Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
http://support.lenovo.com/us/en/solutions/LEN-24163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
http://www.securityfocus.com/bid/105080
http://www.securitytracker.com/id/1041451
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
https://security.netapp.com/advisory/ntap-20180815-0001/
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://support.f5.com/csp/article/K35558453
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
Source: MITRE
Published: 2018-08-14
Updated: 2020-08-24
Type: CWE-203
Base Score: 5.4
Vector: AV:L/AC:M/Au:N/C:C/I:P/A:N
Impact Score: 7.8
Exploitability Score: 3.4
Severity: MEDIUM
Base Score: 6.4
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Impact Score: 4.7
Exploitability Score: 1.1
Severity: MEDIUM