CVE-2018-3646

MEDIUM

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

ID	Name	Product	Family	Severity
140019	OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
132101	Windows Speculative Execution Configuration Check	Nessus	Windows	medium
127283	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0076)	Nessus	NewStart CGSL Local Security Checks	high
127272	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)	Nessus	NewStart CGSL Local Security Checks	critical
125480	F5 Networks BIG-IP : Virtual Machine Manager L1 Terminal Fault vulnerability (K31300402) (Foreshadow)	Nessus	F5 Networks Local Security Checks	medium
124836	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1515)	Nessus	Huawei Local Security Checks	critical
700518	macOS < 10.14 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
123443	openSUSE Security Update : ucode-intel (openSUSE-2019-622) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
123273	openSUSE Security Update : xen (openSUSE-2019-631) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
123269	openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
123167	openSUSE Security Update : xen (openSUSE-2019-1046) (Foreshadow)	Nessus	SuSE Local Security Checks	high
122975	Security Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (March 2019) (Spectre) (Meltdown) (Foreshadow)	Nessus	Windows : Microsoft Bulletins	medium
122974	Security Updates for Windows 10 / Windows Server 2019 (February 2019) (Spectre) (Meltdown) (Foreshadow)	Nessus	Windows : Microsoft Bulletins	medium
121223	Oracle Solaris Critical Patch Update : jan2019_SRU11_4_3_5_0 (Foreshadow) (Spectre)	Nessus	Solaris Local Security Checks	medium
120927	Fedora 28 : kernel / kernel-headers (2018-f8cba144ae) (Foreshadow)	Nessus	Fedora Local Security Checks	medium
120490	Fedora 28 : xen (2018-683dfde81a) (Foreshadow)	Nessus	Fedora Local Security Checks	medium
120196	SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:4300-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
120083	SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:2409-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
120082	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2380-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
120080	SUSE SLED15 / SLES15 Security Update : Security update to ucode-intel (SUSE-SU-2018:2338-1) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
119951	openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)	Nessus	SuSE Local Security Checks	high
119887	pfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08)	Nessus	Firewalls	high
119277	OracleVM 3.4 : xen (OVMSA-2018-0282) (Foreshadow) (Spectre)	Nessus	OracleVM Local Security Checks	medium
118963	OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre)	Nessus	OracleVM Local Security Checks	high
118962	OracleVM 3.3 : xen (OVMSA-2018-0271) (Foreshadow) (Spectre)	Nessus	OracleVM Local Security Checks	high
118575	macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)	Nessus	MacOS X Local Security Checks	critical
118573	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)	Nessus	MacOS X Local Security Checks	critical
118563	openSUSE Security Update : xen (openSUSE-2018-1331) (Foreshadow)	Nessus	SuSE Local Security Checks	high
118506	GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)	Nessus	Gentoo Local Security Checks	high
118491	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:3490-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
118438	EulerOS Virtualization 2.5.0 : kvm (EulerOS-SA-2018-1350)	Nessus	Huawei Local Security Checks	medium
118433	EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1345)	Nessus	Huawei Local Security Checks	high
118411	EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1323)	Nessus	Huawei Local Security Checks	medium
118284	SUSE SLES12 Security Update : xen (SUSE-SU-2018:2410-2) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
118283	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-2) (Foreshadow)	Nessus	SuSE Local Security Checks	high
118281	SUSE SLES12 Security Update : Security update to ucode-intel (SUSE-SU-2018:2331-2) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
118178	macOS < 10.14 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
118053	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4242) (Foreshadow)	Nessus	Oracle Linux Local Security Checks	high
117502	Debian DLA-1506-1 : intel-microcode security update (Foreshadow) (Spectre)	Nessus	Debian Local Security Checks	medium
117378	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4210) (Foreshadow)	Nessus	Oracle Linux Local Security Checks	high
117377	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0254) (Foreshadow)	Nessus	OracleVM Local Security Checks	high
112238	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1279)	Nessus	Huawei Local Security Checks	high
112237	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1278)	Nessus	Huawei Local Security Checks	high
112234	Fedora 27 : xen (2018-915602df63) (Foreshadow)	Nessus	Fedora Local Security Checks	medium
112206	Virtuozzo 7 : OVMF / crit / criu / criu-devel / ksm-vz / etc (VZA-2018-063)	Nessus	Virtuozzo Local Security Checks	high
112168	Debian DLA-1481-1 : linux-4.9 security update (Foreshadow)	Nessus	Debian Local Security Checks	medium
112159	Xen Project Speculative Execution Side Channel Vulnerability (XSA-273) (Foreshadow)	Nessus	Misc.	medium
112151	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Intel Microcode vulnerabilities (USN-3756-1) (Foreshadow) (Spectre)	Nessus	Ubuntu Local Security Checks	medium
112147	SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
112116	Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)	Nessus	Windows : Microsoft Bulletins	medium
112106	SUSE SLES12 Security Update : xen (SUSE-SU-2018:2483-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
