CVE-2018-3615
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Summary
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Intel Corporation | Multiple | Multiple | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://www.kb.cert.org/vuls/id/982149
- http://www.securitytracker.com/id/1041451
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- http://www.securityfocus.com/bid/105080
- https://foreshadowattack.eu/
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- https://support.f5.com/csp/article/K35558453
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://www.synology.com/support/security/Synology_SA_18_45
- https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.kb.cert.org/vuls/id/982149
- http://www.securitytracker.com/id/1041451
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- http://www.securityfocus.com/bid/105080
- https://foreshadowattack.eu/
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- https://support.f5.com/csp/article/K35558453
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://www.synology.com/support/security/Synology_SA_18_45
- https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.