6226-412C-90EE-F0691F2DDDE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3874FA-63CB-4B5D-8B64-CE920320A4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0800ED17-50E4-43F3-B46C-591DFA818BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
              "matchCriteriaId": "A46B0405-F301-4209-8766-6E12EAFAD157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F99F9F1F-A967-4884-96CF-4488102DC0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9B37AD-4599-425B-B39F-E571F4975266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A5F1CF-A1E6-45F1-8B09-36566778DB57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "698C8A49-888B-4675-B3B0-25EDE2FD515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D98F97-8EF4-48B5-84BE-C3CC27031FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
              "matchCriteriaId": "B473D1FA-909B-492E-9C5B-94B0E20E1C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD5EA7E-322E-4CE6-89D4-7DB1055C9034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67836379-4E1A-45CD-9506-7D3F612E47C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1BBC61-8664-4452-93A7-DDB4D2E4C802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "044F0375-DF2F-4D9B-AD7E-473D34165E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0655CA-A88C-4632-9A18-560E3F63B2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6965851-3B29-4C21-9556-97FD731EAA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
              "matchCriteriaId": "52984FD2-44E0-4E91-B290-0376737EEF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF933366-7503-4F8D-B7AA-F6A16210EC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2DAF5D-5BB7-49C6-8426-8B547505B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EABB21D-D021-434B-B147-CAF687097A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
              "matchCriteriaId": "7609424D-95F1-4493-A20C-B1BA4EC6439D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "966DC636-C802-4D9F-8162-652AFB931203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A75794EB-A5AF-43F0-985F-D9E36F04C6D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C2CFF0-98FD-4A0D-8949-D554B2FE53D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F9217F-5028-4659-AA8E-F60548DE4D52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC769DC-CF2E-4A3C-A610-264F024E6279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2B1CBF-D155-49BC-81A4-4172F177A5C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "370B2B32-519E-4373-8A04-5C5025D688BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D9B562-C279-4A55-A347-F28FC4F9CD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8C2BA0-48A8-4107-8681-A7C34C553D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B009DE-A82F-4569-9B42-EC1EC4DA8A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "683B6E83-37FF-4F9B-915F-059EBB29DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E218718F-4BE6-48B0-A204-9DD4A932A654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0AB327-B60A-473C-9D36-97766EE62D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA249EE-4786-4E27-8787-5E8B88C2AEB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBD0529-1CF3-44E5-85B3-19A3323C9493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D664EE97-07EC-410F-94C3-AEAB2C6A627D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31DB981-03B1-4A84-8D87-CD407C3C149F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CBD155D-89D9-4677-A621-4D7613BE65C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02BD0D4-FFFD-4355-97D8-170362F10B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6635781A-2651-4EF2-A5AC-AEEEE63FDE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCE6930-760A-48C0-B964-1E3ED6A8517C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E52DE90-DF96-4CE7-B8D1-226BA50E4D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB40E7-9B91-4106-B303-2B70AF395BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB0D5CD-8AF3-409D-96A7-718641D4B90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E420B0B-0CD5-41C7-B25A-3DB856055F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0C295B-0D63-4BE7-830D-D927E00C301C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605C340D-2220-4669-B827-9009CB099E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8791879D-2908-4F57-8DB3-6D24100A9108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E823DC5B-98BE-4656-BFBF-3A7018F8F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E8D558-ADE0-4358-9C76-7BD77BF23AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7973B3D0-F244-4E26-88F5-A2D9BF2E4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F5CB567-4F86-4466-BE4D-BFF557ACAE0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A52611B-6583-4660-90D7-C9472728072B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80C6E89-B57C-47BB-8B95-50C03DFB3B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9AB685B-FEE1-41EF-A046-1B34619E12A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9F6724-967A-4AF0-9896-12BF6164B2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1116BF-12D7-47CC-98DB-18B200CF9C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBB28DE-726B-4AF0-88A5-35987E1E648B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1880E2B8-5E0E-4603-8D17-3ABA43D28179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAFBB92-1917-4238-832B-195FBE418271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91DFDF3F-9A3F-42B8-99A1-A3F76B198358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8778F972-BF34-482F-9FA7-71A77F6138E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F288BB0-FE7A-4900-B227-BE80E4F4AADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E16338-A094-4CA9-B77F-6FE42D3B422C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E07AB33-5351-487D-9602-495489C7C0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22115ED6-1707-4840-B0D1-AD36BC0C75A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C633BC-831F-4CB7-9D62-16693444B216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD501E1-E78F-44C6-8A13-C29337B07EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9085BA0B-B7E2-4908-90C0-B4183891C718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81971C2F-137A-4F11-8C93-3B99D4CD1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98E0BDAC-398E-406B-B2DB-AE049D6E98B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86AFDE6C-DE58-4C4D-882E-474EF6C3D934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "950C6BF9-AA47-4287-AC01-D183237490FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2355181D-D8EE-4F80-8280-13D5CBCF4779",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5209343F-66B0-4DC0-9111-E2E64CFF7409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "720109A6-B79E-48E1-9AE7-7708B154788E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FF0DBD-AE13-4232-80F7-F4C2E2CC9721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E944ED-8C02-46B8-BF95-0CE4C352753B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77AEA3D1-4846-46E2-9B80-20B19F00DC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1576978F-E93D-4A47-90B6-6A4E3A7DE558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D339FE5-001F-4005-88A5-CFFE37F9B63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDABA86-497E-497E-A5BA-46F913A4840A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD886F4C-DB6F-4DDD-9807-8BCBB625C226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C454B7-E5F4-4AAE-B577-FD71FA002C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BE2781-3A06-4D62-AC8B-68B721DA526B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA23772-2EB8-4BEE-8703-26D967EC4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72DC766A-B1F9-4B83-9F9B-CF603EE476BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA594740-43C5-4F42-BA5B-00CA8AE7BB60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "572B16E2-8118-43A0-9A80-5D96831D55FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB5C551-BADC-4A3A-93E5-2EBCA0704C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5383B7A3-1569-4FEB-B299-B87CE8C8A87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A05BBDE0-6C47-4489-9455-7DA7D230ECA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1789AA69-EA31-44D1-82E6-228E48E18586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A7D5FF-3B1F-4C64-BB81-7A349765520D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0498B3-393A-4C32-B338-E6014B956755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C451F752-6869-4AFA-BAE5-5C9A54427BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83710FD1-099B-436D-9640-061D515E10BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B71CE-6156-40E1-B068-A2B733E205E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DEEEE5-5055-4CE1-962C-C5F075F4CC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8718DDAB-3208-48CF-9BCE-54DA1257C16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1AA901-E822-4240-9D82-C9311E4F87B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDE3DF-8E79-4997-94EB-B517FFCAE55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A0DE13-EB0B-493B-BC84-3AEB3D454776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1727697B-1F59-4E29-B036-C32E9076C523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E69E827C-C0D0-46C7-913A-1C1E02CEAACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2528F3F9-34DC-41DA-8926-382CB3EF5560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E452C262-5A8D-4D97-BC7F-A4F5FF53A659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D57BF69-D750-4278-98AA-976B0D28E347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76ADAE30-6CAD-4F5B-B6F7-C18953144C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A25D792-E21D-43EE-8B9D-67DE066DE5DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C669783-C058-4B4F-BB9A-84B2C4682247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "159B088B-9A85-4CAA-854A-AA080E528F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE74A94-FE8F-4749-A35A-AB7D57E24913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "990AC341-0E67-4A81-87E9-EE3EFD9E847E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BC18B0-58F1-4477-9978-CA7383C197FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "474992FB-842D-4661-A565-44AF2CD78693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "476E1B79-5342-4895-96D7-E97DFC1F5334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD318D5-89A6-4E28-939C-C5B61396806B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32C7E89-32ED-4328-9313-FA7D3DDBDC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2792EED8-2CBD-478E-BC09-05FE830B3147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B1AF2F-6E48-4DBD-A60E-3088CA4C3771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E1691D-65B3-45E4-A544-8B29E38D569D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
              "matchCriteriaId": "E42F2703-B8AB-410E-AF7B-CD0BE777F061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
              "matchCriteriaId": "31244C94-00A3-499C-A91A-1BEF2FB0E6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
              "matchCriteriaId": "878FF6E8-8A6D-44CE-9DD1-2C912AB8A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5078A95B-2BD8-4A37-A356-F53D1A53CB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE67CD-DE53-4C4E-8245-35902AEFA6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F231D31-3AAD-4C5D-A225-D2DF94486718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5998DF5D-E785-45EC-B8D0-1F4EC4F96D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADFD013-0BFB-427C-98E6-F9E4774DCBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58620B10-FEA6-456D-B6B5-2745F5DBE82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4858A1F0-97F2-4258-AB98-027BF1EC5117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C961A8B-EAFD-4F66-9432-BCC0D154ECCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "052DE6CD-A1E7-4E81-B476-66EF451061C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "751B3AC8-D45E-46B6-83D5-311B693F3C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9588277A-0B97-4408-9CF7-11271CDAADD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "479FE854-85E5-4ED0-BFAF-2618C9053082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
              "matchCriteriaId": "E048B9BF-77C8-49F7-9F2D-9999F79BA264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD16D4D-E816-486D-96F4-5A2BF75B959F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "169C558E-1A83-47D5-A66B-035BD1DD56FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D683E509-3FB2-4175-BCAB-4EB1B5C04958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCFA915-5445-4732-9F8F-D7561BA4177F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A9FD98-C22D-48F6-87A1-60791C818A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F99F24-1783-4E6E-BE61-04C2E80356ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
              "matchCriteriaId": "85289E4C-C813-4677-867D-EE8E98F4A1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C8150F-BEFA-406D-9F0D-E7CB187E26AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E807F90-819F-4103-B1F7-4CE46971BD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD93203F-71B9-4F87-B5D8-FD273451C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E652C74-C48D-4F29-9E85-09325632443F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99158191-3013-4182-8A53-5DFCA1E2C60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7E39A3E-7EAE-47C9-930B-58A980B73FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDA54BA-C00D-4890-9B7F-328257607B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5EFB1E-334C-4B55-8E2E-6AE19B34774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8260DCA-2F0C-45F7-B35F-D489AF5639F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778F81B-6D05-4666-B1D4-53DB0EC16858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC6706A-61F7-4AA0-B2FF-0FFDF739A644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF1B16B-02F2-4ECA-938E-B5CDCFC67816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5501D8-1B0D-4F5A-AFD7-C63181D3281F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1751F0CE-A0D3-40E2-8EEC-D31141FE33A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FF9AFA7-BBE8-4229-94CB-5A9596728BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23A777F-68A4-4217-A75A-4D8A27E6451A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "392A4337-11F6-4980-A138-4FDBCAD0EBA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E9BB67-F1FF-4190-889F-78B965CCE934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "35607317-0928-4297-A33E-D44BEE1BBEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48323B1-7FEB-451F-A064-23E7CE7F6403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5763189-7980-4A72-92C9-1908FE9E15EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C53ACD49-DA21-4DDE-A0AA-FCCD59D29886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4326D350-EBC2-48E6-A2C6-0499F6826CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8594E6FE-B6DB-4343-B3DD-AEC19923DAF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BCADA00-E453-414D-9933-FCB43D21BBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62212D9-F707-4A8E-AB2A-A3985E7A4049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "561755A8-8AAD-4F41-8266-747EFDAF2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F4BB0F-DAF4-479B-B78A-7929C151AA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A207312E-1D35-4464-A111-22C4C793E146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B16E32-07D5-445B-BAA5-4E4A0881BFC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF08F6B-2ECB-414C-82D7-C06085BF8B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21032BE3-74D8-4C3F-B461-158F475B6853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9AC992-59B7-44EE-9FF3-567AC48938AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85115:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DB6A2ED-D433-4A8E-8044-02571D0BBD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85118:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F819519-61B6-4ED0-8A23-509D6B26ACE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85119t:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D81C40-4BD0-4D25-95B4-44BE2011F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85120:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C3A39E-29D3-4C02-89A6-D5B3475EF592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85120t:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70340A2-71DC-4D4D-BA2E-2B2E9ACDBE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85122:*:*:*:*:*:*:*",
              "matchCriteriaId": "586DB792-9FF6-4253-9DAE-F3ACA3F1C489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86126:*:*:*:*:*:*:*",
              "matchCriteriaId": "330576E9-3A92-4E22-BBC0-94A12ACE1032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86126f:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C644430-A075-40E1-8E35-15B97D8E9078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86126t:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC094AC-0A3A-43F3-823A-089235D04A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86128:*:*:*:*:*:*:*",
              "matchCriteriaId": "5835FB20-922D-4478-8E4B-A53CCEE46198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86130:*:*:*:*:*:*:*",
              "matchCriteriaId": "667A34BF-8699-477D-B30A-CEF0A36FC81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86130f:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE586938-ED60-40EA-8177-30267C7A3E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86130t:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF902C36-0708-4B93-9504-5EA7EEDD628F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86132:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0BC5EBB-2F1A-45C4-A8A7-122FBE4CBC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86134:*:*:*:*:*:*:*",
              "matchCriteriaId": "795F5800-8C06-426B-80AA-20F8E402ACAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86134m:*:*:*:*:*:*:*",
              "matchCriteriaId": "173E49AF-95A9-4DAE-8C74-13CFCA8F0726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86136:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE96391-4F25-4505-B757-D1F15ABD9FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86138:*:*:*:*:*:*:*",
              "matchCriteriaId": "D037E4BA-35B9-42CB-9DDE-BED3DF49B958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86138f:*:*:*:*:*:*:*",
              "matchCriteriaId": "43288516-FA4D-4D8F-9E69-EA27115EB43B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86138t:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EF19E9-FE9A-4ED7-8D9E-848F10C088B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86140:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB72D0E-0E34-4EF3-98FB-52BE4A135D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86140m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDE7F94-D938-40BA-A1F6-CE52D0B74ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86142:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0E39247-337C-49D1-BF1B-504F2DA4EBA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86142f:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45FA7CB-6523-4042-8832-193D87102F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86142m:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E350A6-9EC7-4E14-9790-040F154CE15D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86144:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D70B4E-6B85-459C-AACA-59AB5CCC0B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86146:*:*:*:*:*:*:*",
              "matchCriteriaId": "565EB5E9-3B86-4353-BFF6-3F5D27140B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86148:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32CBB5D-392A-4CD1-82D3-A97D822FADFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86148f:*:*:*:*:*:*:*",
              "matchCriteriaId": "383E08FE-EE7A-4E41-9AAD-786779D4B5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86150:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D50C6D5-3452-4214-B3FF-9F8009D75C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86152:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93954C6-9B01-4CEB-8925-5D3F415AFC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86154:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7D54E5-6EDE-44DE-AEA6-F7F76E3EC36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB2949C-4699-49EF-83EB-31199E0CE2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C169DC-EEFE-4DE6-A3D0-65B606527240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD28227A-8888-43B2-BC41-8D54B49DA58C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
              "matchCriteriaId": "7984BAEA-4518-4E17-830E-B34D09648BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2214E5-491E-448F-A4B6-A497FB44D722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE93013-C262-46A5-8E77-D647881EE632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B53CEC-943F-4966-8EC1-CB2C6AD6A15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAC04A3-EBE3-406B-B784-A3547162ECE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
              "matchCriteriaId": "15720FFE-B2A4-4347-BCD7-DFA6774C0B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F46B0E-C746-44B4-B343-E3DCAB4B98DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE30903-4F75-4D71-A8BB-44D1099E9837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
              "matchCriteriaId": "98311EAA-26C8-4092-8BE5-4E7BEAA68DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8CF348-811C-4342-ACB9-AFCABCC34331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
              "matchCriteriaId": "71998EC5-EC0F-496C-B658-3CD91D824944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F19B2A-E7A1-4B97-AC40-02B0D3673555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6387C9-C0A8-4B26-BC62-802775CD0AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFEB0164-77C2-4EC2-92FD-5FCE246119CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB20210-337C-4220-8CA1-F4B2BC54EBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
              "matchCriteriaId": "F699569F-4F52-4CC0-90D9-CC4CBC32428A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBAED22B-D097-49C4-ADDF-4B3F3E1262D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756B588-5A63-4508-8BDD-92DB8CB0F4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
              "matchCriteriaId": "316E26AE-67A5-4E75-8F9B-ECF4A03AED51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "001AB619-157E-40B4-B86C-5DB18245D62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D51E27-28A3-47A1-9C36-1A223858E352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
              "matchCriteriaId": "365DF3EF-E7D1-41FC-8382-D3B095542D59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
    },
    {
      "lang": "es",
      "value": "Los sistemas con microprocesadores que emplean la ejecuci\u00f3n especulativa y que realizan lecturas especulativas de registros del sistema podr\u00edan permitir la divulgaci\u00f3n no autorizada de par\u00e1metros del sistema a un atacante con acceso de usuario local mediante un an\u00e1lisis de canal lateral. Esto tambi\u00e9n se conoce como Rogue System Register Read (RSRE), Variant 3a."
    }
  ],
  "id": "CVE-2018-3640",
  "lastModified": "2024-11-21T04:05:49.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-22T12:29:00.327",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104228"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040949"
    },
    {
      "source": "secure@intel.com",
      "url": "http://www.securitytracker.com/id/1042004"
    },
    {
      "source": "secure@intel.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "source": "secure@intel.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "secure@intel.com",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
    },
    {
      "source": "secure@intel.com",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
    },
    {
      "source": "secure@intel.com",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
    },
    {
      "source": "secure@intel.com",
      "url": "https://usn.ubuntu.com/3756-1/"
    },
    {
      "source": "secure@intel.com",
      "url": "https://www.debian.org/security/2018/dsa-4273"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "source": "secure@intel.com",
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_23"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1042004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3756-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-3640

Vulnerability from fstec - Published: 11.09.2018

Title

Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного считывания системных регистров, позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость процессоров Intel и ARM связана с использованием спекулятивного считывания системных регистров. Эксплуатация уязвимости может позволить нарушителю раскрыть системные параметры с помощью специально сформированного приложения

Severity ?


