CVE-2018-3693

Name: CVE-2018-3693
Creator: NVD / NIST
Published: 2018-07-10T21:29:01.34+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.6/10EPSS 8.42%

Last modified Jun 17, 2026

CVE-2018-3693 is a medium-severity vulnerability rated 5.6/10 on the CVSS scale. Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.. EPSS estimates a 8.42% chance of exploitation in the next 30 days.

Description

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

Metrics

CVSS 3.1

5.6/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

8.42%

94.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Intel	Atom C	c2308
Intel	Atom C	c2316
Intel	Atom C	c2338
Intel	Atom C	c2350
Intel	Atom C	c2358
Intel	Atom C	c2508
Intel	Atom C	c2516
Intel	Atom C	c2518
Intel	Atom C	c2530
Intel	Atom C	c2538
Intel	Atom C	c2550
Intel	Atom C	c2558
Intel	Atom C	c2718
Intel	Atom C	c2730
Intel	Atom C	c2738
Intel	Atom C	c2750
Intel	Atom C	c2758
Intel	Atom C	c3308
Intel	Atom C	c3338
Intel	Atom C	c3508
Intel	Atom C	c3538
Intel	Atom C	c3558
Intel	Atom C	c3708
Intel	Atom C	c3750
Intel	Atom C	c3758
Intel	Atom C	c3808
Intel	Atom C	c3830
Intel	Atom C	c3850
Intel	Atom C	c3858
Intel	Atom C	c3950
Intel	Atom C	c3955
Intel	Atom C	c3958
Intel	Atom E	e3805
Intel	Atom E	e3815
Intel	Atom E	e3825
Intel	Atom E	e3826
Intel	Atom E	e3827
Intel	Atom E	e3845
Intel	Atom X3	c3130
Intel	Atom X3	c3200rk
Intel	Atom X3	c3205rk
Intel	Atom X3	c3230rk
Intel	Atom X3	c3235rk
Intel	Atom X3	c3265rk
Intel	Atom X3	c3295rk
Intel	Atom X3	c3405
Intel	Atom X3	c3445
Intel	Atom Z	z2420
Intel	Atom Z	z2460
Intel	Atom Z	z2480

Showing 50 of 1092 affected configurations. See NVD for the full list.

References

https://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2390Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2395Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1946Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0174Third Party Advisory
https://cdrdv2.intel.com/v1/dl/getContent/685359Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
https://security.netapp.com/advisory/ntap-20180823-0001/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2390Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2395Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1946Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0174Third Party Advisory
https://cdrdv2.intel.com/v1/dl/getContent/685359Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
https://security.netapp.com/advisory/ntap-20180823-0001/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory

Timeline

Published: Jul 10, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-3693?

How severe is CVE-2018-3693?

CVE-2018-3693 has a CVSS score of 5.6/10 (MEDIUM severity). The EPSS model estimates a 8.42% probability of exploitation in the next 30 days.

How do I fix CVE-2018-3693?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-3693?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST