Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-3620

Опубликовано: 14 авг. 2018
Источник: debian
EPSS Низкий

Описание

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
linuxfixed4.17.15-1package
xenfixed4.11.1~pre.20180911.5acdd26fdc+dfsg-2package
xenignoredjessiepackage
intel-microcodefixed3.20180703.1package

Примечания

  • Updates were already shipped with 20180703 release, but only disclosed later, see #906158

  • https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

  • https://foreshadowattack.eu/

  • https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d

  • https://xenbits.xen.org/xsa/advisory-273.html

  • The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted

  • most server type CPUs, additional models were supported in the 3.20180807a.1 release

EPSS

Процентиль: 86%
0.03023
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-3620

CVSS3: 5.6
ubuntu
почти 7 лет назад

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

redhat логотип

CVE-2018-3620

CVSS3: 5.6
redhat
почти 7 лет назад

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

nvd логотип

CVE-2018-3620

CVSS3: 5.6
nvd
почти 7 лет назад

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

github логотип

GHSA-h9mf-j5vf-pc99

CVSS3: 5.6
github
около 3 лет назад

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

oracle-oval логотип

ELSA-2018-4215

oracle-oval
почти 7 лет назад

ELSA-2018-4215: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 86%
0.03023
Низкий