Home > Vulnerability Database > CVE-2018-3615

Mend.io Vulnerability Database

CVE-2018-3615

Good to know:

Date: August 14, 2018

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

Language: Unix

Severity Score

6.4

Related Resources (19)

Url: https://www.kb.cert.org/vuls/id/982149

Url: https://foreshadowattack.eu/

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-3615

Url: http://www.securitytracker.com/id/1041451

Url: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008

Url: https://security.netapp.com/advisory/ntap-20180815-0001/

Url: http://www.securityfocus.com/bid/105080

Url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

Url: https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

Url: https://www.synology.com/support/security/Synology_SA_18_45

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

Url: http://support.lenovo.com/us/en/solutions/LEN-24163

Url: https://support.f5.com/csp/article/K35558453

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

Url: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Url: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

Url: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

Url: https://www.mend.io/vulnerability-database/CVE-2018-3615

Severity Score

6.4

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version linux - 4.18.arch1-1;linux-lts - 4.14.63-1;linux-zen - 4.18.zen1-1

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.4
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-3615

Good to know:

Date: August 14, 2018

Language: Unix

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?