CVE-2018-3615

medium

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

References

https://www.tenable.com/blog/foreshadow-speculative-execution-attack-targets-intel-sgx

https://www.synology.com/support/security/Synology_SA_18_45

https://www.kb.cert.org/vuls/id/982149

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

https://support.f5.com/csp/article/K35558453

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

https://security.netapp.com/advisory/ntap-20180815-0001/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://foreshadowattack.eu/

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

http://www.securitytracker.com/id/1041451

http://www.securityfocus.com/bid/105080

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

http://support.lenovo.com/us/en/solutions/LEN-24163

Details

Source: Mitre, NVD

Published: 2018-08-14

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Severity: Medium