Corporate Security Blog

Processor vulnerabilities CVE-2018-3640 (“Spectre v3a”) and CVE-2018-3639 (“Spectre v4”)

Eric Maurice
Director of Security Assurance

The Oracle security and development teams are aware of vulnerability CVE-2018-3640 (a.k.a. “Spectre v3a”) and CVE-2018-3639 (a.k.a. “Spectre v4”). 

Oracle is actively engaged with Intel and other industry partners to develop technical mitigations against these processor vulnerabilities.  Such mitigations will require both software and microcode updates. 

 As with previous versions of the Spectre and Meltdown vulnerabilities (see MOS Note ID 2347948.1), Oracle will publish a list of affected products along with other technical information on My Oracle Support (MOS Note ID 2399123.1).  In addition, the Oracle Cloud teams will be working to identify and apply necessary updates if warranted, as they become available from Oracle and third-party suppliers, in accordance with applicable change management processes.