CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

CVSS v3 6.4 MEDIUM
CVSS v2.0 5.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Exploitability : 1.1 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:P/A:N

Exploitability : 3.4 / Impact : 7.8

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://support.lenovo.com/us/en/solutions/LEN-24163	Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	Third Party Advisory
http://www.securityfocus.com/bid/105080	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041451	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/	Technical Description Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0001/	Third Party Advisory
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	Mitigation Vendor Advisory
https://support.f5.com/csp/article/K35558453	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	Vendor Advisory
https://www.kb.cert.org/vuls/id/982149	Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_45	Third Party Advisory
http://support.lenovo.com/us/en/solutions/LEN-24163	Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	Third Party Advisory
http://www.securityfocus.com/bid/105080	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041451	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/	Technical Description Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0001/	Third Party Advisory
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	Mitigation Vendor Advisory
https://support.f5.com/csp/article/K35558453	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	Vendor Advisory
https://www.kb.cert.org/vuls/id/982149	Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_45	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:intel:core_i3:6006u:::::::*
	cpe:2.3:h:intel:core_i3:6098p:::::::*
	cpe:2.3:h:intel:core_i3:6100:::::::*
	cpe:2.3:h:intel:core_i3:6100e:::::::*
	cpe:2.3:h:intel:core_i3:6100h:::::::*
	cpe:2.3:h:intel:core_i3:6100t:::::::*
	cpe:2.3:h:intel:core_i3:6100te:::::::*
	cpe:2.3:h:intel:core_i3:6100u:::::::*
	cpe:2.3:h:intel:core_i3:6102e:::::::*
	cpe:2.3:h:intel:core_i3:6157u:::::::*
	cpe:2.3:h:intel:core_i3:6167u:::::::*
	cpe:2.3:h:intel:core_i3:6300:::::::*
	cpe:2.3:h:intel:core_i3:6300t:::::::*
	cpe:2.3:h:intel:core_i3:6320:::::::*
	cpe:2.3:h:intel:core_i5:650:::::::*
	cpe:2.3:h:intel:core_i5:655k:::::::*
	cpe:2.3:h:intel:core_i5:660:::::::*
	cpe:2.3:h:intel:core_i5:661:::::::*
	cpe:2.3:h:intel:core_i5:670:::::::*
	cpe:2.3:h:intel:core_i5:680:::::::*
	cpe:2.3:h:intel:core_i5:6200u:::::::*
	cpe:2.3:h:intel:core_i5:6260u:::::::*
	cpe:2.3:h:intel:core_i5:6267u:::::::*
	cpe:2.3:h:intel:core_i5:6287u:::::::*
	cpe:2.3:h:intel:core_i5:6300hq:::::::*
	cpe:2.3:h:intel:core_i5:6300u:::::::*
	cpe:2.3:h:intel:core_i5:6350hq:::::::*
	cpe:2.3:h:intel:core_i5:6360u:::::::*
	cpe:2.3:h:intel:core_i5:6400:::::::*
	cpe:2.3:h:intel:core_i5:6400t:::::::*
	cpe:2.3:h:intel:core_i5:6402p:::::::*
	cpe:2.3:h:intel:core_i5:6440eq:::::::*
	cpe:2.3:h:intel:core_i5:6440hq:::::::*
	cpe:2.3:h:intel:core_i5:6442eq:::::::*
	cpe:2.3:h:intel:core_i5:6500:::::::*
	cpe:2.3:h:intel:core_i5:6500t:::::::*
	cpe:2.3:h:intel:core_i5:6500te:::::::*
	cpe:2.3:h:intel:core_i5:6585r:::::::*
	cpe:2.3:h:intel:core_i5:6600:::::::*
	cpe:2.3:h:intel:core_i5:6600k:::::::*
	cpe:2.3:h:intel:core_i5:6600t:::::::*
	cpe:2.3:h:intel:core_i5:6685r:::::::*
	cpe:2.3:h:intel:core_i7:610e:::::::*
	cpe:2.3:h:intel:core_i7:620le:::::::*
	cpe:2.3:h:intel:core_i7:620lm:::::::*
	cpe:2.3:h:intel:core_i7:620m:::::::*
	cpe:2.3:h:intel:core_i7:620ue:::::::*
	cpe:2.3:h:intel:core_i7:620um:::::::*
	cpe:2.3:h:intel:core_i7:640lm:::::::*
	cpe:2.3:h:intel:core_i7:640m:::::::*
	cpe:2.3:h:intel:core_i7:640um:::::::*
	cpe:2.3:h:intel:core_i7:660lm:::::::*
	cpe:2.3:h:intel:core_i7:660ue:::::::*
	cpe:2.3:h:intel:core_i7:660um:::::::*
	cpe:2.3:h:intel:core_i7:680um:::::::*

Configuration 2 (hide)

