Vulnerability CVE-2018-3665


Published: 2018-06-21   Modified: 2018-06-22

Description:
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Lazy FPU Context Switching Information Leak
Anthony Liguori
16.06.2018

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux workstation 
Intel -> Core i3 
Intel -> Core i5 
Intel -> Core i7 
Intel -> Core m 
Intel -> Core m3 
Intel -> Core m5 
Intel -> Core m7 
Freebsd -> Freebsd 
Debian -> Debian linux 
Citrix -> Xenserver 
Canonical -> Ubuntu linux 
ARM -> Cortex-a 

 References:
http://www.securityfocus.com/bid/104460
http://www.securitytracker.com/id/1041124
http://www.securitytracker.com/id/1041125
https://access.redhat.com/errata/RHSA-2018:1852
https://access.redhat.com/errata/RHSA-2018:1944
https://access.redhat.com/errata/RHSA-2018:2164
https://access.redhat.com/errata/RHSA-2018:2165
https://access.redhat.com/errata/RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1190
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://nvidia.custhelp.com/app/answers/detail/a_id/4787
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc
https://security.netapp.com/advisory/ntap-20181016-0001/
https://support.citrix.com/article/CTX235745
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
https://usn.ubuntu.com/3698-1/
https://usn.ubuntu.com/3698-2/
https://www.debian.org/security/2018/dsa-4232
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
https://www.synology.com/support/security/Synology_SA_18_31

Copyright 2022, cxsecurity.com

 

Back to Top