                    
                      AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Vendor

ARM Limited, Intel Corp., Siemens AG

Software Name

ARM Cortex-A57, ARM Cortex-A72, Intel Xeon, Intel Pentium, Intel Atom, Intel Celeron, SIMATIC Field PG M5, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC547E, SIMATIC IPC547G, SIMATIC IPC627D, SIMATIC IPC647D, SIMATIC IPC677D, SIMATIC IPC827D, SIMATIC IPC847D, SIMATIC ITP1000, SIMATIC ET 200SP Open Controller, SIMATIC IPC427C, SIMATIC IPC477C, SINEMA Remote Connect, RUGGEDCOM APE, SIMATIC Field PG M4, SIMATIC IPC427D, SIMATIC IPC477D, SIMATIC IPC477E Pro, SIMATIC IPC627C, SIMATIC IPC647C, SIMATIC IPC677C, SIMATIC IPC827C, SIMATIC IPC847C, SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SIMOTION P320-4E, SIMOTION P320-4S, SINUMERIK 840D sl, SINUMERIK PCU 50.5, SINUMERIK Panels с интегрированной TCU, SINUMERIK TCU 30.3, SIMATIC HMI Basic Panels 2nd Generation, SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12" Panels, SIMATIC HMI Comfort PRO Panels, SIMATIC IPC3000 SMART V2, SIMATIC IPC347E, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 Software Controller, ARM Cortex-A15, SIMATIC ET 200AL, SIMATIC HMI Mobile Panels, SIMATIC WinAC RTX 2010 incl. F

Software Version

- (ARM Cortex-A57), - (ARM Cortex-A72), 3400 series (Intel Xeon), 3500 series (Intel Xeon), 3600 series (Intel Xeon), 5500 series (Intel Xeon), 5600 series (Intel Xeon), 6500 series (Intel Xeon), 7500 series (Intel Xeon), E3 Family (Intel Xeon), E3 v2 Family (Intel Xeon), E3 v3 Family (Intel Xeon), E3 v4 Family (Intel Xeon), E3 v5 Family (Intel Xeon), E3 v6 Family (Intel Xeon), E5 Family (Intel Xeon), E5 v2 Family (Intel Xeon), E5 v3 Family (Intel Xeon), E5 v4 Family (Intel Xeon), E5 v5 Family (Intel Xeon), E5 v6 Family (Intel Xeon), E7 Family (Intel Xeon), E7 v2 Family (Intel Xeon), E7 v3 Family (Intel Xeon), E7 v4 Family (Intel Xeon), Scalable Family (Intel Xeon), J4205 (Intel Pentium), J5005 (Intel Pentium), N4000 (Intel Pentium), N4100 (Intel Pentium), N4200 (Intel Pentium), N5000 (Intel Pentium), C3308 (Intel Atom), C3338 (Intel Atom), C3508 (Intel Atom), C3538 (Intel Atom), C3558 (Intel Atom), C3708 (Intel Atom), C3750 (Intel Atom), C3758 (Intel Atom), C3808 (Intel Atom), C3830 (Intel Atom), C3850 (Intel Atom), C3858 (Intel Atom), C3950 (Intel Atom), C3955 (Intel Atom), C3958 (Intel Atom), E Series (Intel Atom), A Series (Intel Atom), x5-E3930 (Intel Atom), x5-E3940 (Intel Atom), x7-E3950 (Intel Atom), T5500 (Intel Atom), T5700 (Intel Atom), Z Series (Intel Atom), J3355 (Intel Celeron), J3455 (Intel Celeron), J4005 (Intel Celeron), J4105 (Intel Celeron), N3450 (Intel Celeron), до 22.01.06 (SIMATIC Field PG M5), до 21.01.09 (SIMATIC IPC427E), до 21.01.09 (SIMATIC IPC477E), до R1.30.0 (SIMATIC IPC547E), до R1.23.0 (SIMATIC IPC547G), до 19.02.11 (SIMATIC IPC627D), до 19.01.14 (SIMATIC IPC647D), до 19.02.11 (SIMATIC IPC677D), до 19.02.11 (SIMATIC IPC827D), до 19.01.14 (SIMATIC IPC847D), до 23.01.04 (SIMATIC ITP1000), до 2.6 (SIMATIC ET 200SP Open Controller), - (SIMATIC IPC427C), - (SIMATIC IPC477C), - (SINEMA Remote Connect), - (RUGGEDCOM APE), до 18.01.09 (SIMATIC Field PG M4), до 17.0X.14 (SIMATIC IPC427D), до 17.0X.14 (SIMATIC IPC477D), до 21.01.09 (SIMATIC IPC477E Pro), до 15.02.15 (SIMATIC IPC627C), до 15.01.14 (SIMATIC IPC647C), до 15.02.15 (SIMATIC IPC677C), до 15.02.15 (SIMATIC IPC827C), до 15.01.14 (SIMATIC IPC847C), до 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP), до 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), до 17.0X.14 (SIMOTION P320-4E), до 17.0X.14 (SIMOTION P320-4S), - (SINUMERIK 840D sl), до 15.02.15 (SINUMERIK PCU 50.5), Выпущенные до 2016 включительно (SINUMERIK Panels с интегрированной TCU), - (SINUMERIK TCU 30.3), - (SIMATIC HMI Basic Panels 2nd Generation), - (SIMATIC HMI Comfort 15-22 Panels), - (SIMATIC HMI Comfort 4-12" Panels), - (SIMATIC HMI Comfort PRO Panels), до 1.5 (SIMATIC IPC3000 SMART V2), до 1.5 (SIMATIC IPC347E), до 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK), до 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK), до 2.6 (SIMATIC S7-1500 Software Controller), - (ARM Cortex-A15), до 2.6 (SIMATIC ET 200AL), - (SIMATIC HMI Mobile Panels), до SP3 (SIMATIC WinAC RTX 2010 incl. F)

Possible Mitigations

Обновление программного обеспечения: Для SIMATIC Field PG M4 до версии BIOS V18.01.09: https://support.industry.siemens.com/cs/de/en/view/109037537 Для SIMATIC Field PG M5 до версии BIOS V22.01.06: https://support.industry.siemens.com/cs/de/en/view/109738122 Для SIMATIC ET 200 SP Open Controller и SIMATIC ET 200 SP Open Controller (F) до V2.6^ https://support.industry.siemens.com/cs/ww/en/view/109759122 Для SIMATIC HMI Basic Panels 2nd Generation до V15.1: https://support.industry.siemens.com/cs/ww/en/view/109761203 Для SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12" Panels, SIMATIC HMI Comfort PRO Panels и SIMATIC HMI KTP Mobile Panels до V15 Upd 2: https://support.industry.siemens.com/cs/ww/en/view/109755826 Для SIMATIC IPC3000 SMART V2 и SIMATIC IPC347E до версии BIOS V1.5: https://support.industry.siemens.com/cs/ww/en/view/109759824 Для SIMATIC IPC427D, SIMATIC IPC477D, SIMOTION P320-4E и SIMOTION P320-4S до версии BIOS V17.0X.14: https://support.industry.siemens.com/cs/de/en/view/108608500 Для SIMATIC IPC427E, SIMATIC IPC477E и SIMATIC IPC477E Pro до версии BIOS V21.01.09: https://support.industry.siemens.com/cs/de/en/view/109742593 Для SIMATIC IPC547E до версии BIOS R1.30.0: https://support.industry.siemens.com/cs/us/en/view/109481624 Для SIMATIC IPC547G до версии BIOS R1.23.0: https://support.industry.siemens.com/cs/us/en/view/109750349 Для SIMATIC IPC627D, SIMATIC IPC677D и SIMATIC IPC827D до версии BIOS V19.02.11: https://support.industry.siemens.com/cs/ww/de/view/109474954 Для SIMATIC IPC627C, SIMATIC IPC677C и SIMATIC IPC827C до версии BIOS V15.02.15: https://support.industry.siemens.com/cs/ww/en/view/48792087 Для SIMATIC IPC647C и SIMATIC IPC847C до версии BIOS V15.01.14: https://support.industry.siemens.com/cs/ww/en/view/48792076 Для SIMATIC IPC647D и SIMATIC IPC847D до версии BIOS V19.01.14: https://support.industry.siemens.com/cs/ww/en/view/109037779 Для SIMATIC ITP1000 до версии BIOS V23.01.04: https://support.industry.siemens.com/cs/us/en/view/109748173 Для SIMATIC WinAC RTX (F) 2010 до SIMATIC WinAC RTX 2010 SP3: https://support.industry.siemens.com/cs/ww/en/view/109765109 Для SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK и SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP до версии BIOS V2.6: https://support.industry.siemens.com/cs/ww/en/view/109478459 Компенсирующие меры: Для RUGGEDCOM APE и RUGGEDCOM RX1400 VPE: Применение исправлений Debian по мере их появления Ограничение возможностей запуска ненадежного кода, если это возможно Применение концепции углубленной защиты https://www.siemens.com/industrialsecurity

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://nvd.nist.gov/vuln/detail/CVE-2018-3640

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ARM Limited, Intel Corp., Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (ARM Cortex-A57), - (ARM Cortex-A72), 3400 series (Intel Xeon), 3500 series (Intel Xeon), 3600 series (Intel Xeon), 5500 series (Intel Xeon), 5600 series (Intel Xeon), 6500 series (Intel Xeon), 7500 series (Intel Xeon), E3 Family (Intel Xeon), E3 v2 Family (Intel Xeon), E3 v3 Family (Intel Xeon), E3 v4 Family (Intel Xeon), E3 v5 Family (Intel Xeon), E3 v6 Family (Intel Xeon), E5 Family (Intel Xeon), E5 v2 Family (Intel Xeon), E5 v3 Family (Intel Xeon), E5 v4 Family (Intel Xeon), E5 v5 Family (Intel Xeon), E5 v6 Family (Intel Xeon), E7 Family (Intel Xeon), E7 v2 Family (Intel Xeon), E7 v3 Family (Intel Xeon), E7 v4 Family (Intel Xeon), Scalable Family (Intel Xeon), J4205 (Intel Pentium), J5005 (Intel Pentium), N4000 (Intel Pentium), N4100 (Intel Pentium), N4200 (Intel Pentium), N5000 (Intel Pentium), C3308 (Intel Atom), C3338 (Intel Atom), C3508 (Intel Atom), C3538 (Intel Atom), C3558 (Intel Atom), C3708 (Intel Atom), C3750 (Intel Atom), C3758 (Intel Atom), C3808 (Intel Atom), C3830 (Intel Atom), C3850 (Intel Atom), C3858 (Intel Atom), C3950 (Intel Atom), C3955 (Intel Atom), C3958 (Intel Atom), E Series (Intel Atom), A Series (Intel Atom), x5-E3930 (Intel Atom), x5-E3940 (Intel Atom), x7-E3950 (Intel Atom), T5500 (Intel Atom), T5700 (Intel Atom), Z Series (Intel Atom), J3355 (Intel Celeron), J3455 (Intel Celeron), J4005 (Intel Celeron), J4105 (Intel Celeron), N3450 (Intel Celeron), \u0434\u043e 22.01.06 (SIMATIC Field PG M5), \u0434\u043e 21.01.09 (SIMATIC IPC427E), \u0434\u043e 21.01.09 (SIMATIC IPC477E), \u0434\u043e R1.30.0 (SIMATIC IPC547E), \u0434\u043e R1.23.0 (SIMATIC IPC547G), \u0434\u043e 19.02.11 (SIMATIC IPC627D), \u0434\u043e 19.01.14 (SIMATIC IPC647D), \u0434\u043e 19.02.11 (SIMATIC IPC677D), \u0434\u043e 19.02.11 (SIMATIC IPC827D), \u0434\u043e 19.01.14 (SIMATIC IPC847D), \u0434\u043e 23.01.04 (SIMATIC ITP1000), \u0434\u043e 2.6 (SIMATIC ET 200SP Open Controller), - (SIMATIC IPC427C), - (SIMATIC IPC477C), - (SINEMA Remote Connect), - (RUGGEDCOM APE), \u0434\u043e 18.01.09 (SIMATIC Field PG M4), \u0434\u043e 17.0X.14 (SIMATIC IPC427D), \u0434\u043e 17.0X.14 (SIMATIC IPC477D), \u0434\u043e 21.01.09 (SIMATIC IPC477E Pro), \u0434\u043e 15.02.15 (SIMATIC IPC627C), \u0434\u043e 15.01.14 (SIMATIC IPC647C), \u0434\u043e 15.02.15 (SIMATIC IPC677C), \u0434\u043e 15.02.15 (SIMATIC IPC827C), \u0434\u043e 15.01.14 (SIMATIC IPC847C), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), \u0434\u043e 17.0X.14 (SIMOTION P320-4E), \u0434\u043e 17.0X.14 (SIMOTION P320-4S), - (SINUMERIK 840D sl), \u0434\u043e 15.02.15 (SINUMERIK PCU 50.5), \u0412\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0434\u043e 2016 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SINUMERIK Panels \u0441 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 TCU), - (SINUMERIK TCU 30.3), - (SIMATIC HMI Basic Panels 2nd Generation), - (SIMATIC HMI Comfort 15-22 Panels), - (SIMATIC HMI Comfort 4-12\" Panels), - (SIMATIC HMI Comfort PRO Panels), \u0434\u043e 1.5 (SIMATIC IPC3000 SMART V2), \u0434\u043e 1.5 (SIMATIC IPC347E), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK), \u0434\u043e 2.6 (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK), \u0434\u043e 2.6 (SIMATIC S7-1500 Software Controller), - (ARM Cortex-A15), \u0434\u043e 2.6 (SIMATIC ET 200AL), - (SIMATIC HMI Mobile Panels), \u0434\u043e SP3 (SIMATIC WinAC RTX 2010 incl. F)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\n\u0414\u043b\u044f SIMATIC Field PG M4 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V18.01.09:\nhttps://support.industry.siemens.com/cs/de/en/view/109037537\n\n\u0414\u043b\u044f SIMATIC Field PG M5 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V22.01.06:\nhttps://support.industry.siemens.com/cs/de/en/view/109738122\n\n\u0414\u043b\u044f SIMATIC ET 200 SP Open Controller \u0438 SIMATIC ET 200 SP Open Controller (F) \u0434\u043e V2.6^\nhttps://support.industry.siemens.com/cs/ww/en/view/109759122\n\n\u0414\u043b\u044f SIMATIC HMI Basic Panels 2nd Generation \u0434\u043e V15.1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109761203\n\n\u0414\u043b\u044f SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12\" Panels, SIMATIC HMI Comfort PRO Panels \u0438 SIMATIC HMI KTP Mobile Panels \u0434\u043e V15 Upd 2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109755826\n\n\u0414\u043b\u044f SIMATIC IPC3000 SMART V2 \u0438 SIMATIC IPC347E \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V1.5:\nhttps://support.industry.siemens.com/cs/ww/en/view/109759824\n\n\u0414\u043b\u044f SIMATIC IPC427D, SIMATIC IPC477D, SIMOTION P320-4E \u0438 SIMOTION P320-4S \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V17.0X.14:\nhttps://support.industry.siemens.com/cs/de/en/view/108608500\n\n\u0414\u043b\u044f SIMATIC IPC427E, SIMATIC IPC477E \u0438 SIMATIC IPC477E Pro \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V21.01.09:\nhttps://support.industry.siemens.com/cs/de/en/view/109742593\n\n\u0414\u043b\u044f SIMATIC IPC547E \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS R1.30.0:\nhttps://support.industry.siemens.com/cs/us/en/view/109481624\n\n\u0414\u043b\u044f SIMATIC IPC547G \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS R1.23.0:\nhttps://support.industry.siemens.com/cs/us/en/view/109750349\n\n\u0414\u043b\u044f SIMATIC IPC627D, SIMATIC IPC677D \u0438 SIMATIC IPC827D \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V19.02.11: https://support.industry.siemens.com/cs/ww/de/view/109474954\n\n\u0414\u043b\u044f SIMATIC IPC627C, SIMATIC IPC677C \u0438 SIMATIC IPC827C \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V15.02.15:\nhttps://support.industry.siemens.com/cs/ww/en/view/48792087\n\n\u0414\u043b\u044f SIMATIC IPC647C \u0438 SIMATIC IPC847C \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V15.01.14:\nhttps://support.industry.siemens.com/cs/ww/en/view/48792076\n\n\u0414\u043b\u044f SIMATIC IPC647D \u0438 SIMATIC IPC847D \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V19.01.14:\nhttps://support.industry.siemens.com/cs/ww/en/view/109037779\n\n\u0414\u043b\u044f SIMATIC ITP1000 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V23.01.04:\nhttps://support.industry.siemens.com/cs/us/en/view/109748173\n\n\u0414\u043b\u044f SIMATIC WinAC RTX (F) 2010 \u0434\u043e SIMATIC WinAC RTX 2010 SP3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109765109\n\n\u0414\u043b\u044f SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK \u0438 SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 BIOS V2.6:\nhttps://support.industry.siemens.com/cs/ww/en/view/109478459\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\n\u0414\u043b\u044f RUGGEDCOM APE \u0438 RUGGEDCOM RX1400 VPE:\n\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 Debian \u043f\u043e \u043c\u0435\u0440\u0435 \u0438\u0445 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\n\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438 \u0443\u0433\u043b\u0443\u0431\u043b\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b\nhttps://www.siemens.com/industrialsecurity",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.09.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.03.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01065",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-3640",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ARM Cortex-A57, ARM Cortex-A72, Intel Xeon, Intel Pentium, Intel Atom, Intel Celeron, SIMATIC Field PG M5, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC547E, SIMATIC IPC547G, SIMATIC IPC627D, SIMATIC IPC647D, SIMATIC IPC677D, SIMATIC IPC827D, SIMATIC IPC847D, SIMATIC ITP1000, SIMATIC ET 200SP Open Controller, SIMATIC IPC427C, SIMATIC IPC477C, SINEMA Remote Connect, RUGGEDCOM APE, SIMATIC Field PG M4, SIMATIC IPC427D, SIMATIC IPC477D, SIMATIC IPC477E Pro, SIMATIC IPC627C, SIMATIC IPC647C, SIMATIC IPC677C, SIMATIC IPC827C, SIMATIC IPC847C, SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SIMOTION P320-4E, SIMOTION P320-4S, SINUMERIK 840D sl, SINUMERIK PCU 50.5, SINUMERIK Panels \u0441 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 TCU, SINUMERIK TCU 30.3, SIMATIC HMI Basic Panels 2nd Generation, SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12\" Panels, SIMATIC HMI Comfort PRO Panels, SIMATIC IPC3000 SMART V2, SIMATIC IPC347E, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 Software Controller, ARM Cortex-A15, SIMATIC ET 200AL, SIMATIC HMI Mobile Panels, SIMATIC WinAC RTX 2010 incl. F",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0438 ARM, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0438 ARM \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u043a\u0443\u043b\u044f\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u041a\u043b\u0430\u0441\u0441 \u0430\u0442\u0430\u043a, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Spectre V3a.\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 SIMATIC HMI Basic Panels 2nd Generation, SIMATIC HMI Comfort 15-22 Panels, SIMATIC HMI Comfort 4-12\" Panels, SIMATIC HMI Comfort PRO Panels, SIMATIC HMI KTP Mobile Panels \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 SIMATIC WinCC 14 \u0438 WinCC \u043e\u0442 15 \u0434\u043e 15 Upd 2",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf\n\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3640",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

