Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-3646

UNKNOWN
Published 2018-08-14T19:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-3646. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Intel Corporation

Multiple

Affected Versions:

Multiple

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-qj7r-58vw-6www

Advisory Details

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-3646
WEB https://access.redhat.com/errata/RHSA-2018:2384
WEB https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
WEB https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
WEB https://security.gentoo.org/glsa/201810-06
WEB https://security.netapp.com/advisory/ntap-20180815-0001
WEB https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
WEB https://support.f5.com/csp/article/K31300402
WEB https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
WEB https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
WEB https://usn.ubuntu.com/3740-1
WEB https://usn.ubuntu.com/3740-2
WEB https://usn.ubuntu.com/3741-1
WEB https://usn.ubuntu.com/3741-2
WEB https://usn.ubuntu.com/3742-1
WEB https://usn.ubuntu.com/3742-2
WEB https://usn.ubuntu.com/3756-1
WEB https://usn.ubuntu.com/3823-1
WEB https://www.debian.org/security/2018/dsa-4274
WEB https://www.debian.org/security/2018/dsa-4279
WEB https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
WEB https://www.kb.cert.org/vuls/id/982149
WEB https://www.oracle.com/security-alerts/cpujul2020.html
WEB https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WEB https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
WEB https://www.synology.com/support/security/Synology_SA_18_45
WEB https://access.redhat.com/errata/RHSA-2018:2387
WEB https://access.redhat.com/errata/RHSA-2018:2388
WEB https://access.redhat.com/errata/RHSA-2018:2389
WEB https://access.redhat.com/errata/RHSA-2018:2390
WEB https://access.redhat.com/errata/RHSA-2018:2391
WEB https://access.redhat.com/errata/RHSA-2018:2392
WEB https://access.redhat.com/errata/RHSA-2018:2393
WEB https://access.redhat.com/errata/RHSA-2018:2394
WEB https://access.redhat.com/errata/RHSA-2018:2395
WEB https://access.redhat.com/errata/RHSA-2018:2396
WEB https://access.redhat.com/errata/RHSA-2018:2402
WEB https://access.redhat.com/errata/RHSA-2018:2403
WEB https://access.redhat.com/errata/RHSA-2018:2404
WEB https://access.redhat.com/errata/RHSA-2018:2602
WEB https://access.redhat.com/errata/RHSA-2018:2603
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
WEB https://foreshadowattack.eu
WEB https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
WEB https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
WEB https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
WEB http://support.lenovo.com/us/en/solutions/LEN-24163
WEB http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
WEB http://www.securityfocus.com/bid/105080
WEB http://www.securitytracker.com/id/1041451
WEB http://www.securitytracker.com/id/1042004
WEB http://www.vmware.com/security/advisories/VMSA-2018-0020.html
WEB http://xenbits.xen.org/xsa/advisory-273.html

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://www.kb.cert.org/vuls/id/982149
http://www.securitytracker.com/id/1041451
https://security.gentoo.org/glsa/201810-06
https://usn.ubuntu.com/3741-2/
https://access.redhat.com/errata/RHSA-2018:2393
https://usn.ubuntu.com/3823-1/
https://access.redhat.com/errata/RHSA-2018:2389
http://www.securitytracker.com/id/1042004
https://access.redhat.com/errata/RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2403
http://www.securityfocus.com/bid/105080
https://access.redhat.com/errata/RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2384
https://usn.ubuntu.com/3740-2/
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://www.debian.org/security/2018/dsa-4274
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://access.redhat.com/errata/RHSA-2018:2388
https://usn.ubuntu.com/3741-1/
https://access.redhat.com/errata/RHSA-2018:2603
https://access.redhat.com/errata/RHSA-2018:2402
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
https://usn.ubuntu.com/3742-2/
https://access.redhat.com/errata/RHSA-2018:2404
https://usn.ubuntu.com/3740-1/
https://access.redhat.com/errata/RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2396
https://www.debian.org/security/2018/dsa-4279
https://access.redhat.com/errata/RHSA-2018:2392
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
https://usn.ubuntu.com/3742-1/
https://access.redhat.com/errata/RHSA-2018:2602
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://access.redhat.com/errata/RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2387
https://usn.ubuntu.com/3756-1/
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
http://xenbits.xen.org/xsa/advisory-273.html
https://foreshadowattack.eu/
https://security.netapp.com/advisory/ntap-20180815-0001/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
http://support.lenovo.com/us/en/solutions/LEN-24163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://www.synology.com/support/security/Synology_SA_18_45
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
http://www.vmware.com/security/advisories/VMSA-2018-0020.html
https://support.f5.com/csp/article/K31300402
Published: 2018-08-14T19:00:00Z
Last Modified: 2024-09-17T02:27:21.556Z
Copied to clipboard!