CVE-2018-3620 | AttackerKB

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

intel

Products

References

Canonical

CVE-2018-3620 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620)

BID-105080 (http://www.securityfocus.com/bid/105080)

Advisory

VU#982149 (https://www.kb.cert.org/vuls/id/982149)

SECTRACK-1041451 (http://www.securitytracker.com/id/1041451)

GLSA-201810-06 (https://security.gentoo.org/glsa/201810-06)

USN-3741-2 (https://usn.ubuntu.com/3741-2)

https://access.redhat.com/errata/RHSA-2018:2393

USN-3823-1 (https://usn.ubuntu.com/3823-1)

https://access.redhat.com/errata/RHSA-2018:2389

https://access.redhat.com/errata/RHSA-2018:2390

https://access.redhat.com/errata/RHSA-2018:2403

https://access.redhat.com/errata/RHSA-2018:2395

https://access.redhat.com/errata/RHSA-2018:2384

USN-3740-2 (https://usn.ubuntu.com/3740-2)

DSA-4274 (https://www.debian.org/security/2018/dsa-4274)

FEDORA-2018-1c80fea1cd (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ)

https://access.redhat.com/errata/RHSA-2018:2388

USN-3741-1 (https://usn.ubuntu.com/3741-1)

https://access.redhat.com/errata/RHSA-2018:2603

https://access.redhat.com/errata/RHSA-2018:2402

20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018 (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel)

FEDORA-2018-f8cba144ae (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2)

USN-3742-2 (https://usn.ubuntu.com/3742-2)

https://access.redhat.com/errata/RHSA-2018:2404

USN-3740-1 (https://usn.ubuntu.com/3740-1)

https://access.redhat.com/errata/RHSA-2018:2391

https://access.redhat.com/errata/RHSA-2018:2396

DSA-4279 (https://www.debian.org/security/2018/dsa-4279)

https://access.redhat.com/errata/RHSA-2018:2392

[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html)

USN-3742-1 (https://usn.ubuntu.com/3742-1)

https://access.redhat.com/errata/RHSA-2018:2602

[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update (https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html)

https://access.redhat.com/errata/RHSA-2018:2394

https://access.redhat.com/errata/RHSA-2018:2387

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

http://xenbits.xen.org/xsa/advisory-273.html

http://www.vmware.com/security/advisories/VMSA-2018-0021.html

https://security.netapp.com/advisory/ntap-20180815-0001

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

https://support.f5.com/csp/article/K95275140

http://support.lenovo.com/us/en/solutions/LEN-24163

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://www.synology.com/support/security/Synology_SA_18_45

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

Miscellaneous

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://foreshadowattack.eu

Rapid7

Technical Analysis