CERTFR-2018-AVI-524

Vulnerability from certfr_avis - Published: 2018-10-31 - Updated: 2018-10-31

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 12.0.1
Apple	macOS	macOS Sierra versions antérieures à 10.12.6
Apple	N/A	iOS versions antérieures à 12.1
Apple	N/A	watchOS versions antérieures à 5.1
Apple	macOS	macOS High Sierra versions antérieures à 10.13.6
Apple	N/A	tvOS versions antérieures à 12.1
Apple	N/A	iCloud for Windows versions antérieures à 7.8
Apple	macOS	macOS Mojave versions antérieures à 10.14
Apple	N/A	iTunes versions antérieures à 12.9.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT209192 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209193 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209195 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209196 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209197 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209194 du 30 octobre 2018	None	vendor-advisory
Bulletin de sécurité Apple HT209198 du 30 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 12.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud for Windows versions ant\u00e9rieures \u00e0 7.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions ant\u00e9rieures \u00e0 10.14",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4310"
    },
    {
      "name": "CVE-2017-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
    },
    {
      "name": "CVE-2018-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4391"
    },
    {
      "name": "CVE-2018-8777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
    },
    {
      "name": "CVE-2018-4368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4368"
    },
    {
      "name": "CVE-2018-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4395"
    },
    {
      "name": "CVE-2018-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4425"
    },
    {
      "name": "CVE-2018-4259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4259"
    },
    {
      "name": "CVE-2018-4400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4400"
    },
    {
      "name": "CVE-2018-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4415"
    },
    {
      "name": "CVE-2018-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4427"
    },
    {
      "name": "CVE-2018-4369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4369"
    },
    {
      "name": "CVE-2018-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4396"
    },
    {
      "name": "CVE-2018-4291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4291"
    },
    {
      "name": "CVE-2017-12618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12618"
    },
    {
      "name": "CVE-2018-4374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4374"
    },
    {
      "name": "CVE-2017-10784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
    },
    {
      "name": "CVE-2018-4350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4350"
    },
    {
      "name": "CVE-2018-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4386"
    },
    {
      "name": "CVE-2018-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4417"
    },
    {
      "name": "CVE-2018-4331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4331"
    },
    {
      "name": "CVE-2018-4398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4398"
    },
    {
      "name": "CVE-2018-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4412"
    },
    {
      "name": "CVE-2018-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4420"
    },
    {
      "name": "CVE-2017-14064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
    },
    {
      "name": "CVE-2018-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4392"
    },
    {
      "name": "CVE-2018-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4409"
    },
    {
      "name": "CVE-2018-8778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
    },
    {
      "name": "CVE-2018-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4419"
    },
    {
      "name": "CVE-2018-4371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4371"
    },
    {
      "name": "CVE-2018-4348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4348"
    },
    {
      "name": "CVE-2018-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4382"
    },
    {
      "name": "CVE-2018-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4424"
    },
    {
      "name": "CVE-2017-12613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
    },
    {
      "name": "CVE-2018-4288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4288"
    },
    {
      "name": "CVE-2018-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4203"
    },
    {
      "name": "CVE-2017-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
    },
    {
      "name": "CVE-2018-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
    },
    {
      "name": "CVE-2018-4402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4402"
    },
    {
      "name": "CVE-2018-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4377"
    },
    {
      "name": "CVE-2018-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4378"
    },
    {
      "name": "CVE-2018-4341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4341"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4426"
    },
    {
      "name": "CVE-2018-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4367"
    },
    {
      "name": "CVE-2018-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4399"
    },
    {
      "name": "CVE-2018-4342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4342"
    },
    {
      "name": "CVE-2018-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4389"
    },
    {
      "name": "CVE-2018-4403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4403"
    },
    {
      "name": "CVE-2018-4411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4411"
    },
    {
      "name": "CVE-2018-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4408"
    },
    {
      "name": "CVE-2018-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4375"
    },
    {
      "name": "CVE-2018-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4418"
    },
    {
      "name": "CVE-2018-4340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4340"
    },
    {
      "name": "CVE-2018-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4394"
    },
    {
      "name": "CVE-2018-4365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4365"
    },
    {
      "name": "CVE-2018-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6797"
    },
    {
      "name": "CVE-2018-4308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4308"
    },
    {
      "name": "CVE-2018-4126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4126"
    },
    {
      "name": "CVE-2018-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4376"
    },
    {
      "name": "CVE-2017-17742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
    },
    {
      "name": "CVE-2018-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4286"
    },
    {
      "name": "CVE-2018-4334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4334"
    },
    {
      "name": "CVE-2018-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4304"
    },
    {
      "name": "CVE-2018-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4393"
    },
    {
      "name": "CVE-2018-4354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4354"
    },
    {
      "name": "CVE-2018-4406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4406"
    },
    {
      "name": "CVE-2018-4372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4372"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-4287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4287"
    },
    {
      "name": "CVE-2018-8780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
    },
    {
      "name": "CVE-2018-6914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
    },
    {
      "name": "CVE-2018-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4423"
    },
    {
      "name": "CVE-2018-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4385"
    },
    {
      "name": "CVE-2018-4153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4153"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    },
    {
      "name": "CVE-2018-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4388"
    },
    {
      "name": "CVE-2018-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4373"
    },
    {
      "name": "CVE-2018-4295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4295"
    },
    {
      "name": "CVE-2018-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4416"
    },
    {
      "name": "CVE-2018-4366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4366"
    },
    {
      "name": "CVE-2018-4401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4401"
    },
    {
      "name": "CVE-2018-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4410"
    },
    {
      "name": "CVE-2018-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4242"
    },
    {
      "name": "CVE-2018-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4384"
    },
    {
      "name": "CVE-2018-4422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4422"
    },
    {
      "name": "CVE-2018-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4413"
    },
    {
      "name": "CVE-2018-4407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4407"
    },
    {
      "name": "CVE-2018-4346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4346"
    },
    {
      "name": "CVE-2017-17405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
    },
    {
      "name": "CVE-2018-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4387"
    },
    {
      "name": "CVE-2018-4326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4326"
    },
    {
      "name": "CVE-2018-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4390"
    }
  ],
  "initial_release_date": "2018-10-31T00:00:00",
  "last_revision_date": "2018-10-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-524",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209192 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209192"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209193 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209193"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209195 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209195"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209196 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209197 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209197"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209194 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209194"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT209198 du 30 octobre 2018",
      "url": "https://support.apple.com/en-us/HT209198"
    }
  ]
}

CERTFR-2019-AVI-036

Vulnerability from certfr_avis - Published: 2019-01-30 - Updated: 2019-01-30

De multiples vulnérabilités ont été découvertes dans IBM QRadar. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar	IBM QRadar SIEM versions 7.3.x antérieures à 7.3.1 Patch 6
IBM	QRadar	IBM Security QRadar Packet Capture versions 7.2.x antérieures à 7.2.8 Patch 4
IBM	QRadar	IBM QRadar Network Packet Capture versions 7.3.x antérieures à 7.3.1 Patch 1
IBM	QRadar	IBM QRadar Network Packet Capture versions 7.2.x antérieures à 7.2.8 Patch 1
IBM	QRadar	IBM Security QRadar Packet Capture versions 7.3.x antérieures à 7.3.1 Patch 1
IBM	QRadar	IBM QRadar SIEM versions 7.2.x antérieures à 7.2.8 Patch 14

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 0796076 du 23 janvier 2019	None	vendor-advisory
Bulletin de sécurité IBM 0796130 du 23 janvier 2019	None	vendor-advisory
Bulletin de sécurité IBM 0796134 du 23 janvier 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.1 Patch 6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security QRadar Packet Capture versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 4",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.1 Patch 1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Packet Capture versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security QRadar Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.1 Patch 1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 14",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    }
  ],
  "initial_release_date": "2019-01-30T00:00:00",
  "last_revision_date": "2019-01-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 0796076 du 23 janvier 2019",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10796076\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 0796130 du 23 janvier 2019",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10796130\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 0796134 du 23 janvier 2019",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10796134\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
    }
  ]
}

CERTFR-2019-AVI-489

Vulnerability from certfr_avis - Published: 2019-10-08 - Updated: 2019-10-08

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC PROFINET Driver versions antérieures à V2.1
Siemens	N/A	SINAMICS G120 V4.7 (PN Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SIMATIC CFU PA versions antérieures à V1.2.0
Siemens	N/A	SINAMICS S120 V4.7 (Control Unit et CBE20) versions antérieures à V4.7 HF34 ou V5.2 HF2
Siemens	N/A	SINAMICS GH150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9
Siemens	N/A	SIMATIC ET 200SP IM 155-6 PN/2 HF versions antérieures à V4.2.2
Siemens	N/A	SINAMICS G120 V4.7 (Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SIMATIC ET 200SP IM 155-6 PN/3 HF versions antérieures à V4.2.1
Siemens	N/A	SCALANCE X-200IRT versions antérieures à V5.4.2
Siemens	N/A	SINAMICS G130 V4.7 (Control Unit) versions antérieures à V4.7 HF29 ou V5.2 HF2
Siemens	N/A	Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller versions antérieures à V4.1.1 Patch 05
Siemens	N/A	Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P versions antérieures à V4.5.0
Siemens	N/A	SINAMICS GL150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9
Siemens	N/A	CP1616 versions antérieures à V2.8
Siemens	N/A	SINAMICS G110M V4.7 (Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SIMATIC ET 200MP IM 155-5 PN BA versions antérieures à V4.2.3
Siemens	N/A	SINAMICS G110M V4.7 (PN Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SINAMICS DCM versions antérieures à V1.5 HF1
Siemens	N/A	SINAMICS GM150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9
Siemens	N/A	SIMATIC IT UADM versions antérieures à V1.3
Siemens	N/A	Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 versions antérieures à V4.5.0 Patch 01
Siemens	N/A	SIMATIC S7-400H V6 versions antérieures à V6.0.9
Siemens	N/A	SIMATIC WinAC RTX (F) 2010 versions antérieures à SIMATIC WinAC RTX 2010 SP3 avec les mises à jour BIOS et Windows
Siemens	N/A	SIMATIC ET 200SP IM 155-6 PN HF versions antérieures à V4.2.2
Siemens	N/A	CP1604 versions antérieures à V2.8
Siemens	N/A	SINUMERIK 828D versions antérieures à V4.8 SP5

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-608355 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-349422 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-878278 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-473245 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-984700 du 08 octobre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC PROFINET Driver versions ant\u00e9rieures \u00e0 V2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G120 V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CFU PA versions ant\u00e9rieures \u00e0 V1.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS S120 V4.7 (Control Unit et CBE20) versions ant\u00e9rieures \u00e0 V4.7 HF34 ou V5.2 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS GH150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP IM 155-6 PN/2 HF versions ant\u00e9rieures \u00e0 V4.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G120 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP IM 155-6 PN/3 HF versions ant\u00e9rieures \u00e0 V4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT versions ant\u00e9rieures \u00e0 V5.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G130 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 HF29 ou V5.2 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller versions ant\u00e9rieures \u00e0 V4.1.1 Patch 05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS GL150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP1616 versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G110M V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200MP IM 155-5 PN BA versions ant\u00e9rieures \u00e0 V4.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G110M V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS DCM versions ant\u00e9rieures \u00e0 V1.5 HF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS GM150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IT UADM versions ant\u00e9rieures \u00e0 V1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5.0 Patch 01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400H V6 versions ant\u00e9rieures \u00e0 V6.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinAC RTX (F) 2010 versions ant\u00e9rieures \u00e0 SIMATIC WinAC RTX 2010 SP3 avec les mises \u00e0 jour BIOS et Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP IM 155-6 PN HF versions ant\u00e9rieures \u00e0 V4.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP1604 versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 828D versions ant\u00e9rieures \u00e0 V4.8 SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-10936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10936"
    },
    {
      "name": "CVE-2017-5754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-10923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2019-13929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13929"
    },
    {
      "name": "CVE-2019-13921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13921"
    },
    {
      "name": "CVE-2017-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    },
    {
      "name": "CVE-2018-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3615"
    }
  ],
  "initial_release_date": "2019-10-08T00:00:00",
  "last_revision_date": "2019-10-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-489",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-608355 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-878278 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-473245 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-984700 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
    }
  ]
}

CERTFR-2018-AVI-429

Vulnerability from certfr_avis - Published: 2018-09-11 - Updated: 2018-09-11

De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	RUDGECOM, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SIMATIC WinCC OA versions 3.14 et antérieures
Siemens	N/A	SCALANCE X408 toutes versions antérieures à 4.0.0
Siemens	N/A	SINUMERIK, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SCALANCE X300 toutes versions antérieures à 4.0.0
Siemens	N/A	SIMATIC, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SINEMA, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SCALANCE X414 toutes versions
Siemens	N/A	SIEMENS TD Keypad Designer toutes versions
Siemens	N/A	SIMOTION, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-268644 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Siemens SSA-447396 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Siemens SSA-346256 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Siemens SSA-198330 du 11 septembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "RUDGECOM, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions 3.14 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X408 toutes versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X300 toutes versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X414 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIEMENS TD Keypad Designer toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-13806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13806"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-13807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13807"
    },
    {
      "name": "CVE-2018-13799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13799"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    }
  ],
  "initial_release_date": "2018-09-11T00:00:00",
  "last_revision_date": "2018-09-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-429",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-268644 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-447396 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-346256 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-198330 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf"
    }
  ]
}

GHSA-WM4V-X65G-M25R

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20

Details

Severity ?

