CVE-2018-3615
Vulnerability Summary
Timeline
Description
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
CVSS Metrics
- v3.1•HIGH•Score: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
- v3.0•MEDIUM•Score: 6.4CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
- v2.0•MEDIUM•Score: 5.4AV:L/AC:M/Au:N/C:C/I:P/A:N
EPSS Trends
Current EPSS score: 1.63%• Percentile: 82%
Techniques & Countermeasures
- CWE-203•Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
Affected Systems
- intel corporation•multiple
Multiple
- intel•core_i3
6006u | 6098p | 6100 | 6100e | 6100h | 6100t | 6100te | 6100u | 6102e | 6157u | 6167u | 6300 | 6300t | 6320 | 8100 | 8350k
- intel•core_i5
650 | 655k | 660 | 661 | 670 | 680 | 6200u | 6260u | 6267u | 6287u | 6300hq | 6300u | 6350hq | 6360u | 6400 | 6400t | 6402p | 6440eq | 6440hq | 6442eq | 6500 | 6500t | 6500te | 6585r | 6600 | 6600k | 6600t | 6685r | 750 | 750s | 760 | 8250u | 8350u | 8400 | 8600k
- intel•core_i7
610e | 620le | 620lm | 620m | 620ue | 620um | 640lm | 640m | 640um | 660lm | 660ue | 660um | 680um | 7y75 | 720qm | 740qm | 7500u | 7560u | 7567u | 7600u | 7660u | 7700 | 7700hq | 7700k | 7700t | 7820eq | 7820hk | 7820hq | 7920hq | 820qm | 840qm | 860 | 860s | 870 | 870s | 875k | 880 | 8550u | 8650u | 8700 | 8700k
- intel•xeon_e3
1515m_v5 | 1535m_v5 | 1545m_v5 | 1558l_v5 | 1565l_v5 | 1575m_v5 | 1578l_v5 | 1585_v5 | 1585l_v5 | 1505m_v6 | 1535m_v6
- intel•xeon_e3_1220_v5
na
- intel•xeon_e3_1220_v6
na
- intel•xeon_e3_1225_v5
na
- intel•xeon_e3_1225_v6
na
- intel•xeon_e3_1230_v5
na
- intel•xeon_e3_1230_v6
na
- intel•xeon_e3_1235l_v5
na
- intel•xeon_e3_1240_v5
na
- intel•xeon_e3_1240_v6
na
- intel•xeon_e3_1240l_v5
na
- intel•xeon_e3_1245_v5
na
- intel•xeon_e3_1245_v6
na
- intel•xeon_e3_1260l_v5
na
- intel•xeon_e3_1268l_v5
na
- intel•xeon_e3_1270_v5
na
- intel•xeon_e3_1270_v6
na
- intel•xeon_e3_1275_v5
na
- intel•xeon_e3_1275_v6
na
- intel•xeon_e3_1280_v5
na
- intel•xeon_e3_1280_v6
na
- intel•xeon_e3_1285_v6
na
- intel•xeon_e3_1501l_v6
na
- intel•xeon_e3_1501m_v6
na
- intel•xeon_e3_1505l_v5
na
- intel•xeon_e3_1505l_v6
na
- intel•xeon_e3_1505m_v5
na
References (17)
- https://www.kb.cert.org/vuls/id/982149
- http://www.securitytracker.com/id/1041451
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- http://www.securityfocus.com/bid/105080
- https://foreshadowattack.eu/
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- https://support.f5.com/csp/article/K35558453
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://www.synology.com/support/security/Synology_SA_18_45
- https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf