CVE-2018-3646

medium

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

References

https://www.synology.com/support/security/Synology_SA_18_45

https://www.debian.org/security/2018/dsa-4279

https://www.debian.org/security/2018/dsa-4274

https://usn.ubuntu.com/3823-1/

https://usn.ubuntu.com/3756-1/

https://usn.ubuntu.com/3742-2/

https://usn.ubuntu.com/3742-1/

https://usn.ubuntu.com/3741-2/

https://usn.ubuntu.com/3741-1/

https://usn.ubuntu.com/3740-2/

https://usn.ubuntu.com/3740-1/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

https://support.f5.com/csp/article/K31300402

https://security.netapp.com/advisory/ntap-20180815-0001/

https://security.gentoo.org/glsa/201810-06

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/

https://foreshadowattack.eu/

https://access.redhat.com/errata/RHSA-2018:2603

https://access.redhat.com/errata/RHSA-2018:2602

https://access.redhat.com/errata/RHSA-2018:2404

https://access.redhat.com/errata/RHSA-2018:2403

https://access.redhat.com/errata/RHSA-2018:2402

https://access.redhat.com/errata/RHSA-2018:2396

https://access.redhat.com/errata/RHSA-2018:2395

https://access.redhat.com/errata/RHSA-2018:2394

https://access.redhat.com/errata/RHSA-2018:2393

https://access.redhat.com/errata/RHSA-2018:2392

https://access.redhat.com/errata/RHSA-2018:2391

https://access.redhat.com/errata/RHSA-2018:2390

https://access.redhat.com/errata/RHSA-2018:2389

https://access.redhat.com/errata/RHSA-2018:2388

https://access.redhat.com/errata/RHSA-2018:2387

https://access.redhat.com/errata/RHSA-2018:2384

http://xenbits.xen.org/xsa/advisory-273.html

http://www.vmware.com/security/advisories/VMSA-2018-0020.html

http://www.securitytracker.com/id/1041451

http://www.securityfocus.com/bid/105080

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

http://support.lenovo.com/us/en/solutions/LEN-24163

https://www.tenable.com/blog/foreshadow-speculative-execution-attack-targets-intel-sgx

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.kb.cert.org/vuls/id/982149

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

http://www.securitytracker.com/id/1042004

Details

Source: Mitre, NVD

Published: 2018-08-14

Updated: 2024-11-21

Named Vulnerability: Foreshadow-NG

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.06362