5.6 (Medium)


                  
                    CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-3640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-22T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
  "id": "GHSA-wm4v-x65g-m25r",
  "modified": "2022-05-13T01:20:14Z",
  "published": "2022-05-13T01:20:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3640"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/support/security/Synology_SA_18_23"
    },
    {
      "type": "WEB",
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4273"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3756-1"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180521-0001"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "type": "WEB",
      "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104228"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040949"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-13356

Vulnerability from cnvd - Published: 2018-07-18

Title

多款CPU Hardwares信息泄露漏洞

Description

CPU hardware是运行在中央处理器中用于管理和控制CPU的固件。多款CPU Hardwares存在信息泄露漏洞。该漏洞产生的原因是CPU高速缓存处理存在竞争条件。本地攻击者可以利用漏洞通过侧信道分析获取敏感信息。

Severity

中

Patch Name

多款CPU Hardwares信息泄露漏洞的补丁

Patch Description

CPU hardware是运行在中央处理器中用于管理和控制CPU的固件。多款CPU Hardwares存在信息泄露漏洞。该漏洞产生的原因是CPU高速缓存处理存在竞争条件。本地攻击者可以利用漏洞通过侧信道分析获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

Reference

https://securitytracker.com/id/1040949

Impacted products

Name
['ARM Cortex A57', 'Intel 5th generation Core Processors 无', 'ARM Cortex A72', 'Intel 6th generation Core processors 0', 'Intel 5th generation Core processors 0', 'Intel 4th generation Core processors 0', 'Intel 3rd generation Core processors 0', 'Intel 2nd generation Core processors 0', 'Intel 8th generation Core processors 0', 'Intel 7th generation Core processors 0', 'Intel Atom Processor A Series 0', 'Intel Atom Processor C Series 0', 'Intel Atom Processor E Series 0', 'Intel Atom Processor T Series 0', 'Intel Atom Processor X Series 0', 'Intel Atom Processor Z Series 0', 'Intel Core X-series Processor Family for Intel X99 platforms 0', 'Intel Celeron Processor J Series 0', 'Intel Celeron Processor N Series 0', 'Intel Core M processor family 0', 'Intel Core X-series Processor Family for Intel X299 platforms 0', 'Intel Pentium Processor N Series 0', 'Intel Pentium Processor Silver Series 0', 'Intel Xeon processor 3400 series 0', 'Intel Xeon processor 3600 series 0', 'Intel Xeon processor 5500 series 0', 'Intel Xeon processor 5600 series 0', 'Intel Xeon processor 7500 series 0', 'Intel Xeon processor 6500 series 0', 'Intel Pentium Processor J Series 0', 'Intel Xeon Processor E3 Family 0', 'Intel Xeon Processor E3 v2 Family 0', 'Intel Xeon Processor E3 v3 Family 0', 'Intel Xeon Processor E3 v4 Family 0', 'Intel Xeon Processor E3 v5 Family 0', 'Intel Xeon Processor E3 v6 Family 0', 'Intel Xeon Processor E5 Family 0', 'Intel Xeon Processor E5 v2 Family 0', 'Intel Xeon Processor E5 v3 Family 0', 'Intel Xeon Processor E5 v4 Family 0', 'Intel Xeon Processor E7 Family 0', 'Intel Xeon Processor E7 v2 Family 0', 'Intel Xeon Processor E7 v3 Family 0', 'Intel Xeon Processor E7 v4 Family 0']

Name

['ARM Cortex A57', 'Intel 5th generation Core Processors 无', 'ARM Cortex A72', 'Intel 6th generation Core processors 0', 'Intel 5th generation Core processors 0', 'Intel 4th generation Core processors 0', 'Intel 3rd generation Core processors 0', 'Intel 2nd generation Core processors 0', 'Intel 8th generation Core processors 0', 'Intel 7th generation Core processors 0', 'Intel Atom Processor A Series 0', 'Intel Atom Processor C Series 0', 'Intel Atom Processor E Series 0', 'Intel Atom Processor T Series 0', 'Intel Atom Processor X Series 0', 'Intel Atom Processor Z Series 0', 'Intel Core X-series Processor Family for Intel X99 platforms 0', 'Intel Celeron Processor J Series 0', 'Intel Celeron Processor N Series 0', 'Intel Core M processor family 0', 'Intel Core X-series Processor Family for Intel X299 platforms 0', 'Intel Pentium Processor N Series 0', 'Intel Pentium Processor Silver Series 0', 'Intel Xeon processor 3400 series 0', 'Intel Xeon processor 3600 series 0', 'Intel Xeon processor 5500 series 0', 'Intel Xeon processor 5600 series 0', 'Intel Xeon processor 7500 series 0', 'Intel Xeon processor 6500 series 0', 'Intel Pentium Processor J Series 0', 'Intel Xeon Processor E3 Family 0', 'Intel Xeon Processor E3 v2 Family 0', 'Intel Xeon Processor E3 v3 Family 0', 'Intel Xeon Processor E3 v4 Family 0', 'Intel Xeon Processor E3 v5 Family 0', 'Intel Xeon Processor E3 v6 Family 0', 'Intel Xeon Processor E5 Family 0', 'Intel Xeon Processor E5 v2 Family 0', 'Intel Xeon Processor E5 v3 Family 0', 'Intel Xeon Processor E5 v4 Family 0', 'Intel Xeon Processor E7 Family 0', 'Intel Xeon Processor E7 v2 Family 0', 'Intel Xeon Processor E7 v3 Family 0', 'Intel Xeon Processor E7 v4 Family 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104228"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3640"
    }
  },
  "description": "CPU hardware\u662f\u8fd0\u884c\u5728\u4e2d\u592e\u5904\u7406\u5668\u4e2d\u7528\u4e8e\u7ba1\u7406\u548c\u63a7\u5236CPU\u7684\u56fa\u4ef6\u3002\r\n\r\n\u591a\u6b3eCPU Hardwares\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fCPU\u9ad8\u901f\u7f13\u5b58\u5904\u7406\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u4fa7\u4fe1\u9053\u5206\u6790\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Jann Horn (Google Project Zero), Werner Haas, Thomas Prescher (Cyberus Technology), Zdenek Sojka, Innokentiy Sennovskiy from BiZone LLC, Rudolf Marek and Alex Zuepke from SYSGO AG",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13356",
  "openTime": "2018-07-18",
  "patchDescription": "CPU hardware\u662f\u8fd0\u884c\u5728\u4e2d\u592e\u5904\u7406\u5668\u4e2d\u7528\u4e8e\u7ba1\u7406\u548c\u63a7\u5236CPU\u7684\u56fa\u4ef6\u3002\r\n\r\n\u591a\u6b3eCPU Hardwares\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fCPU\u9ad8\u901f\u7f13\u5b58\u5904\u7406\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u4fa7\u4fe1\u9053\u5206\u6790\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCPU Hardwares\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ARM Cortex A57",
      "Intel 5th generation Core Processors \u65e0",
      "ARM Cortex A72",
      "Intel 6th generation Core processors 0",
      "Intel 5th generation Core processors 0",
      "Intel 4th generation Core processors 0",
      "Intel 3rd generation Core processors 0",
      "Intel 2nd generation Core processors 0",
      "Intel 8th generation Core processors 0",
      "Intel 7th generation Core processors 0",
      "Intel Atom Processor A Series 0",
      "Intel Atom Processor C Series 0",
      "Intel Atom Processor E Series 0",
      "Intel Atom Processor T Series 0",
      "Intel Atom Processor X Series 0",
      "Intel Atom Processor Z Series 0",
      "Intel Core X-series Processor Family for Intel X99 platforms 0",
      "Intel Celeron Processor J Series 0",
      "Intel Celeron Processor N Series 0",
      "Intel Core M processor family 0",
      "Intel Core X-series Processor Family for Intel X299 platforms 0",
      "Intel Pentium Processor N Series 0",
      "Intel Pentium Processor Silver Series 0",
      "Intel Xeon processor 3400 series 0",
      "Intel Xeon processor 3600 series 0",
      "Intel Xeon processor 5500 series 0",
      "Intel Xeon processor 5600 series 0",
      "Intel Xeon processor 7500 series 0",
      "Intel Xeon processor 6500 series 0",
      "Intel Pentium Processor J Series 0",
      "Intel Xeon Processor E3 Family 0",
      "Intel Xeon Processor E3 v2 Family 0",
      "Intel Xeon Processor E3 v3 Family 0",
      "Intel Xeon Processor E3 v4 Family 0",
      "Intel Xeon Processor E3 v5 Family 0",
      "Intel Xeon Processor E3 v6 Family 0",
      "Intel Xeon Processor E5 Family 0",
      "Intel Xeon Processor E5 v2 Family 0",
      "Intel Xeon Processor E5 v3 Family 0",
      "Intel Xeon Processor E5 v4 Family 0",
      "Intel Xeon Processor E7 Family 0",
      "Intel Xeon Processor E7 v2 Family 0",
      "Intel Xeon Processor E7 v3 Family 0",
      "Intel Xeon Processor E7 v4 Family 0"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1040949",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-22",
  "title": "\u591a\u6b3eCPU Hardwares\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CERTFR-2018-ALE-001

Vulnerability from certfr_alerte - Published: 2018-01-04 - Updated: 2018-10-10

[Mise à jour du 25/05/2018 : ajout de bulletins Microsoft (cf. section Documentation)]

[Mise à jour du 22/05/2018 : publications de nouvelles variantes]

[Mise à jour du 23/02/2018 : annonce d'Intel sur la sortie des mises à jour des micrologiciels (cf. section Solution)]

[Mise à jour du 12/02/2018 : ajout des bulletins de sécurité VMware, RedHat et SUSE (cf. section Solution)]

[Mise à jour du 23/01/2018 : modification des recommandations suite au communiqué d'Intel (cf. section Solution)]

Le 4 janvier 2018, deux vulnérabilités affectant plusieurs familles de processeurs et pouvant conduire à des fuites d'informations ont été rendues publiques [1][2]. Intitulées Spectre et Meltdown, ces deux vulnérabilités ont reçu les identifiants CVE-2017-5715, CVE-2017-5753 pour Spectre et CVE-2017-5754 pour Meltdown. Le 21 mai 2018, deux nouvelles vulnérabilités identifiées CVE-2018-3639 et CVE-2018-3640, reposant sur des principes similaires, ont également été publiées [42].

Vulnérabilité Meltdown

Les processeurs modernes intègrent plusieurs fonctionnalités visant à améliorer leurs performances. Parmi celles-ci, l'exécution dite out-of-order permet d'exécuter les instructions d'un programme en fonction de la disponibilité des ressources de calculs et plus nécessairement de façon séquentielle. Une faiblesse de ce mécanisme peut cependant conduire à l'exécution d'une instruction sans que le niveau de privilèges requis par celle-ci ne soit correctement vérifié. Bien que le résultat de l'exécution d'une telle instruction ne soit pas validé par la suite, il peut être possible de récupérer l'information en utilisant une attaque par canaux cachés.

La vulnérabilité CVE-2017-5754 exploite l’exécution out-of-order sur des instructions requérant un haut niveau de privilège pour permettre l'accès en lecture à des zones mémoires propres au système d’exploitation depuis du code s’exécutant de façon non-privilégiée. En particulier, l'exploitation de cette vulnérabilité permet d'accéder depuis un programme utilisateur à la mémoire du système d'exploitation. Cela peut conduire à des fuites de données sensibles présentes en mémoire et peut inclure des informations d'autres programmes ou encore des clés de chiffrement. Cette fuite d'informations peut aussi être mise en œuvre pour faciliter la compromission d'un système.

La vulnérabilité CVE-2018-3640 exploite l’exécution out-of-order sur des instructions requérant un haut niveau de privilège pour permettre l'accès en lecture à des registres propres au système d’exploitation depuis du code s’exécutant de façon non-privilégiée. En particulier, l'exploitation de cette vulnérabilité permet d'accéder depuis un programme utilisateur à des paramètres de configuration du processeur. Cette fuite d'informations peut aussi être mise en œuvre pour faciliter la compromission d'un système.

Vulnérabilité Spectre

L'exécution spéculative est une seconde technique d'optimisation utilisée par les processeurs modernes. Les dépendances entre les instructions limitent les possibilités d'exécution out-of-order. Pour remédier à cette limitation, le processeur émet des hypothèses concernant les résultats non encore disponibles. Ceci lui permet de poursuivre l’exécution out-of-order en utilisant ces hypothèses en remplacement des résultats attendus. On parle alors d'exécution spéculative. Ces hypothèses sont vérifiées par le processeur dès que les résultats auxquels elles se rapportent deviennent disponibles. Si elles se révèlent correctes, le processeur valide l'exécution spéculative. Mais inversement, si elles se révèlent erronées, les effets de l'exécution spéculative doivent être annulés et l'exécution doit reprendre au point on les hypothèses erronées avaient été émises, c'est à dire là où l'exécution spéculative avait débutée.

Cependant les effets d'une exécution spéculative erronée sur le cache perdurent. Or, en mesurant des temps d'accès à des zones mémoires, il est possible de connaître l'état du cache. Par conséquent, un attaquant sera capable de déterminer les résultats intermédiaires d'une exécution spéculative erronée si ceux-ci influent sur l'état du cache. Cette utilisation du cache pour mener à bien l'exploitation est commune aux trois variantes de Spectre.

Variante 1 (CVE-2017-5753)

Le prédicteur de branches est un composant du processeur utilisé pour émettre des hypothèses concernant l'adresse de la prochaine instruction à exécuter. En particulier, il est utilisé pour prédire l'issue des sauts conditionnels. D'autre part, ce composant est partagé entre des codes s'exécutant dans des cloisonnements de sécurité différents (processus, niveaux de privilège).

Dans la variante 1 de Spectre, un attaquant influe sur les heuristiques du prédicteur de branches pour fausser la prédiction d'un saut conditionnel s’exécutant dans un autre cloisonnement de sécurité, ce qui a pour effet de déclencher une exécution spéculative erronée. Un code est vulnérable si cette exécution spéculative erronée modifie le cache de façon qui dépende d'une valeur secrète (c'est à dire non directement accessible depuis le cloisonnement dans lequel se situe l'attaquant).

