CVE-2018-3615

Опубликовано: 14 авг. 2018

Источник: nvd

CVSS3: 6.4

CVSS2: 5.4

EPSS Низкий

Описание

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

Ссылки

http://support.lenovo.com/us/en/solutions/LEN-24163
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
Third Party Advisory
http://www.securityfocus.com/bid/105080
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041451
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/
Technical Description
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0001/
Third Party Advisory
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
Mitigation
Vendor Advisory
https://support.f5.com/csp/article/K35558453
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
Vendor Advisory
https://www.kb.cert.org/vuls/id/982149
Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_45
Third Party Advisory
http://support.lenovo.com/us/en/solutions/LEN-24163
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
Third Party Advisory
http://www.securityfocus.com/bid/105080
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*

cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01369

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

CVE-2018-3615

CVSS3: 6.4

ubuntu

больше 7 лет назад

CVE-2018-3615

CVSS3: 6.4

debian

больше 7 лет назад

Systems with microprocessors utilizing speculative execution and Intel ...

GHSA-9w6j-7396-jgw4

CVSS3: 6.4

github

больше 3 лет назад

BDU:2018-00994

CVSS3: 7.9

fstec

около 8 лет назад

Уязвимость реализации технологии Software Guard eXtensions процессоров Intel, позволяющая получить несанкционированный доступ к данным, размещённым в защищённой области

ADV180018

CVSS3: 7.1

msrc

больше 7 лет назад

Microsoft Guidance to mitigate L1TF variant

EPSS

Процентиль: 80%

0.01369

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-203