112082	SUSE SLES11 Security Update : xen (SUSE-SU-2018:2482-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
112080	SUSE SLES12 Security Update : xen (SUSE-SU-2018:2480-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
112069	FreeBSD : FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure (2310b814-a652-11e8-805b-a4badb2f4699) (Foreshadow)	Nessus	FreeBSD Local Security Checks	medium
112031	openSUSE Security Update : ucode-intel (openSUSE-2018-887) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
112028	RHEL 6 / 7 : Virtualization (RHSA-2018:2404) (Foreshadow)	Nessus	Red Hat Local Security Checks	medium
112027	RHEL 7 : Virtualization (RHSA-2018:2403) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
112026	RHEL 7 : Virtualization (RHSA-2018:2402) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
112024	OracleVM 3.4 : xen (OVMSA-2018-0251) (Foreshadow)	Nessus	OracleVM Local Security Checks	medium
112018	Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-055)	Nessus	Virtuozzo Local Security Checks	high
112017	Ubuntu 14.04 LTS : Linux kernel regressions (USN-3741-3) (Foreshadow)	Nessus	Ubuntu Local Security Checks	high
112016	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2416-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
112013	SUSE SLES12 Security Update : xen (SUSE-SU-2018:2410-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
112010	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:2401-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
112009	openSUSE Security Update : xen (openSUSE-2018-911) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
112008	openSUSE Security Update : xen (openSUSE-2018-910) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111997	openSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111992	OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
111988	Debian DSA-4279-1 : linux - security update (Foreshadow)	Nessus	Debian Local Security Checks	medium
111842	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2391-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111841	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2389-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111839	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2387-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111838	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2384-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111837	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2374-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111836	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2369-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111835	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2368-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111834	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2367-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111833	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2366-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111832	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2364-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111831	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2363-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111830	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2362-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111829	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2359-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111828	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2358-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111827	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2356-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111826	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2355-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111825	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2354-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111824	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2353-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111823	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2352-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111822	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2351-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111821	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2350-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111820	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2349-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111819	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2348-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111818	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2347-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111817	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2346-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111816	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2345-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111815	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111814	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2342-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111813	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2341-1) (Foreshadow)	Nessus	SuSE Local Security Checks	medium
111812	openSUSE Security Update : the Linux Kernel (openSUSE-2018-886) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111797	Debian DSA-4274-1 : xen - security update (Foreshadow)	Nessus	Debian Local Security Checks	medium
111789	Citrix XenServer Multiple Vulnerabilities (Foreshadow) (CTX236548)	Nessus	Misc.	critical
111783	SUSE SLES11 Security Update : Security update to ucode-intel (SUSE-SU-2018:2335-1) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