Exemple de code vulnérable fourni dans l'article:

[pastacode lang="c" manual="if%20(x%20%3C%20array1_size)%0Ay%20%3D%20array2%5Barray1%5Bx%5D%20*%20256%5D%3B" message="" highlight="" provider="manual"/]

Un attaquant maîtrisant la valeur de x peut obtenir une lecture arbitraire dans l'espace d'adressage du processus exécutant le code ci-dessus. Pour cela, l'attaquant commence par soumettre un grand nombre de x valides (c'est à dire vérifiant la condition de la ligne 1) pour faire croire au prédicteur de branches que la condition ligne 1 est toujours vraie. Puis il soumet un x pointant à une adresse arbitraire. Le prédicteur de branches estime néanmoins que la condition est vraie, ce qui déclenche l'exécution spéculative de la ligne 2. La valeur secrète pointée par x est récupérée puis utilisée pour former l'adresse d'une seconde lecture mémoire. Cette seconde lecture aura un effet sur le cache décelable par l'attaquant qui sera alors en mesure de retrouver la valeur secrète.

Variante 2 (CVE-2017-5715)

Le prédicteur de branches est également utilisé pour prédire l'issue des sauts indirects. Dans la variante 2 de Spectre, un attaquant influe sur les heuristiques du prédicteur de branches pour fausser la prédiction d'un saut indirect s’exécutant dans un autre cloisonnement de sécurité, ce qui a pour effet de déclencher une exécution spéculative erronée à une adresse arbitraire maîtrisée par l'attaquant. En choisissant correctement le code exécuté spéculativement, l'attaquant est alors capable d'obtenir une lecture arbitraire dans l'espace d'adressage du processus victime.

Variante 3 (CVE-2018-3639)

Les processeurs émettent également des hypothèses concernant l'adresse de certains accès mémoire. Pour bénéficier de plus de libertés dans l'ordre d'exécution d'opérations de lecture mémoire, le processeur va devoir prédire si celles-ci chevauchent des opérations d'écriture en attente d'exécution. Si une opération de lecture ne chevauche aucune opération d'écriture en attente d'exécution, rien ne s'oppose à qu'elle puisse être exécutée de façon anticipée.

Dans la variante 3 de Spectre, un attaquant influe sur les heuristiques du processeur utilisées pour la prédiction d'adresses, ce qui a pour effet de déclencher une exécution spéculative erronée d'une opération de lecture mémoire et des instructions qui en dépendent. Un code est vulnérable si cette exécution spéculative erronée manipule une valeur secrète et la laisse fuir à travers un état observable du cache

Microsoft (une des parties ayant découvert la vulnérabilité) [43] affirme ne pas avoir identifié de code vulnérable dans leurs produits, ce qui laisse penser que les codes vulnérables sont peu fréquents.

Impact

Les vulnérabilités décrites dans cette alerte peuvent impacter tous les systèmes utilisant un processeur vulnérable et donc de façon indépendante du système d'exploitation. Selon les chercheurs à l'origine de la découverte de ces failles, il est ainsi possible d'accéder à l'intégralité de la mémoire physique sur des systèmes Linux et OSX et à une part importante de la mémoire sur un système Windows.

On notera que l'impact peut être plus particulièrement important dans des systèmes de ressources partagés de type conteneur (Docker, LXC) où il serait possible depuis un environnement restreint d'accéder à toutes les données présentes sur la machine physique dans lequel s'exécute le conteneur ou encore dans des environnements virtualisés utilisant la para-virtualisation de type Xen.

Preuve de concept

Le CERT-FR constate que des preuves de concept fonctionnelles pour Meltdown sont désormais publiques. Les règles Yara suivantes servent à détecter les binaires liés à la bibliothèque publiée par l'Institute of Applied Information Processing and Communications (IAIK) :

[pastacode lang="c" manual="rule%20meltdown_iaik_libkdump_meltdown_nonull%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_nonull%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F*%0A%0A.text%3A00000000000018A6%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018A9%0A%0A.text%3A00000000000018A9%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18A9%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B48j%0A%0A.text%3A00000000000018A9%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018AB%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018AF%2074%20F8%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18A9%0A%0A.text%3A00000000000018B1%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F8%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%20%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown_fast%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_fast%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%20%20%20%20%2F*%0A%0A.text%3A000000000000184F%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20%20rax%2C%20rax%0A%0A.text%3A0000000000001852%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A0000000000001854%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A0000000000001858%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A*%2F%0A%0A%24asm%20%3D%20%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F*%0A%0A.text%3A00000000000018A8%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018AB%0A%0A.text%3A00000000000018AB%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18AB%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B4Dj%0A%0A.text%3A00000000000018AB%2048%208B%2036%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20rsi%2C%20%5Brsi%5D%0A%0A.text%3A00000000000018AE%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018B0%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018B4%2074%20F5%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18AB%0A%0A.text%3A00000000000018B6%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A48%208B%2036%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F5%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D" message="" highlight="" provider="manual"/]

Campagne de pourriels

Le CERT-FR constate qu'une campagne de pourriels visant à distribuer des logiciels malveillants a été lancée afin de profiter de la situation autour des vulnérabilité Spectre et Meltdown [32]. Des attaquants se faisant passer pour la Bundesamt für Sicherheit in der Informationstechnik (BSI), l'équivalent allemand de l'ANSSI, ont envoyé des courriers électroniques invitant leurs destinataires à se rendre sur une copie du site de la BSI. La différence avec le site officiel était une modification de l'alerte concernant les vulnérabilités: l'utilisateur était invité à installer un correctif qui se trouvait être un logiciel malveillant.

Le CERT-FR rappelle de faire preuve de la plus grande vigilance quand à l'ouverture des courriers électroniques ainsi que d'installer les correctifs de sécurité dans les plus brefs délais, et ce uniquement depuis les sources officielles des éditeurs.

Solution

Correctifs disponibles

Plusieurs éditeurs ont publiés des correctifs partiels pour les vulnérabilités Meltdown et Spectre. Le CERT-FR recommande l'application des correctifs disponibles dès que possible.

Apple

Apple indique dans une communication du 4 janvier 2017 que les systèmes iOS 11.2, macOS 10.13.2 et tvOS 11.2 profitent de correctifs contre la vulnérabilité Meltdown [9].

Le 8 janvier 2018, Apple a publié des correctifs pour ses produits iOS, Safari et macOS High Sierra [26].

Mozilla

Mozilla a publié une communication annonçant que la version 57.0.4 de Firefox intègre deux correctifs de sécurité liés aux vulnérabilités décrites dans cette alerte [25].

Microsoft

Microsoft a annoncé dans un communiqué [10] que ses navigateurs Internet Explorer et Edge avaient bénéficié d'un correctif contre la vulnérabilité Spectre sur les systèmes Windows 10 et Windows Server 2016 [11][12]. Les correctifs de sécurité fournis par Microsoft sont néanmoins dépendants des logiciels anti-virus installés sur le système. Pour tous détails sur l'application de ces correctifs le CERT-FR recommande de se reporter au site de l'éditeur. Pour les systèmes 32 bits des versions antérieures à Windows 10 et Windows Server 2016, un correctif sera déployé à l'occasion de la mise à jour mensuelle, le 9 janvier 2018. Pour Windows Server, une simple mise à jour ne suffit par pour se prémunir du problème. Microsoft a publié une série de mesures à mettre en oeuvre pour se protéger [22]. Dans tous les cas, Microsoft conseille de mettre à jour le micrologiciel de son processeur lorsque des correctifs seront disponibles.

SUSE

Des correctifs pour les vulnérabilités Spectre et Meltdown ont été distribués par SUSE [13].

Le 11 janvier 2018, SUSE a publié des correctifs pour le noyau Linux ainsi que pour le microgiciel Intel utilisés par ses produits [29][30].

Red Hat

Des correctifs pour les vulnérabilités Spectre et Meltdown ont été distribués par Red Hat [23].

Ubuntu

Le mardi 9 janvier 2018, Ubuntu a publié plusieurs bulletins de sécurité concernant des correctifs pour la vulnérabilité Meltdown [27]. Le 11 janvier 2018, Ubuntu a publié un bulletin de sécurité annonçant la mise à disposition d'un correctif pour le microgiciel Intel [31].

VMware

Des correctifs contre la vulnérabilité Spectre ont été apportés par VMware pour leurs produits ESXi, Workstation et Fusion sous OS X. Il est à noter que les plateformes ESXi en version 5.5 reçoivent un correctif seulement pour la variante CVE-2017-5715 de Spectre [14].

Android

Dans leur bulletin de sécurité pour les correctifs du mois de janvier 2018 [16], Android annonce ne pas détenir d'informations sur une reproduction des vulnérabilités Spectre et Meltdown sur leurs appareils. Cependant, les correctifs disponibles pour ce mois de janvier 2018 intègrent des mesures permettant de limiter le risque de tels attaques [15].

Google

Dans un communiqué sur l'état de ses produits face aux vulnérabilités Meltdown et Spectre, Google annonce que Chrome OS sous Intel profite de la fonctionnalité KPTI (correctif limitant les effets de la vulnérabilité Meltdown) pour les noyaux en versions 3.18 et 4.4 à partir de la version 63 du système d'exploitation [17].

Citrix

Dans un avis de sécurité daté du 4 janvier 2018 Citrix annonce apporter un correctif de sécurité pour les produits Citrix XenServer 7.1 LTSR CU1 [19].

Amazon AWS

Dans un communiqué du 4 janvier 2018 [20], Amazon indique que les instances disposant d'une configuration par défaut (Amazon Linux AMI) vont bénéficier d'une mise à jour du noyau Linux pour adresser les effets de la vulnérabilité CVE-2017-5754 (Meltdown) [21].

Debian

Le 10 janvier 2018, un bulletin de sécurité publié par Debian propose un correctif pour la vulnérabilité Meltdown [28].

Pour la semaine du 15 au 21 janvier 2018, les éditeurs suivants ont publiés des correctifs pour Meldown et Spectre:

SUSE [33]
Oracle [34] [35]
Red Hat [36]
Moxa [37] (l'éditeur annonce que d'autres correctifs sont à venir)

Le 22 janvier 2018, Intel a publié un communiqué [38] pour annoncer qu'ils avaient trouvé la cause des dysfonctionnements liés à leur correctif. Dans certains cas, le correctif apporté à leur microgiciel provoquait des redémarrages intempestifs. La situation n'est toutefois pas encore résolue. Intel conseille donc de retarder l'installation du correctif pour le microprocesseur.

Le CERT-FR rappelle qu'il est important d'installer les correctifs de sécurité dans les plus brefs délais. Concernant Spectre et Meldown, il est nécessaire de mettre à jour en priorité les navigateurs puis les systèmes d'exploitation. Toutefois, il est également important de tester ces correctifs dans des environnements contrôlés avant de les pousser en production. Concernant les microgiciels d'Intel, le CERT-FR recommande une prudence accrue dans leurs déploiements voir d'attendre la version finale de ces mises à jour. En matière de risques, l'exploitation de la vulnérabilité Spectre est particulièrement complexe et est la seule à être couverte par la mise à jour du micrologiciel.

Les 8 et 9 février 2018, plusieurs éditeurs ont publiés des correctifs supplémentaires:

VMware [39]
Red Hat [40]
SUSE [41]

Le 20 février 2018, Intel a annoncé que les mises à jour de sécurité des micrologiciels pour certaines familles de processeurs étaient disponibles. Sont concernés les processeurs de type Kaby Lake, Coffee Lake ainsi que certains Skylake ( cf. https://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/). Intel a également mis à jour son calendrier prévisionnel des sorties futures (cf. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf).

Les éditeurs suivants ont également publiés de nouveaux correctifs :

Ubuntu (cf. )
SUSE (cf. , et )
Siemens (cf. )

Contournement provisoire

Dans leur article sur la vulnérabilité Meltdown, les auteurs de la publication indiquent que la fonctionnalité de sécurité KAISER [5] permet de limiter les implications dues à l'exploitation de Meltdown. Ce mécanisme a été intégré dans les dernières versions du noyau Linux sous le nom de Kernel page-table isolation (KPTI) [6] et est en cours d'intégration dans les versions précédentes du noyau.

Cette fonctionnalité renforce la séparation entre les zones mémoires accessibles en mode utilisateur et celles accessibles en mode noyau. De ce fait il n'est donc plus possible de d'accéder lors de l'utilisation de la vulnérabilité Meltdown aux informations noyau.

Systèmes de virtualisation

Les systèmes virtualisés de type Xen sont vulnérables aux failles présentés dans cette alerte. Concernant Meltdown un contournement pouvant être mis en œuvre est d'utiliser une virtualisation matérielle. En effet, d'après un avis de sécurité de l'éditeur [18], la CVE-2017-5754 n'affecte que les systèmes Xen en architecture Intel 64 bits utilisant la para-virtualisation.

D'une façon globale, l'ANSSI a émis un guide relatif à la virtualisation précisant que « les systèmes invités présents sur une même machine physique [doivent manipuler] des données qui ont une sensibilité similaire » [7].

Vérifications des correctifs disponibles

Windows

Microsoft a mis à disposition un script PowerShell qui permet de vérifier si un correctif pour les vulnérabilités a été appliqué sur un système Windows [4].

Linux

Afin de s'assurer de la présence du mécanisme de sécurité KPTI sur un système utilisant un noyau Linux il est possible d'exécuter la commande suivante :

[pastacode lang="bash" manual="dmesg%20%7C%20grep%20'Kernel%2FUser%20page%20tables%20isolation'" message="" highlight="" provider="manual"/]

Dans le cas où KPTI est activé un message sera affiché en sortie.

Processeurs Intel
- La liste des processeurs vulnérables est fournie dans la section documentation.
Processeurs AMD
- AMD est vulnérable à Spectre, mais pas à Meltdown.
Processeurs ARM :
- ARM Cortex-R7
- ARM Cortex-R8
- ARM Cortex-A8
- ARM Cortex-A9
- ARM Cortex-A15
- ARM Cortex-A17
- ARM Cortex-A57
- ARM Cortex-A72
- ARM Cortex-A73
- ARM Cortex-A75

