CVE-2018-3665
Vulnerability Summary
Timeline
Description
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.6CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
- v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:C/I:N/A:N
EPSS Trends
Current EPSS score: 1.83%• Percentile: 83%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- canonical•ubuntu_linux
12.04 | 14.04 | 16.04
- citrix•xenserver
7.0 | 7.1 | 7.3 | 7.4 | 7.5
- debian•debian_linux
8.0 | 9.0
- freebsd•freebsd
11.0 | 11.1 | 11.2
- intel corporation•intel core-based microprocessors
All
- intel•core_i3
330e | 330m | 330um | 350m | 370m | 380m | 380um | 390m | 530 | 540 | 550 | 560 | 2100 | 2100t | 2102 | 2105 | 2115c | 2120 | 2120t | 2125 | 2130 | 2310e | 2310m | 2312m | 2328m | 2330e | 2330m | 2340ue | 2348m | 2350m | 2357m | 2365m | 2367m | 2370m | 2375m | 2377m | 3110m | 3115c | 3120m | 3120me | 3130m | 3210 | 3217u | 3217ue | 3220 | 3220t | 3225 | 3227u | 3229y | 3240 | 3240t | 3245 | 3250 | 3250t | 4000m | 4005u | 4010u | 4010y | 4012y | 4020y | 4025u | 4030u | 4030y | 4100e | 4100m | 4100u | 4102e | 4110e | 4110m | 4112e | 4120u | 4130 | 4130t | 4150 | 4150t | 4158u | 4160 | 4160t | 4170 | 4170t | 4330 | 4330t | 4330te | 4340 | 4340te | 4350 | 4350t | 4360 | 4360t | 4370 | 4370t | 5005u | 5010u | 5015u | 5020u | 5157u | 6006u | 6098p | 6100 | 6100e | 6100h | 6100t | 6100te | 6100u | 6102e | 6157u | 6167u | 6300 | 6300t | 6320 | 8100 | 8350k
- intel•core_i5
430m | 430um | 450m | 460m | 470um | 480m | 520e | 520m | 520um | 540m | 540um | 560m | 560um | 580m | 650 | 655k | 660 | 661 | 670 | 680 | 750 | 750s | 760 | 2300 | 2310 | 2320 | 2380p | 2390t | 2400 | 2400s | 2405s | 2410m | 2430m | 2435m | 2450m | 2450p | 2467m | 2500 | 2500k | 2500s | 2500t | 2510e | 2515e | 2520m | 2537m | 2540m | 2550k | 2557m | 3210m | 3230m | 3317u | 3320m | 3330 | 3330s | 3337u | 3339y | 3340 | 3340m | 3340s | 3350p | 3360m | 3380m | 3427u | 3437u | 3439y | 3450 | 3450s | 3470 | 3470s | 3470t | 3475s | 3550 | 3550s | 3570 | 3570k | 3570s | 3570t | 3610me | 4200h | 4200m | 4200u | 4200y | 4202y | 4210h | 4210m | 4210u | 4210y | 4220y | 4250u | 4258u | 4260u | 4278u | 4288u | 4300m | 4300u | 4300y | 4302y | 4308u | 4310m | 4310u | 4330m | 4340m | 4350u | 4360u | 4400e | 4402e | 4402ec | 4410e | 4422e | 4430 | 4430s | 4440 | 4440s | 4460 | 4460s | 4460t | 4570 | 4570r | 4570s | 4570t | 4570te | 4590 | 4590s | 4590t | 4670 | 4670k | 4670r | 4670s | 4670t | 4690 | 4690k | 4690s | 4690t | 5200u | 5250u | 5257u | 5287u | 5300u | 5350h | 5350u | 5575r | 5675c | 5675r | 6200u | 6260u | 6267u | 6287u | 6300hq | 6300u | 6350hq | 6360u | 6400 | 6400t | 6402p | 6440eq | 6440hq | 6442eq | 6500 | 6500t | 6500te | 6585r | 6600 | 6600k | 6600t | 6685r | 8250u | 8350u | 8400 | 8600k
- intel•core_i7
7y75 | 610e | 620le | 620lm | 620m | 620ue | 620um | 640lm | 640m | 640um | 660lm | 660ue | 660um | 680um | 720qm | 740qm | 820qm | 840qm | 860 | 860s | 870 | 870s | 875k | 880 | 920 | 920xm | 930 | 940 | 940xm | 950 | 960 | 965 | 970 | 975 | 980 | 980x | 990x | 2600 | 2600k | 2600s | 2610ue | 2617m | 2620m | 2629m | 2630qm | 2635qm | 2637m | 2640m | 2649m | 2655le | 2657m | 2670qm | 2675qm | 2677m | 2700k | 2710qe | 2715qe | 2720qm | 2760qm | 2820qm | 2860qm | 2920xm | 2960xm | 3517u | 3517ue | 3520m | 3537u | 3540m | 3555le | 3610qe | 3610qm | 3612qe | 3612qm | 3615qe | 3615qm | 3630qm | 3632qm | 3635qm | 3667u | 3687u | 3689y | 3720qm | 3740qm | 3770 | 3770k | 3770s | 3770t | 3820qm | 3840qm | 4500u | 4510u | 4550u | 4558u | 4578u | 4600m | 4600u | 4610m | 4610y | 4650u | 4700ec | 4700eq | 4700hq | 4700mq | 4702ec | 4702hq | 4702mq | 4710hq | 4710mq | 4712hq | 4712mq | 4720hq | 4722hq | 4750hq | 4760hq | 4765t | 4770 | 4770hq | 4770k | 4770r | 4770s | 4770t | 4770te | 4771 | 4785t | 4790 | 4790k | 4790s | 4790t | 4800mq | 4810mq | 4850hq | 4860hq | 4870hq | 4900mq | 4910mq | 4950hq | 4960hq | 4980hq | 5500u | 5550u | 5557u | 5600u | 5650u | 5700eq | 5700hq | 5750hq | 5775c | 5775r | 5850eq | 5850hq | 5950hq | 7500u | 7560u | 7567u | 7600u | 7660u | 7700 | 7700hq | 7700k | 7700t | 7820eq | 7820hk | 7820hq | 7920hq | 8550u | 8650u | 8700 | 8700k
- intel•core_m
5y10 | 5y10a | 5y10c | 5y31 | 5y51 | 5y70 | 5y71
- intel•core_m3
6y30 | 7y30 | 7y32
- intel•core_m5
6y54 | 6y57
- intel•core_m7
6y75
- redhat•enterprise_linux
6.0 | 7.0
- redhat•enterprise_linux_desktop
6.0 | 7.0
- redhat•enterprise_linux_workstation
6.0 | 7.0
References (25)
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://access.redhat.com/errata/RHSA-2018:2164
- https://usn.ubuntu.com/3696-1/
- http://www.securitytracker.com/id/1041125
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://access.redhat.com/errata/RHSA-2018:1944
- https://access.redhat.com/errata/RHSA-2018:1852
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc
- http://www.securitytracker.com/id/1041124
- https://access.redhat.com/errata/RHSA-2018:2165
- https://www.debian.org/security/2018/dsa-4232
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3696-2/
- http://www.securityfocus.com/bid/104460
- https://usn.ubuntu.com/3698-2/
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://nvidia.custhelp.com/app/answers/detail/a_id/4787
- https://www.synology.com/support/security/Synology_SA_18_31
- https://security.netapp.com/advisory/ntap-20181016-0001/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
- https://support.citrix.com/article/CTX235745
- https://security.paloaltonetworks.com/CVE-2018-3665