CVE-2018-3615

medium

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

References

http://support.lenovo.com/us/en/solutions/LEN-24163

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

http://www.securityfocus.com/bid/105080

http://www.securitytracker.com/id/1041451

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://foreshadowattack.eu/

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008

https://security.netapp.com/advisory/ntap-20180815-0001/

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

https://support.f5.com/csp/article/K35558453

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://www.kb.cert.org/vuls/id/982149

https://www.synology.com/support/security/Synology_SA_18_45

Details

Source: MITRE

Published: 2018-08-14

Updated: 2020-08-24

Type: CWE-203

Risk Information

CVSS v2

Base Score: 5.4

Vector: AV:L/AC:M/Au:N/C:C/I:P/A:N

Impact Score: 7.8

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 6.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Impact Score: 4.7

Exploitability Score: 1.1

Severity: MEDIUM