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Sites détaillant le principe de la vulnérabilité	None	vendor-advisory
Bulletin de sécurité de Microsoft KB4056890 du 3 janvier 2018	-	other
Avis de sécurité Amazon ALAS-2018-939 du 4 janvier 2018	-	other
Communiqué d'Amazon AWS-2018-013 en lien avec les vulnérabilités d'exécution spéculative	-	other
Avis CERT-FR CERTFR-2018-AVI-028 Vulnérabilité dans le microgiciel Intel pour SUSE	-	other
Bulletin de sécurité Fortinet FG-IR-18-002	-	other
Bulletin de sécurité Android du 2 janvier 2018	-	other
Guide relatif à la sécurité des systèmes de virtualisation	-	other
Avis CERT-FR CERTFR-2018-AVI-029 Multiples vulnérabilités dans le noyau Linux de SUSE	-	other
Avis CERT-FR CERTFR-2018-AVI-044 Multiples vulnérabilités dans les produits Moxa	-	other
Avis CERT-FR CERTFR-2018-AVI-017 Multiples vulnérabilités dans le noyau Linux d'Ubuntu	-	other
Security Advisory 115 Intel	-	other
Avis CERT-FR CERTFR-2018-AVI-006 Multiples vulnérabilités dans les produits VMware	-	other
Communication de Microsoft sur les dépendances entre la mise à jour et les logiciels anti-virus	-	other
Bulletin de sécurité Citrix CTX231390 du 4 janvier 2018	-	other
Communiqué de la BSI	-	other
Avis CERT-FR CERTFR-2018-AVI-013 Multiples vulnérabilités dans les produits Apple	-	other
Avis CERT-FR CERTFR-2018-AVI-005 Multiples vulnérabilités dans le noyau Linux de SUSE	-	other
Billet de blogue Mozilla	-	other
Mesures à mettre en oeuvre pour protéger son Windows Server	-	other
Avis CERT-FR CERTFR-2018-AVI-080 Multiples vulnérabilités dans le noyau Linux de SUSE	-	other
Bulletin de sécurité Juniper	-	other
Bulletin de sécurité Xen	-	other
Billet de blogue de Microsoft du 3 janvier 2018 sur un correctif pour Internet Explorer et Edge	-	other
Avis CERT-FR CERTFR-2018-AVI-039 Multiples vulnérabilités dans Oracle Virtualization	-	other
Avis CERT-FR CERTFR-2018-AVI-032 Multiples vulnérabilités dans le noyau Linux de SUSE	-	other
CERT KB	-	other
Avis CERT-FR CERTFR-2018-AVI-030 Vulnérabilité dans le microgiciel Intel pour Ubuntu	-	other
Article ARM détaillant les vulnérabilités ainsi que les contre-mesures envisagées	-	other
Avis de sécurité ARM du 3 janvier 2017	-	other
Bulletin de sécurité Microsoft ADV180002	-	other
Avis de vulnérabilité d'Intel et liste des processeurs vulnérables	-	other
Communiqué Ubuntu	-	other
Billet de blogue Google Project Zero	-	other
Commentaires d'AMD sur une éventuelle vulnérabilité de leurs processeurs	-	other
Site détaillant le principe de la vulnérabilité	-	other
Avis CERT-FR CERTFR-2018-AVI-077 Multiples vulnérabilités dans les produits VMware	-	other
Bulletin de sécurité Microsoft ADV180012 du 21 mai 2018	-	other
Avis CERT-FR CERTFR-2018-AVI-038 Multiples vulnérabilités dans Oracle Sun Systems Products Suite	-	other
Avis CERT-FR CERTFR-2018-AVI-079 Multiples vulnérabilités dans le noyau Linux de RedHat	-	other
Bulletin de sécurité Microsoft ADV180013 du 21 mai 2018	-	other
Bulletin de sécurité Schneider Electric	-	other
Bulletin de sécurité Xen XSA-254 du 3 janvier 2018	-	other
Bulletin de sécurité Microsoft concernant les vulnérabilités d'attaques par canaux auxiliaires d'exécution spéculative	-	other
Article Intel détaillant les vulnérabilités ainsi que les contre-mesures envisagées	-	other
Avis CERT-FR CERTFR-2018-AVI-002 Multiples vulnérabilités dans Google Android	-	other
Communiqué de Google sur les attaques utilisant une méthode d'exécution spéculative	-	other
Communiqué Intel	-	other
Avis CERT-FR CERTFR-2018-AVI-030 Vulnérabilité dans le microgiciel Intel pour Ubuntu	-	other
Avis CERT-FR CERTFR-2018-AVI-004 Multiples vulnérabilités dans le noyau Linux de RedHat	-	other
Mise à jour du microgiciel Intel pour Linux relatif à la CVE-2017-5715	-	other
Bulletin de sécurité Microsoft pour les professionnels concernant les vulnérabilités d'attaques par canaux auxiliaires d'exécution spéculative	-	other
Avis CERT-FR CERTFR-2018-AVI-040 Vulnérabilité dans le micrologiciel processeur pour Red Hat	-	other
Avis CERT-FR CERTFR-2018-AVI-008 Multiples vulnérabilités dans Mozilla Firefox	-	other
Bulletin de sécurité de Microsoft KB4056892 du 3 janvier 2018	-	other
Article du 30 décembre 2017 sur l'intégration du correctif KPTI dans le noyau Linux	-	other
Article de blog publié par Microsoft au sujet de CVE-2018-3639	-	other
Article du 15 novembre 2017 sur le mécanisme de sécurité KAISER	-	other
Site détaillant le principe de la vulnérabilité	-	other
Bulletin de sécurité Cisco	-	other
Bulletin de sécurité Apple HT208394 du 4 janvier 2018	-	other
Avis CERT-FR CERTFR-2018-AVI-018 Multiples vulnérabilités dans le noyau Linux de Debian	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eProcesseurs Intel \u003cul\u003e \u003cli\u003eLa liste des processeurs vuln\u00e9rables est fournie dans la section documentation.\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eProcesseurs AMD \u003cul\u003e \u003cli\u003eAMD est vuln\u00e9rable \u00e0 Spectre, mais pas \u00e0 Meltdown.\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eProcesseurs ARM : \u003cul\u003e \u003cli\u003eARM Cortex-R7\u003c/li\u003e \u003cli\u003eARM Cortex-R8\u003c/li\u003e \u003cli\u003eARM Cortex-A8\u003c/li\u003e \u003cli\u003eARM Cortex-A9\u003c/li\u003e \u003cli\u003eARM Cortex-A15\u003c/li\u003e \u003cli\u003eARM Cortex-A17\u003c/li\u003e \u003cli\u003eARM Cortex-A57\u003c/li\u003e \u003cli\u003eARM Cortex-A72\u003c/li\u003e \u003cli\u003eARM Cortex-A73\u003c/li\u003e \u003cli\u003eARM Cortex-A75\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u0026nbsp;\u003c/p\u003e ",
  "closed_at": "2018-10-10",
  "content": "## Solution\n\n### Correctifs disponibles\n\nPlusieurs \u00e9diteurs ont publi\u00e9s des correctifs partiels pour les\nvuln\u00e9rabilit\u00e9s Meltdown et Spectre. Le CERT-FR recommande l\u0027application\ndes correctifs disponibles d\u00e8s que possible.\n\n#### Apple\n\nApple indique dans une communication du 4 janvier 2017 que les syst\u00e8mes\niOS 11.2, macOS 10.13.2 et tvOS 11.2 profitent de correctifs contre la\nvuln\u00e9rabilit\u00e9 Meltdown \\[9\\].\n\nLe 8 janvier 2018, Apple a publi\u00e9 des correctifs pour ses produits iOS,\nSafari et macOS High Sierra \\[26\\].\n\n#### Mozilla\n\nMozilla a publi\u00e9 une communication annon\u00e7ant que la version 57.0.4 de\nFirefox int\u00e8gre deux correctifs de s\u00e9curit\u00e9 li\u00e9s aux vuln\u00e9rabilit\u00e9s\nd\u00e9crites dans cette alerte \\[25\\].\n\n#### Microsoft\n\nMicrosoft a annonc\u00e9 dans un communiqu\u00e9 \\[10\\] que ses navigateurs\nInternet Explorer et Edge avaient b\u00e9n\u00e9fici\u00e9 d\u0027un correctif contre la\nvuln\u00e9rabilit\u00e9 Spectre sur les syst\u00e8mes Windows 10 et Windows Server 2016\n\\[11\\]\\[12\\]. Les correctifs de s\u00e9curit\u00e9 fournis par Microsoft sont\nn\u00e9anmoins d\u00e9pendants des logiciels anti-virus install\u00e9s sur le syst\u00e8me.\nPour tous d\u00e9tails sur l\u0027application de ces correctifs le CERT-FR\nrecommande de se reporter au site de l\u0027\u00e9diteur. Pour les syst\u00e8mes 32\nbits des versions ant\u00e9rieures \u00e0 Windows 10 et Windows Server 2016, un\ncorrectif sera d\u00e9ploy\u00e9 \u00e0 l\u0027occasion de la mise \u00e0 jour mensuelle, le 9\njanvier 2018. Pour Windows Server, une simple mise \u00e0 jour ne suffit par\npour se pr\u00e9munir du probl\u00e8me. Microsoft a publi\u00e9 une s\u00e9rie de mesures \u00e0\nmettre en oeuvre pour se prot\u00e9ger \\[22\\]. Dans tous les cas, Microsoft\nconseille de mettre \u00e0 jour le micrologiciel de son processeur lorsque\ndes correctifs seront disponibles.\n\n#### SUSE\n\nDes correctifs pour les vuln\u00e9rabilit\u00e9s Spectre et Meltdown ont \u00e9t\u00e9\ndistribu\u00e9s par SUSE \\[13\\].\n\nLe 11 janvier 2018, SUSE a publi\u00e9 des correctifs pour le noyau Linux\nainsi que pour le microgiciel Intel utilis\u00e9s par ses produits\n\\[29\\]\\[30\\].\n\n#### Red Hat\n\nDes correctifs\u00a0pour les vuln\u00e9rabilit\u00e9s Spectre et Meltdown ont \u00e9t\u00e9\ndistribu\u00e9s par Red Hat \\[23\\].\n\n#### Ubuntu\n\nLe mardi 9 janvier 2018, Ubuntu a publi\u00e9 plusieurs bulletins de s\u00e9curit\u00e9\nconcernant des correctifs pour la vuln\u00e9rabilit\u00e9 Meltdown \\[27\\]. Le 11\njanvier 2018, Ubuntu a publi\u00e9 un bulletin de s\u00e9curit\u00e9 annon\u00e7ant la mise\n\u00e0 disposition d\u0027un correctif pour le microgiciel Intel \\[31\\].\n\n#### VMware\n\nDes correctifs contre la vuln\u00e9rabilit\u00e9 Spectre ont \u00e9t\u00e9 apport\u00e9s par\nVMware pour leurs produits ESXi, Workstation et Fusion sous OS X. Il est\n\u00e0 noter que les plateformes ESXi en version 5.5 re\u00e7oivent un correctif\nseulement pour la variante CVE-2017-5715 de Spectre \\[14\\].\n\n#### Android\n\nDans leur bulletin de s\u00e9curit\u00e9 pour les correctifs du mois de janvier\n2018 \\[16\\], Android annonce ne pas d\u00e9tenir d\u0027informations sur une\nreproduction des vuln\u00e9rabilit\u00e9s Spectre et Meltdown sur leurs appareils.\nCependant, les correctifs disponibles pour ce mois de janvier 2018\nint\u00e8grent des mesures permettant de limiter le risque de tels attaques\n\\[15\\].\n\n#### Google\n\nDans un communiqu\u00e9 sur l\u0027\u00e9tat de ses produits face aux vuln\u00e9rabilit\u00e9s\nMeltdown et Spectre, Google annonce que Chrome OS sous Intel profite de\nla fonctionnalit\u00e9 KPTI (correctif limitant les effets de la\nvuln\u00e9rabilit\u00e9 Meltdown) pour les noyaux en versions 3.18 et 4.4 \u00e0 partir\nde la version 63 du syst\u00e8me d\u0027exploitation \\[17\\].\n\n#### Citrix\n\nDans un avis de s\u00e9curit\u00e9 dat\u00e9 du 4 janvier 2018 Citrix annonce apporter\nun correctif de s\u00e9curit\u00e9 pour les produits Citrix XenServer 7.1 LTSR CU1\n\\[19\\].\n\n#### Amazon AWS\n\nDans un communiqu\u00e9 du 4 janvier 2018 \\[20\\], Amazon indique que les\ninstances disposant d\u0027une configuration par d\u00e9faut (Amazon Linux AMI)\u00a0\nvont b\u00e9n\u00e9ficier d\u0027une mise \u00e0 jour du noyau Linux pour adresser les\neffets de la vuln\u00e9rabilit\u00e9 CVE-2017-5754 (Meltdown) \\[21\\].\n\n#### Debian\n\nLe 10 janvier 2018, un bulletin de s\u00e9curit\u00e9 publi\u00e9 par Debian propose un\ncorrectif pour la vuln\u00e9rabilit\u00e9 Meltdown \\[28\\].\n\n\u00a0\n\nPour la semaine du 15 au 21 janvier 2018, les \u00e9diteurs suivants ont\npubli\u00e9s des correctifs pour Meldown et Spectre:\n\n-   SUSE \\[33\\]\n-   Oracle \\[34\\] \\[35\\]\n-   Red Hat \\[36\\]\n-   Moxa \\[37\\] (l\u0027\u00e9diteur annonce que d\u0027autres correctifs sont \u00e0 venir)\n\n**Le 22 janvier 2018, Intel a publi\u00e9 un communiqu\u00e9 \\[38\\] pour annoncer\nqu\u0027ils avaient trouv\u00e9 la cause des dysfonctionnements li\u00e9s \u00e0 leur\ncorrectif. Dans certains cas, le correctif apport\u00e9 \u00e0 leur microgiciel\nprovoquait des red\u00e9marrages intempestifs. La situation n\u0027est toutefois\npas encore r\u00e9solue. Intel conseille donc de retarder l\u0027installation du\ncorrectif pour le microprocesseur.**\n\n**Le CERT-FR rappelle qu\u0027il est important d\u0027installer les correctifs de\ns\u00e9curit\u00e9 dans les plus brefs d\u00e9lais. Concernant Spectre et Meldown, il\nest n\u00e9cessaire de mettre \u00e0 jour en priorit\u00e9 les navigateurs puis les\nsyst\u00e8mes d\u0027exploitation.\u00a0Toutefois, il est \u00e9galement important de tester\nces correctifs dans des environnements contr\u00f4l\u00e9s avant de les pousser en\nproduction. Concernant les microgiciels d\u0027Intel, le CERT-FR\u00a0recommande\nune prudence accrue dans leurs d\u00e9ploiements voir d\u0027attendre la version\nfinale de ces mises \u00e0 jour. En mati\u00e8re de risques, l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9 Spectre est particuli\u00e8rement\u00a0complexe et est la seule \u00e0\n\u00eatre couverte par la mise \u00e0 jour du micrologiciel.**\n\nLes 8 et 9 f\u00e9vrier 2018, plusieurs \u00e9diteurs ont publi\u00e9s des correctifs\nsuppl\u00e9mentaires:\n\n-   VMware \\[39\\]\n-   Red Hat \\[40\\]\n-   SUSE \\[41\\]\n\nLe 20 f\u00e9vrier 2018, Intel a annonc\u00e9 que les mises \u00e0 jour de s\u00e9curit\u00e9 des\nmicrologiciels pour certaines familles de processeurs \u00e9taient\ndisponibles. Sont concern\u00e9s les processeurs de type Kaby Lake, Coffee\nLake ainsi que certains Skylake (\ncf.\u00a0\u003chttps://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/\u003e).\nIntel a \u00e9galement mis \u00e0 jour son calendrier pr\u00e9visionnel des sorties\nfutures (cf.\n\u003chttps://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf\u003e).\n\nLes \u00e9diteurs suivants ont \u00e9galement publi\u00e9s de nouveaux correctifs :\n\n-   Ubuntu\n    (cf.\u00a0\u003c/avis/CERTFR-2018-AVI-094/\u003e)\n-   SUSE (cf. \u003c/avis/CERTFR-2018-AVI-080/\u003e,\n    \u003c/avis/CERTFR-2018-AVI-083/\u003e\u00a0et\n    \u003c/avis/CERTFR-2018-AVI-091/\u003e)\n-   Siemens (cf.\n    \u003c/avis/CERTFR-2018-AVI-095/\u003e)\n\n\u00a0\n\n## Contournement provisoire\n\nDans leur article sur la vuln\u00e9rabilit\u00e9 Meltdown, les auteurs de la\npublication indiquent que la fonctionnalit\u00e9 de s\u00e9curit\u00e9 KAISER \\[5\\]\npermet de limiter les implications dues \u00e0 l\u0027exploitation de Meltdown.\u00a0Ce\nm\u00e9canisme a \u00e9t\u00e9 int\u00e9gr\u00e9 dans les derni\u00e8res versions du noyau Linux sous\nle nom de Kernel page-table isolation (KPTI) \\[6\\] et est en cours\nd\u0027int\u00e9gration dans les versions pr\u00e9c\u00e9dentes du noyau.\n\nCette fonctionnalit\u00e9 renforce la s\u00e9paration entre les zones m\u00e9moires\naccessibles en mode utilisateur et celles accessibles en mode noyau. De\nce fait il n\u0027est donc plus possible de d\u0027acc\u00e9der lors de l\u0027utilisation\nde la vuln\u00e9rabilit\u00e9 Meltdown aux informations noyau.\n\n### Syst\u00e8mes de virtualisation\n\nLes syst\u00e8mes virtualis\u00e9s de type Xen sont vuln\u00e9rables aux failles\npr\u00e9sent\u00e9s dans cette alerte. Concernant Meltdown un contournement\npouvant \u00eatre mis en \u0153uvre est d\u0027utiliser une virtualisation mat\u00e9rielle.\nEn effet, d\u0027apr\u00e8s un avis de s\u00e9curit\u00e9 de l\u0027\u00e9diteur \\[18\\], la\nCVE-2017-5754 n\u0027affecte que les syst\u00e8mes Xen en architecture Intel 64\nbits utilisant la para-virtualisation.\n\nD\u0027une fa\u00e7on globale, l\u0027ANSSI a \u00e9mis un guide relatif \u00e0 la virtualisation\npr\u00e9cisant que \u003cspan class=\"citation\"\u003e\u00ab\u003c/span\u003e les syst\u00e8mes invit\u00e9s\npr\u00e9sents sur une m\u00eame machine physique \\[doivent manipuler\\] des donn\u00e9es\nqui ont une \u003cspan class=\"highlight selected\"\u003esensibilit\u00e9\u003c/span\u003e\nsimilaire \u003cspan class=\"citation\"\u003e\u00bb\u003c/span\u003e \\[7\\].\n\n### V\u00e9rifications des correctifs disponibles\n\n#### Windows\n\nMicrosoft a mis \u00e0 disposition un script PowerShell qui permet de\nv\u00e9rifier si un correctif pour les vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 appliqu\u00e9 sur un\nsyst\u00e8me Windows \\[4\\].\n\n#### Linux\n\nAfin de s\u0027assurer de la pr\u00e9sence du m\u00e9canisme de s\u00e9curit\u00e9 KPTI sur un\nsyst\u00e8me utilisant un noyau Linux il est possible d\u0027ex\u00e9cuter la commande\nsuivante :\n\n\\[pastacode lang=\"bash\"\nmanual=\"dmesg%20%7C%20grep%20\u0027Kernel%2FUser%20page%20tables%20isolation\u0027\"\nmessage=\"\" highlight=\"\" provider=\"manual\"/\\]\n\nDans le cas o\u00f9 KPTI est activ\u00e9 un message sera affich\u00e9 en sortie.\n",
  "cves": [
    {
      "name": "CVE-2017-5754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
    },
    {
      "name": "CVE-2017-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    }
  ],
  "initial_release_date": "2018-01-04T00:00:00",
  "last_revision_date": "2018-10-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Microsoft KB4056890 du 3 janvier 2018",
      "url": "https://support.microsoft.com/en-us/help/4056890/windows-10-update-kb4056890"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Amazon ALAS-2018-939 du 4 janvier 2018",
      "url": "https://alas.aws.amazon.com/ALAS-2018-939.html"
    },
    {
      "title": "Communiqu\u00e9 d\u0027Amazon\u00a0AWS-2018-013 en lien avec les vuln\u00e9rabilit\u00e9s d\u0027ex\u00e9cution sp\u00e9culative",
      "url": "https://aws.amazon.com/fr/security/security-bulletins/AWS-2018-013/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-028 Vuln\u00e9rabilit\u00e9 dans le microgiciel Intel pour SUSE",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-028"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-002",
      "url": "https://fortiguard.com/psirt/FG-IR-18-002"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 2 janvier 2018",
      "url": "https://source.android.com/security/bulletin/2018-01-01"
    },
    {
      "title": "Guide relatif \u00e0 la s\u00e9curit\u00e9 des syst\u00e8mes de virtualisation",
      "url": "https://www.ssi.gouv.fr/guide/problematiques-de-securite-associees-a-la-virtualisation-des-systemes-dinformation"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-029 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-029"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-044 Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-044"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-017 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-017"
    },
    {
      "title": "Security Advisory 115 Intel",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-006 Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-006"
    },
    {
      "title": "Communication de Microsoft sur les d\u00e9pendances entre la mise \u00e0 jour et les logiciels anti-virus",
      "url": "https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX231390 du 4 janvier 2018",
      "url": "https://support.citrix.com/article/CTX231390"
    },
    {
      "title": "Communiqu\u00e9 de la BSI",
      "url": "https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Gefaelschte_BSI-Mails_12012018.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-013 Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-013"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-005 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-005"
    },
    {
      "title": "Billet de blogue Mozilla",
      "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
    },
    {
      "title": "Mesures \u00e0 mettre en oeuvre pour prot\u00e9ger son Windows Server",
      "url": "https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-080 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-080"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10842\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Xen",
      "url": "https://xenbits.xen.org/xsa/advisory-254.html"
    },
    {
      "title": "Billet de blogue de Microsoft du 3 janvier 2018 sur un correctif pour Internet Explorer et Edge",
      "url": "https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-039 Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-039/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-032 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-032/"
    },
    {
      "title": "CERT KB",
      "url": "https://www.kb.cert.org/vuls/id/584653"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-030 Vuln\u00e9rabilit\u00e9 dans le microgiciel Intel pour Ubuntu",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-029"
    },
    {
      "title": "Article ARM d\u00e9taillant les vuln\u00e9rabilit\u00e9s ainsi que les contre-mesures envisag\u00e9es",
      "url": "https://developer.arm.com/support/security-update"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 ARM du 3 janvier 2017",
      "url": "https://developer.arm.com/support/security-update"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180002",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
    },
    {
      "title": "Avis de vuln\u00e9rabilit\u00e9 d\u0027Intel et liste des processeurs vuln\u00e9rables",
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
    },
    {
      "title": "Communiqu\u00e9 Ubuntu",
      "url": "https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/"
    },
    {
      "title": "Billet de blogue Google Project Zero",
      "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
    },
    {
      "title": "Commentaires d\u0027AMD sur une \u00e9ventuelle vuln\u00e9rabilit\u00e9 de leurs processeurs",
      "url": "https://www.amd.com/en/corporate/speculative-execution"
    },
    {
      "title": "Site d\u00e9taillant le principe de la vuln\u00e9rabilit\u00e9",
      "url": "https://spectreattack.com/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-077 Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-077"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180012 du 21 mai 2018",
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180012"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-038 Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems Products Suite",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-038/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-079 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-079"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180013 du 21 mai 2018",
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Id=8786151194\u0026p_File_Name=SEVD-2018-005-01+-Spectre+and+Meltdown.pdf\u0026p_Reference=SEVD-2018-005-01"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-254 du 3 janvier 2018",
