CVE-2018-3615

CWE-2039 documents9 sources

Severity

6.4MEDIUM

EPSS

1.4%

top 19.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Corporation Multiple Intel Core I3 Intel Core I5 +2 more

Timeline

PublishedAug 14

Latest updateMay 13

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:NExploitability: 1.1 | Impact: 4.7

Affected Packages6 packages

▶Debianintel-microcode< 3.20180703.1+3

▶NVDintel/core_i316 versions+15

▶NVDintel/core_i535 versions+34

▶NVDintel/core_i741 versions+40

▶NVDintel/xeon_e311 versions+10

🔴Vulnerability Details

GHSA

GHSA-9w6j-7396-jgw4: Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of info↗2022-05-13

▶

OSV

CVE-2018-3615: Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of info↗2018-08-14

▶

Kernel

Merge branch 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip↗2018-08-14

▶

CVEList

CVE-2018-3615: Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of info↗2018-08-14

▶

📋Vendor Advisories

Cisco

CPU Side-Channel Information Disclosure Vulnerabilities: August 2018↗2018-08-14

▶

Debian

CVE-2018-3615: intel-microcode - Systems with microprocessors utilizing speculative execution and Intel software ...↗2018

▶

Red Hat

CVE-2018-3615: Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of info↗

▶