111782	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2332-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111781	SUSE SLED12 / SLES12 Security Update : Security update to ucode-intel (SUSE-SU-2018:2331-1) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
111778	Scientific Linux Security Update : kernel on SL7.x x86_64 (20180814) (Foreshadow)	Nessus	Scientific Linux Local Security Checks	high
111777	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180814) (Foreshadow)	Nessus	Scientific Linux Local Security Checks	high
111775	RHEL 6 : MRG (RHSA-2018:2396) (Foreshadow) (Spectre)	Nessus	Red Hat Local Security Checks	medium
111773	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0247) (Foreshadow)	Nessus	OracleVM Local Security Checks	medium
111772	OracleVM 3.4 : xen (OVMSA-2018-0246) (Foreshadow)	Nessus	OracleVM Local Security Checks	medium
111767	Fedora 27 : kernel / kernel-headers (2018-1c80fea1cd) (Foreshadow)	Nessus	Fedora Local Security Checks	medium
111761	VMware Workstation 14.x < 14.1.3 Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020)	Nessus	Windows	medium
111760	VMware vCenter Server 5.5.x / 6.0.x / 6.5.x / 6.7.x Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020)	Nessus	Misc.	medium
111759	ESXi 5.5 / 6.0 / 6.5 / 6.7 Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020) (remote check)	Nessus	Misc.	medium
111758	VMware Fusion 10.x < 10.1.3 Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020) (macOS)	Nessus	MacOS X Local Security Checks	medium
111757	VMware Workstation 14.x < 14.1.3 Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020) (Linux)	Nessus	General	medium
111753	Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3742-1) (Foreshadow)	Nessus	Ubuntu Local Security Checks	high
111752	Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3741-2) (Foreshadow)	Nessus	Ubuntu Local Security Checks	high
111751	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3741-1) (Foreshadow)	Nessus	Ubuntu Local Security Checks	high
111750	Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3740-2) (Foreshadow)	Nessus	Ubuntu Local Security Checks	high
111749	Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3740-1) (Foreshadow)	Nessus	Ubuntu Local Security Checks	high
111746	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2328-1) (Foreshadow)	Nessus	SuSE Local Security Checks	high
111736	RHEL 7 : kernel-rt (RHSA-2018:2395) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
111735	RHEL 6 : kernel (RHSA-2018:2394) (Foreshadow) (Spectre)	Nessus	Red Hat Local Security Checks	high
111734	RHEL 6 : kernel (RHSA-2018:2393) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
111733	RHEL 6 : kernel (RHSA-2018:2392) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
111732	RHEL 6 : kernel (RHSA-2018:2391) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
111731	RHEL 6 : kernel (RHSA-2018:2390) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
111730	RHEL 7 : kernel (RHSA-2018:2389) (Foreshadow)	Nessus	Red Hat Local Security Checks	medium
111729	RHEL 7 : kernel (RHSA-2018:2388) (Foreshadow)	Nessus	Red Hat Local Security Checks	medium
111728	RHEL 7 : kernel (RHSA-2018:2387) (Foreshadow) (Spectre)	Nessus	Red Hat Local Security Checks	medium
111727	RHEL 7 : kernel (RHSA-2018:2384) (Foreshadow)	Nessus	Red Hat Local Security Checks	high
111726	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4196) (Foreshadow)	Nessus	Oracle Linux Local Security Checks	medium
111725	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4195) (Foreshadow)	Nessus	Oracle Linux Local Security Checks	high
111724	Oracle Linux 6 : kernel (ELSA-2018-2390) (Foreshadow)	Nessus	Oracle Linux Local Security Checks	high
111723	Oracle Linux 7 : kernel (ELSA-2018-2384) (Foreshadow)	Nessus	Oracle Linux Local Security Checks	high
111704	CentOS 6 : kernel (CESA-2018:2390) (Foreshadow)	Nessus	CentOS Local Security Checks	high
111703	CentOS 7 : kernel (CESA-2018:2384) (Foreshadow)	Nessus	CentOS Local Security Checks	high
111702	Amazon Linux AMI : kernel (ALAS-2018-1058) (Foreshadow)	Nessus	Amazon Linux Local Security Checks	high
111701	Amazon Linux 2 : kernel (ALAS-2018-1058) (Foreshadow)	Nessus	Amazon Linux Local Security Checks	high
111700	Security Updates for Windows Server 2008 (August 2018) (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111692	KB4343909: Windows 10 Version 1803 and Windows Server Version 1803 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111690	KB4343896: Windows Server 2012 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111689	KB4343899: Windows 7 and Windows Server 2008 R2 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111688	KB4343888: Windows 8.1 and Windows Server 2012 R2 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111687	KB4343897: Windows 10 Version 1709 And Windows Server Version 1709 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111686	KB4343892: Windows 10 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111685	KB4343887: Windows 10 Version 1607 and Windows Server 2016 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high
111684	KB4343885: Windows 10 Version 1703 August 2018 Security Update (Foreshadow)	Nessus	Windows : Microsoft Bulletins	high

CVE-2018-3646

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Tenable Plugins

critical

medium

high

critical

medium

critical

critical

medium

medium

medium

high

medium

medium

medium

medium

medium

high

medium

medium

medium

high

high

medium

high

high

critical

critical

high

high

high

medium

high

medium

medium

high

medium

critical

high

medium

high

high

high

high

medium

high

medium

medium

medium

high

medium

medium

medium

medium

medium

medium

medium

high

high

medium

high

high

medium