Vulnerability CVE-2018-3646


Published: 2018-08-14

Description:
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Intel -> Core i3 
Intel -> Core i5 
Intel -> Core i7 
Intel -> Core m 
Intel -> Core m3 
Intel -> Core m5 
Intel -> Core m7 
Intel -> XEON 

 References:
http://support.lenovo.com/us/en/solutions/LEN-24163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
http://www.securityfocus.com/bid/105080
http://www.securitytracker.com/id/1041451
http://www.securitytracker.com/id/1042004
http://www.vmware.com/security/advisories/VMSA-2018-0020.html
http://xenbits.xen.org/xsa/advisory-273.html
https://access.redhat.com/errata/RHSA-2018:2384
https://access.redhat.com/errata/RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2388
https://access.redhat.com/errata/RHSA-2018:2389
https://access.redhat.com/errata/RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2392
https://access.redhat.com/errata/RHSA-2018:2393
https://access.redhat.com/errata/RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2396
https://access.redhat.com/errata/RHSA-2018:2402
https://access.redhat.com/errata/RHSA-2018:2403
https://access.redhat.com/errata/RHSA-2018:2404
https://access.redhat.com/errata/RHSA-2018:2602
https://access.redhat.com/errata/RHSA-2018:2603
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://foreshadowattack.eu/
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://security.gentoo.org/glsa/201810-06
https://security.netapp.com/advisory/ntap-20180815-0001/
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://support.f5.com/csp/article/K31300402
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3756-1/
https://usn.ubuntu.com/3823-1/
https://www.debian.org/security/2018/dsa-4274
https://www.debian.org/security/2018/dsa-4279
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://www.kb.cert.org/vuls/id/982149
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.synology.com/support/security/Synology_SA_18_45

Copyright 2024, cxsecurity.com

 

Back to Top