CVE-2018-3615

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

References

http://support.lenovo.com/us/en/solutions/LEN-24163

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

http://www.securityfocus.com/bid/105080

http://www.securitytracker.com/id/1041451

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://foreshadowattack.eu/

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008

https://security.netapp.com/advisory/ntap-20180815-0001/

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

https://support.f5.com/csp/article/K35558453

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://www.kb.cert.org/vuls/id/982149

https://www.synology.com/support/security/Synology_SA_18_45

Details

Source: MITRE

Published: 2018-08-14

Updated: 2020-08-24

Type: CWE-203

Risk Information

CVSS v2

Base Score: 5.4

Vector: AV:L/AC:M/Au:N/C:C/I:P/A:N

Impact Score: 7.8

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 6.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Impact Score: 4.7

Exploitability Score: 1.1

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
132101Windows Speculative Execution Configuration CheckNessusWindows
medium
117502Debian DLA-1506-1 : intel-microcode security update (Foreshadow) (Spectre)NessusDebian Local Security Checks
medium
112180Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-240-01) (Foreshadow)NessusSlackware Local Security Checks
medium
112116Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)NessusWindows : Microsoft Bulletins
medium
111702Amazon Linux AMI : kernel (ALAS-2018-1058) (Foreshadow)NessusAmazon Linux Local Security Checks
high
111701Amazon Linux 2 : kernel (ALAS-2018-1058) (Foreshadow)NessusAmazon Linux Local Security Checks
high
111700Security Updates for Windows Server 2008 (August 2018) (Foreshadow)NessusWindows : Microsoft Bulletins
high
111692KB4343909: Windows 10 Version 1803 and Windows Server Version 1803 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high
111690KB4343896: Windows Server 2012 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high
111689KB4343899: Windows 7 and Windows Server 2008 R2 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high
111688KB4343888: Windows 8.1 and Windows Server 2012 R2 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high
111687KB4343897: Windows 10 Version 1709 And Windows Server Version 1709 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high
111686KB4343892: Windows 10 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high
111685KB4343887: Windows 10 Version 1607 and Windows Server 2016 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high
111684KB4343885: Windows 10 Version 1703 August 2018 Security Update (Foreshadow)NessusWindows : Microsoft Bulletins
high