CVE-2018-3646

medium

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

References

https://access.redhat.com/errata/RHSA-2018:2384

https://access.redhat.com/errata/RHSA-2018:2387

https://access.redhat.com/errata/RHSA-2018:2388

https://access.redhat.com/errata/RHSA-2018:2389

https://access.redhat.com/errata/RHSA-2018:2390

https://access.redhat.com/errata/RHSA-2018:2391

https://access.redhat.com/errata/RHSA-2018:2392

https://access.redhat.com/errata/RHSA-2018:2393

https://access.redhat.com/errata/RHSA-2018:2394

https://access.redhat.com/errata/RHSA-2018:2395

https://access.redhat.com/errata/RHSA-2018:2396

https://access.redhat.com/errata/RHSA-2018:2402

https://access.redhat.com/errata/RHSA-2018:2403

https://access.redhat.com/errata/RHSA-2018:2404

https://access.redhat.com/errata/RHSA-2018:2602

https://access.redhat.com/errata/RHSA-2018:2603

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc

https://security.gentoo.org/glsa/201810-06

https://security.netapp.com/advisory/ntap-20180815-0001/

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

https://support.f5.com/csp/article/K31300402

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

https://usn.ubuntu.com/3740-1/

https://usn.ubuntu.com/3740-2/

https://usn.ubuntu.com/3741-1/

https://usn.ubuntu.com/3741-2/

https://usn.ubuntu.com/3742-1/

https://usn.ubuntu.com/3742-2/

https://usn.ubuntu.com/3756-1/

https://usn.ubuntu.com/3823-1/

https://www.debian.org/security/2018/dsa-4274

https://www.debian.org/security/2018/dsa-4279

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://www.kb.cert.org/vuls/id/982149

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

http://www.securitytracker.com/id/1041451

http://www.securitytracker.com/id/1042004

http://www.vmware.com/security/advisories/VMSA-2018-0020.html

http://xenbits.xen.org/xsa/advisory-273.html

Details

Source: Mitre, NVD

Published: 2018-08-14

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: Medium