CVE-2018-3615

medium

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

References

https://www.synology.com/support/security/Synology_SA_18_45

https://www.kb.cert.org/vuls/id/982149

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

https://support.f5.com/csp/article/K35558453

https://security.netapp.com/advisory/ntap-20180815-0001/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008

https://foreshadowattack.eu/

http://www.securitytracker.com/id/1041451

http://www.securityfocus.com/bid/105080

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

http://support.lenovo.com/us/en/solutions/LEN-24163

https://www.tenable.com/blog/foreshadow-speculative-execution-attack-targets-intel-sgx

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Details

Source: Mitre, NVD

Published: 2018-08-14

Updated: 2024-11-21

Named Vulnerability: Foreshadow

Risk Information

CVSS v2

Base Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01567