      "url": "https://xenbits.xen.org/xsa/advisory-254.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft concernant les vuln\u00e9rabilit\u00e9s d\u0027attaques par canaux auxiliaires d\u0027ex\u00e9cution sp\u00e9culative",
      "url": "https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s"
    },
    {
      "title": "Article Intel d\u00e9taillant les vuln\u00e9rabilit\u00e9s ainsi que les contre-mesures envisag\u00e9es",
      "url": "https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-002 Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-002"
    },
    {
      "title": "Communiqu\u00e9 de Google sur les attaques utilisant une m\u00e9thode d\u0027ex\u00e9cution sp\u00e9culative",
      "url": "https://support.google.com/faqs/answer/7622138"
    },
    {
      "title": "Communiqu\u00e9 Intel",
      "url": "https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-030 Vuln\u00e9rabilit\u00e9 dans le microgiciel Intel pour Ubuntu",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-030"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-004 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-004"
    },
    {
      "title": "Mise \u00e0 jour du microgiciel Intel pour Linux relatif \u00e0 la CVE-2017-5715",
      "url": "https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft pour les professionnels concernant les vuln\u00e9rabilit\u00e9s d\u0027attaques par canaux auxiliaires d\u0027ex\u00e9cution sp\u00e9culative",
      "url": "https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-040 Vuln\u00e9rabilit\u00e9 dans le micrologiciel processeur pour Red Hat",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-040/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-008 Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-008"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Microsoft KB4056892 du 3 janvier 2018",
      "url": "https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892"
    },
    {
      "title": "Article du 30 d\u00e9cembre 2017 sur l\u0027int\u00e9gration du correctif KPTI dans le noyau Linux",
      "url": "https://lwn.net/Articles/742404/"
    },
    {
      "title": "Article de blog publi\u00e9 par Microsoft au sujet de CVE-2018-3639",
      "url": "https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/"
    },
    {
      "title": "Article du 15 novembre 2017 sur le m\u00e9canisme de s\u00e9curit\u00e9 KAISER",
      "url": "https://lwn.net/Articles/738975/"
    },
    {
      "title": "Site d\u00e9taillant le principe de la vuln\u00e9rabilit\u00e9",
      "url": "https://meltdownattack.com/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208394 du 4 janvier 2018",
      "url": "https://support.apple.com/en-us/HT208394"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-018 Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-018"
    }
  ],
  "reference": "CERTFR-2018-ALE-001",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-04T00:00:00.000000"
    },
    {
      "description": "Ajout et correction de liens",
      "revision_date": "2018-01-04T00:00:00.000000"
    },
    {
      "description": "Ajout de liens",
      "revision_date": "2018-01-05T00:00:00.000000"
    },
    {
      "description": "Ajout de d\u00e9tails sur les correctifs disponibles",
      "revision_date": "2018-01-05T00:00:00.000000"
    },
    {
      "description": "Ajout de d\u00e9tails sur les correctifs disponibles",
      "revision_date": "2018-01-05T00:00:00.000000"
    },
    {
      "description": "Ajout de d\u00e9tails sur les correctifs disponibles et sur les contournements possibles",
      "revision_date": "2018-01-05T00:00:00.000000"
    },
    {
      "description": "Ajout de liens et de recommandations pour Windows Server",
      "revision_date": "2018-01-05T00:00:00.000000"
    },
    {
      "description": "Ajout de d\u00e9tails sur les correctifs disponibles",
      "revision_date": "2018-01-09T00:00:00.000000"
    },
    {
      "description": "Ajout de liens et ajout de la section Preuve de concept",
      "revision_date": "2018-01-09T00:00:00.000000"
    },
    {
      "description": "Ajout de r\u00e8gles Yara",
      "revision_date": "2018-01-09T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des correctifs disponibles",
      "revision_date": "2018-01-10T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des correctifs disponibles",
      "revision_date": "2018-01-12T00:00:00.000000"
    },
    {
      "description": "Ajout de la section Campagne de pourriel",
      "revision_date": "2018-01-12T00:00:00.000000"
    },
    {
      "description": "Ajout de correctifs disponibles en semaine 03",
      "revision_date": "2018-01-19T00:00:00.000000"
    },
    {
      "description": "modification des recommandations suite au communiqu\u00e9 d\u0027Intel",
      "revision_date": "2018-01-23T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 VMware, RedHat et SUSE",
      "revision_date": "2018-02-12T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027annonce d\u0027Intel sur la sortie des derniers correctifs de s\u00e9curit\u00e9.",
      "revision_date": "2018-02-23T00:00:00.000000"
    },
    {
      "description": "Ajout des vuln\u00e9rabilit\u00e9s 3a et 4",
      "revision_date": "2018-05-23T00:00:00.000000"
    },
    {
      "description": "Correction mise en page et ajout de liens",
      "revision_date": "2018-05-23T00:00:00.000000"
    },
    {
      "description": "Ajout de bulletins Microsoft",
      "revision_date": "2018-05-25T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2018-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "\u003cstrong\u003e\\[Mise \u00e0 jour du 25/05/2018 : ajout de bulletins Microsoft (cf.\nsection Documentation)\\]\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 22/05/2018 : publications de nouvelles variantes\\]  \n\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 23/02/2018 : annonce d\u0027Intel sur la sortie des mises\n\u00e0 jour des micrologiciels (cf. section Solution)\\]\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 12/02/2018 : ajout des bulletins de s\u00e9curit\u00e9 VMware,\nRedHat et SUSE (cf. section Solution)\\]\u003c/strong\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 23/01/2018 : modification des recommandations suite\nau communiqu\u00e9 d\u0027Intel (cf. section Solution)\\]\u003c/strong\u003e\n\nLe 4 janvier 2018, deux vuln\u00e9rabilit\u00e9s affectant plusieurs familles de\nprocesseurs et pouvant conduire \u00e0 des fuites d\u0027informations ont \u00e9t\u00e9\nrendues publiques \\[1\\]\\[2\\]. Intitul\u00e9es Spectre et Meltdown, ces deux\nvuln\u00e9rabilit\u00e9s ont re\u00e7u les identifiants CVE-2017-5715, CVE-2017-5753\npour Spectre et CVE-2017-5754 pour Meltdown. Le 21 mai 2018, deux\nnouvelles vuln\u00e9rabilit\u00e9s identifi\u00e9es CVE-2018-3639 et CVE-2018-3640,\nreposant sur des principes similaires, ont \u00e9galement \u00e9t\u00e9 publi\u00e9es\n\\[42\\].\n\n### Vuln\u00e9rabilit\u00e9 Meltdown\n\nLes processeurs modernes int\u00e8grent plusieurs fonctionnalit\u00e9s visant \u00e0\nam\u00e9liorer leurs performances. Parmi celles-ci, l\u0027ex\u00e9cution dite\n*out-of-order* permet d\u0027ex\u00e9cuter les instructions d\u0027un programme en\nfonction de la disponibilit\u00e9 des ressources de calculs et plus\nn\u00e9cessairement de fa\u00e7on s\u00e9quentielle. Une faiblesse de ce m\u00e9canisme peut\ncependant conduire \u00e0 l\u0027ex\u00e9cution d\u0027une instruction sans que le niveau de\nprivil\u00e8ges requis par celle-ci ne soit correctement v\u00e9rifi\u00e9. Bien que le\nr\u00e9sultat de l\u0027ex\u00e9cution d\u0027une telle instruction ne soit pas valid\u00e9 par\nla suite, il peut \u00eatre possible de r\u00e9cup\u00e9rer l\u0027information en utilisant\nune attaque par canaux cach\u00e9s.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2017-5754 exploite l\u2019ex\u00e9cution *out-of-order* sur\ndes instructions requ\u00e9rant un haut niveau de privil\u00e8ge pour permettre\nl\u0027acc\u00e8s en lecture \u00e0 des zones m\u00e9moires propres au syst\u00e8me\nd\u2019exploitation depuis du code s\u2019ex\u00e9cutant de fa\u00e7on non-privil\u00e9gi\u00e9e. En\nparticulier, l\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet d\u0027acc\u00e9der\ndepuis un programme utilisateur \u00e0 la m\u00e9moire du syst\u00e8me d\u0027exploitation.\nCela peut conduire \u00e0 des fuites de donn\u00e9es sensibles pr\u00e9sentes en\nm\u00e9moire et peut inclure des informations d\u0027autres programmes ou encore\ndes cl\u00e9s de chiffrement. Cette fuite d\u0027informations peut aussi \u00eatre mise\nen \u0153uvre pour faciliter la compromission d\u0027un syst\u00e8me.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2018-3640 exploite l\u2019ex\u00e9cution *out-of-order* sur\ndes instructions requ\u00e9rant un haut niveau de privil\u00e8ge pour permettre\nl\u0027acc\u00e8s en lecture \u00e0 des registres propres au syst\u00e8me d\u2019exploitation\ndepuis du code s\u2019ex\u00e9cutant de fa\u00e7on non-privil\u00e9gi\u00e9e. En particulier,\nl\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet d\u0027acc\u00e9der depuis un\nprogramme utilisateur \u00e0 des param\u00e8tres de configuration du processeur.\nCette fuite d\u0027informations peut aussi \u00eatre mise en \u0153uvre pour faciliter\nla compromission d\u0027un syst\u00e8me.\n\n### Vuln\u00e9rabilit\u00e9 Spectre\n\nL\u0027ex\u00e9cution sp\u00e9culative est une seconde technique d\u0027optimisation\nutilis\u00e9e par les processeurs modernes. Les d\u00e9pendances entre les\ninstructions limitent les possibilit\u00e9s d\u0027ex\u00e9cution *out-of-order*. Pour\nrem\u00e9dier \u00e0 cette limitation, le processeur \u00e9met des hypoth\u00e8ses\nconcernant les r\u00e9sultats non encore disponibles. Ceci lui permet de\npoursuivre l\u2019ex\u00e9cution *out-of-order* en utilisant ces hypoth\u00e8ses en\nremplacement des r\u00e9sultats attendus. On parle alors d\u0027ex\u00e9cution\nsp\u00e9culative. Ces hypoth\u00e8ses sont v\u00e9rifi\u00e9es par le processeur d\u00e8s que les\nr\u00e9sultats auxquels elles se rapportent deviennent disponibles. Si elles\nse r\u00e9v\u00e8lent correctes, le processeur valide l\u0027ex\u00e9cution sp\u00e9culative.\nMais inversement, si elles se r\u00e9v\u00e8lent erron\u00e9es, les effets de\nl\u0027ex\u00e9cution sp\u00e9culative doivent \u00eatre annul\u00e9s et l\u0027ex\u00e9cution doit\nreprendre au point on les hypoth\u00e8ses erron\u00e9es avaient \u00e9t\u00e9 \u00e9mises, c\u0027est\n\u00e0 dire l\u00e0 o\u00f9 l\u0027ex\u00e9cution sp\u00e9culative avait d\u00e9but\u00e9e.\n\nCependant les effets d\u0027une ex\u00e9cution sp\u00e9culative erron\u00e9e sur le cache\nperdurent. Or, en mesurant des temps d\u0027acc\u00e8s \u00e0 des zones m\u00e9moires, il\nest possible de conna\u00eetre l\u0027\u00e9tat du cache. Par cons\u00e9quent, un attaquant\nsera capable de d\u00e9terminer les r\u00e9sultats interm\u00e9diaires d\u0027une ex\u00e9cution\nsp\u00e9culative erron\u00e9e si ceux-ci influent sur l\u0027\u00e9tat du cache. Cette\nutilisation du cache pour mener \u00e0 bien l\u0027exploitation est commune aux\ntrois variantes de Spectre.\n\n#### Variante 1 (CVE-2017-5753)\n\nLe pr\u00e9dicteur de branches est un composant du processeur utilis\u00e9 pour\n\u00e9mettre des hypoth\u00e8ses concernant l\u0027adresse de la prochaine instruction\n\u00e0 ex\u00e9cuter. En particulier, il est utilis\u00e9 pour pr\u00e9dire l\u0027issue des\nsauts conditionnels. D\u0027autre part, ce composant est partag\u00e9 entre des\ncodes s\u0027ex\u00e9cutant dans des cloisonnements de s\u00e9curit\u00e9 diff\u00e9rents\n(processus, niveaux de privil\u00e8ge).\n\nDans la variante 1 de Spectre, un attaquant influe sur les heuristiques\ndu pr\u00e9dicteur de branches pour fausser la pr\u00e9diction d\u0027un saut\nconditionnel s\u2019ex\u00e9cutant dans un autre cloisonnement de s\u00e9curit\u00e9, ce qui\na pour effet de d\u00e9clencher une ex\u00e9cution sp\u00e9culative erron\u00e9e. Un code\nest vuln\u00e9rable si cette ex\u00e9cution sp\u00e9culative erron\u00e9e modifie le cache\nde fa\u00e7on qui d\u00e9pende d\u0027une valeur secr\u00e8te (c\u0027est \u00e0 dire non directement\naccessible depuis le cloisonnement dans lequel se situe l\u0027attaquant).\n\nExemple de code vuln\u00e9rable fourni dans l\u0027article:\n\n\\[pastacode lang=\"c\"\nmanual=\"if%20(x%20%3C%20array1_size)%0Ay%20%3D%20array2%5Barray1%5Bx%5D%20\\*%20256%5D%3B\"\nmessage=\"\" highlight=\"\" provider=\"manual\"/\\]\n\nUn attaquant ma\u00eetrisant la valeur de x peut obtenir une lecture\narbitraire dans l\u0027espace d\u0027adressage du processus ex\u00e9cutant le code\nci-dessus. Pour cela, l\u0027attaquant commence par soumettre un grand nombre\nde x valides (c\u0027est \u00e0 dire v\u00e9rifiant la condition de la ligne 1) pour\nfaire croire au pr\u00e9dicteur de branches que la condition ligne 1 est\ntoujours vraie. Puis il soumet un x pointant \u00e0 une adresse arbitraire.\nLe pr\u00e9dicteur de branches estime n\u00e9anmoins que la condition est vraie,\nce qui d\u00e9clenche l\u0027ex\u00e9cution sp\u00e9culative de la ligne 2. La valeur\nsecr\u00e8te point\u00e9e par x est r\u00e9cup\u00e9r\u00e9e puis utilis\u00e9e pour former l\u0027adresse\nd\u0027une seconde lecture m\u00e9moire. Cette seconde lecture aura un effet sur\nle cache d\u00e9celable par l\u0027attaquant qui sera alors en mesure de retrouver\nla valeur secr\u00e8te.\n\n#### Variante 2 (CVE-2017-5715)\n\nLe pr\u00e9dicteur de branches est \u00e9galement utilis\u00e9 pour pr\u00e9dire l\u0027issue des\nsauts indirects. Dans la variante 2 de Spectre, un attaquant influe sur\nles heuristiques du pr\u00e9dicteur de branches pour fausser la pr\u00e9diction\nd\u0027un saut indirect s\u2019ex\u00e9cutant dans un autre cloisonnement de s\u00e9curit\u00e9,\nce qui a pour effet de d\u00e9clencher une ex\u00e9cution sp\u00e9culative erron\u00e9e \u00e0\nune adresse arbitraire ma\u00eetris\u00e9e par l\u0027attaquant. En choisissant\ncorrectement le code ex\u00e9cut\u00e9 sp\u00e9culativement, l\u0027attaquant est alors\ncapable d\u0027obtenir une lecture arbitraire dans l\u0027espace d\u0027adressage du\nprocessus victime.\n\n#### Variante 3 (CVE-2018-3639)\n\nLes processeurs \u00e9mettent \u00e9galement des hypoth\u00e8ses concernant l\u0027adresse\nde certains acc\u00e8s m\u00e9moire. Pour b\u00e9n\u00e9ficier de plus de libert\u00e9s dans\nl\u0027ordre d\u0027ex\u00e9cution d\u0027op\u00e9rations de lecture m\u00e9moire, le processeur va\ndevoir pr\u00e9dire si celles-ci chevauchent des op\u00e9rations d\u0027\u00e9criture en\nattente d\u0027ex\u00e9cution. Si une op\u00e9ration de lecture ne chevauche aucune\nop\u00e9ration d\u0027\u00e9criture en attente d\u0027ex\u00e9cution, rien ne s\u0027oppose \u00e0 qu\u0027elle\npuisse \u00eatre ex\u00e9cut\u00e9e de fa\u00e7on anticip\u00e9e.\n\nDans la variante 3 de Spectre, un attaquant influe sur les heuristiques\ndu processeur utilis\u00e9es pour la pr\u00e9diction d\u0027adresses, ce qui a pour\neffet de d\u00e9clencher une ex\u00e9cution sp\u00e9culative erron\u00e9e d\u0027une op\u00e9ration de\nlecture m\u00e9moire et des instructions qui en d\u00e9pendent. Un code est\nvuln\u00e9rable si cette ex\u00e9cution sp\u00e9culative erron\u00e9e manipule une valeur\nsecr\u00e8te et la laisse fuir \u00e0 travers un \u00e9tat observable du cache\n\nMicrosoft (une des parties ayant d\u00e9couvert la vuln\u00e9rabilit\u00e9) \\[43\\]\naffirme ne pas avoir identifi\u00e9 de code vuln\u00e9rable dans leurs produits,\nce qui laisse penser que les codes vuln\u00e9rables sont peu fr\u00e9quents.\n\n### Impact\n\nLes vuln\u00e9rabilit\u00e9s d\u00e9crites dans cette alerte peuvent impacter tous les\nsyst\u00e8mes utilisant un processeur vuln\u00e9rable et donc de fa\u00e7on\nind\u00e9pendante du syst\u00e8me d\u0027exploitation. Selon les chercheurs \u00e0 l\u0027origine\nde la d\u00e9couverte de ces failles, il est ainsi possible d\u0027acc\u00e9der \u00e0\nl\u0027int\u00e9gralit\u00e9 de la m\u00e9moire physique sur des syst\u00e8mes Linux et OSX et \u00e0\nune part importante de la m\u00e9moire sur un syst\u00e8me Windows.\n\nOn notera que l\u0027impact peut \u00eatre plus particuli\u00e8rement important dans\ndes syst\u00e8mes de ressources partag\u00e9s de type conteneur (Docker, LXC) o\u00f9\nil serait possible depuis un environnement restreint d\u0027acc\u00e9der \u00e0 toutes\nles donn\u00e9es pr\u00e9sentes sur la machine physique dans lequel s\u0027ex\u00e9cute le\nconteneur ou encore dans des environnements virtualis\u00e9s utilisant la\npara-virtualisation de type Xen.\n\n### Preuve de concept\n\nLe CERT-FR constate que des preuves de concept fonctionnelles pour\nMeltdown sont d\u00e9sormais publiques. Les r\u00e8gles Yara suivantes servent \u00e0\nd\u00e9tecter les binaires li\u00e9s \u00e0 la biblioth\u00e8que publi\u00e9e par l\u0027Institute of\nApplied Information Processing and Communications (IAIK) :\n\n\\[pastacode lang=\"c\"\nmanual=\"rule%20meltdown_iaik_libkdump_meltdown_nonull%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_nonull%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F\\*%0A%0A.text%3A00000000000018A6%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018A9%0A%0A.text%3A00000000000018A9%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18A9%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B48j%0A%0A.text%3A00000000000018A9%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018AB%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018AF%2074%20F8%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18A9%0A%0A.text%3A00000000000018B1%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A\\*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F8%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%20%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown_fast%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown_fast%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%20%20%20%20%2F\\*%0A%0A.text%3A000000000000184F%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20%20%20rax%2C%20rax%0A%0A.text%3A0000000000001852%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A0000000000001854%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A0000000000001858%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A\\*%2F%0A%0A%24asm%20%3D%20%7B%0A%0A48%2031%20C0%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D%0A%0A%0Arule%20meltdown_iaik_libkdump_meltdown%20%7B%0A%0Ameta%3A%0A%0Aauthor%20%3D%20%22ANSSI%22%0A%0ATLP_level%20%3D%20%22White%22%0A%0Adescription%20%3D%20%22Detects%20Meltdown%20PoC%20libkdump%20meltdown%20method%22%0A%0Aversion%20%3D%20%221.0%22%0A%0Alast_modified%20%3D%20%222018-01-09%22%0A%0Astrings%3A%0A%0A%2F\\*%0A%0A.text%3A00000000000018A8%2048%2031%20C0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20xor%20%20%20%20%20rax%2C%20rax%20%20%20.text%3A00000000000018AB%0A%0A.text%3A00000000000018AB%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20loc_18AB%3A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3B%20CODE%20XREF%3A%20libkdump_read_tsx%2B4Dj%0A%0A.text%3A00000000000018AB%2048%208B%2036%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20rsi%2C%20%5Brsi%5D%0A%0A.text%3A00000000000018AE%208A%2001%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20%20al%2C%20%5Brcx%5D%0A%0A.text%3A00000000000018B0%2048%20C1%20E0%200C%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20shl%20%20%20%20%20%20%20rax%2C%200Ch%0A%0A.text%3A00000000000018B4%2074%20F5%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20jz%20%20%20%20%20%20%20%20short%20loc_18AB%0A%0A.text%3A00000000000018B6%2048%208B%201C%2003%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20mov%20%20%20%20rbx%2C%20%5Brbx%2Brax%5D%0A%0A\\*%2F%0A%0A%24asm%3D%7B%0A%0A48%2031%20C0%0A%0A48%208B%2036%0A%0A8A%2001%0A%0A48%20C1%20E0%200C%0A%0A74%20F5%0A%0A48%208B%201C%2003%0A%0A%7D%0A%0Acondition%3A%0A%0A%24asm%0A%0A%7D\"\nmessage=\"\" highlight=\"\" provider=\"manual\"/\\]\n\n### Campagne de pourriels\n\nLe CERT-FR constate qu\u0027une campagne de pourriels visant \u00e0 distribuer des\nlogiciels malveillants a \u00e9t\u00e9 lanc\u00e9e afin de profiter de la situation\nautour des vuln\u00e9rabilit\u00e9 Spectre et Meltdown \\[32\\]. Des attaquants se\nfaisant passer pour la *\u003cspan lang=\"de\"\u003eBundesamt f\u00fcr Sicherheit in der\nInformationstechnik \u003c/span\u003e*\u003cspan lang=\"de\"\u003e(BSI), l\u0027\u00e9quivalent allemand\nde l\u0027ANSSI, ont envoy\u00e9 des courriers \u00e9lectroniques invitant leurs\ndestinataires \u00e0 se rendre sur une copie du site de la BSI. La diff\u00e9rence\navec le site officiel \u00e9tait une modification de l\u0027alerte concernant les\nvuln\u00e9rabilit\u00e9s: l\u0027utilisateur \u00e9tait invit\u00e9 \u00e0 installer un correctif qui\nse trouvait \u00eatre un logiciel malveillant.\u003c/span\u003e\n\nLe CERT-FR rappelle de faire preuve de la plus grande vigilance quand \u00e0\nl\u0027ouverture des courriers \u00e9lectroniques ainsi que d\u0027installer les\ncorrectifs de s\u00e9curit\u00e9 dans les plus brefs d\u00e9lais, et ce uniquement\ndepuis les sources officielles des \u00e9diteurs.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de fuite d\u0027informations dans des processeurs",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Sites d\u00e9taillant le principe de la vuln\u00e9rabilit\u00e9",
      "url": null
    }
  ]
}