OR	cpe:2.3:h:intel:core_i5:750:::::::*
	cpe:2.3:h:intel:core_i5:750s:::::::*
	cpe:2.3:h:intel:core_i5:760:::::::*
	cpe:2.3:h:intel:core_i7:7y75:::::::*
	cpe:2.3:h:intel:core_i7:720qm:::::::*
	cpe:2.3:h:intel:core_i7:740qm:::::::*
	cpe:2.3:h:intel:core_i7:7500u:::::::*
	cpe:2.3:h:intel:core_i7:7560u:::::::*
	cpe:2.3:h:intel:core_i7:7567u:::::::*
	cpe:2.3:h:intel:core_i7:7600u:::::::*
	cpe:2.3:h:intel:core_i7:7660u:::::::*
	cpe:2.3:h:intel:core_i7:7700:::::::*
	cpe:2.3:h:intel:core_i7:7700hq:::::::*
	cpe:2.3:h:intel:core_i7:7700k:::::::*
	cpe:2.3:h:intel:core_i7:7700t:::::::*
	cpe:2.3:h:intel:core_i7:7820eq:::::::*
	cpe:2.3:h:intel:core_i7:7820hk:::::::*
	cpe:2.3:h:intel:core_i7:7820hq:::::::*
	cpe:2.3:h:intel:core_i7:7920hq:::::::*

Configuration 3 (hide)

OR	cpe:2.3:h:intel:core_i3:8100:::::::*
	cpe:2.3:h:intel:core_i3:8350k:::::::*
	cpe:2.3:h:intel:core_i5:8250u:::::::*
	cpe:2.3:h:intel:core_i5:8350u:::::::*
	cpe:2.3:h:intel:core_i5:8400:::::::*
	cpe:2.3:h:intel:core_i5:8600k:::::::*
	cpe:2.3:h:intel:core_i7:820qm:::::::*
	cpe:2.3:h:intel:core_i7:840qm:::::::*
	cpe:2.3:h:intel:core_i7:860:::::::*
	cpe:2.3:h:intel:core_i7:860s:::::::*
	cpe:2.3:h:intel:core_i7:870:::::::*
	cpe:2.3:h:intel:core_i7:870s:::::::*
	cpe:2.3:h:intel:core_i7:875k:::::::*
	cpe:2.3:h:intel:core_i7:880:::::::*
	cpe:2.3:h:intel:core_i7:8550u:::::::*
	cpe:2.3:h:intel:core_i7:8650u:::::::*
	cpe:2.3:h:intel:core_i7:8700:::::::*
	cpe:2.3:h:intel:core_i7:8700k:::::::*

Configuration 4 (hide)

OR	cpe:2.3:h:intel:xeon_e3:1515m_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1535m_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1545m_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1558l_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1565l_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1575m_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1578l_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1585_v5:::::::*
	cpe:2.3:h:intel:xeon_e3:1585l_v5:::::::*
	cpe:2.3:h:intel:xeon_e3_1220_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1225_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1230_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1235l_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1240_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1240l_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1245_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1260l_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1268l_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1270_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1275_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1280_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1505l_v5:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1505m_v5:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:h:intel:xeon_e3:1505m_v6:::::::*
	cpe:2.3:h:intel:xeon_e3:1535m_v6:::::::*
	cpe:2.3:h:intel:xeon_e3_1220_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1225_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1230_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1240_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1245_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1270_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1275_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1280_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1285_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1501l_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1501m_v6:-:::::::*
	cpe:2.3:h:intel:xeon_e3_1505l_v6:-:::::::*

History

21 Nov 2024, 04:05

Information

Published : 2018-08-14 19:29

Updated : 2024-11-21 04:05

NVD link : CVE-2018-3615

Mitre link : CVE-2018-3615

CVE.ORG link : CVE-2018-3615

JSON object : View

Products Affected

intel

xeon_e3_1225_v6
xeon_e3_1240_v6
xeon_e3_1501l_v6
xeon_e3_1280_v5
core_i3
xeon_e3_1220_v5
xeon_e3_1285_v6
xeon_e3_1260l_v5
xeon_e3_1220_v6
core_i7
xeon_e3_1270_v6
xeon_e3_1275_v6
xeon_e3_1240l_v5
xeon_e3_1240_v5
xeon_e3_1275_v5
xeon_e3_1270_v5
xeon_e3_1245_v6
xeon_e3_1268l_v5
xeon_e3_1230_v6
xeon_e3_1505l_v5
xeon_e3
xeon_e3_1230_v5
xeon_e3_1245_v5
xeon_e3_1501m_v6
xeon_e3_1505l_v6
core_i5
xeon_e3_1505m_v5
xeon_e3_1280_v6
xeon_e3_1235l_v5
xeon_e3_1225_v5

CWE

CWE-203

Observable Discrepancy

6.4 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.4 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-3615

6.4^/10

5.4^/10

Attach tags to `CVE-2018-3615`