GSD-2018-3640

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-3640

Aliases

CVE-2018-3640

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-3640",
    "description": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
    "id": "GSD-2018-3640",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-3640.html",
      "https://www.debian.org/security/2018/dsa-4273",
      "https://ubuntu.com/security/CVE-2018-3640",
      "https://advisories.mageia.org/CVE-2018-3640.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-3640"
      ],
      "details": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
      "id": "GSD-2018-3640",
      "modified": "2023-12-13T01:22:43.443214Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "DATE_PUBLIC": "2018-05-21T00:00:00",
        "ID": "CVE-2018-3640",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Multiple",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Multiple"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Intel Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
          },
          {
            "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
            "refsource": "CONFIRM",
            "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
          },
          {
            "name": "TA18-141A",
            "refsource": "CERT",
            "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
          },
          {
            "name": "1042004",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "1040949",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040949"
          },
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
          },
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
          },
          {
            "name": "https://www.synology.com/support/security/Synology_SA_18_23",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/support/security/Synology_SA_18_23"
          },
          {
            "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
            "refsource": "CONFIRM",
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "name": "VU#180049",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/180049"
          },
          {
            "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
            "refsource": "CONFIRM",
            "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
          },
          {
            "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
          },
          {
            "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
            "refsource": "CONFIRM",
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "DSA-4273",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4273"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
          },
          {
            "name": "104228",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104228"
          },
          {
            "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
          },
          {
            "name": "USN-3756-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3756-1/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85120:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:pentium_silver:j5005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:pentium:n4100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85115:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86126t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86128:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86136:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86138:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86142m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86144:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:pentium_silver:n5000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85122:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86126:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86126f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86134:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86134m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86142:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86142f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86154:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85120t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86130t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86132:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86140:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86140m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86148f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86150:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86152:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1220_:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3440:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3450:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5520:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5530:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5530:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5540:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e6510:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e6540:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i5:45nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i3:45nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1275_:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l3426:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3430:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5508_:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5518_:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5507:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5520:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:w5590:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:5600:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7:32nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i5:32nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l3403:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l3406:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3480:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:3600:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:l5506:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5504:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5506:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x5570:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:w5580:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_m:45nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7:45nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:pentium:n4200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:pentium:n4000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85118:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:85119t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86130:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86130f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86138f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86138t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86146:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:86148:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:125c_:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3460:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x3470:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5502:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e5503:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x5550:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:x5560:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:e6550:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:7500:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_m:32nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i3:32nm:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2018-3640"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA18-141A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_23",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "name": "VU#180049",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "1040949",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "104228",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104228"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "DSA-4273",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "USN-3756-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.1,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-05-22T12:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-3640 (GCVE-0-2018-3640)

Solution

Solution

Solution

Solution

Vulnérabilité Meltdown

Vulnérabilité Spectre

Variante 1 (CVE-2017-5753)

Variante 2 (CVE-2017-5715)

Variante 3 (CVE-2018-3639)

Impact

Preuve de concept

Campagne de pourriels

Solution

Correctifs disponibles

Apple

Mozilla

Microsoft

SUSE

Red Hat

Ubuntu

VMware

Android

Google

Citrix

Amazon AWS

Debian

Contournement provisoire

Systèmes de virtualisation

Vérifications des correctifs disponibles

Windows

Linux

Tags

Sightings

Nomenclature