CVE-2018-3620

CWE-203CWE-226CWE-200Information Exposure27 documents12 sources
Severity
5.6MEDIUM
EPSS
3.0%
top 13.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Intel Corporation MultipleIntel Core I3Intel Core I5+5 more
Timeline
PublishedAug 14
Latest updateMay 13

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages12 packages

Debianxen< 4.11.1~pre.20180911.5acdd26fdc+dfsg-2+3
Debianlinux< 4.17.15-1+3
Ubuntulinux< 3.13.0-156.206
Debianintel-microcode< 3.20180703.1+3
NVDintel/core_m7 versions+6

🔴Vulnerability Details

10
GHSA
GHSA-h9mf-j5vf-pc99: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the2022-05-13
OSV
linux regressions2018-08-17
Kernel
Merge branch 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip2018-08-14
OSV
CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the2018-08-14
CVEList
CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the2018-08-14

📋Vendor Advisories

13
Ubuntu
Linux kernel vulnerabilities2018-11-15
Ubuntu
Linux kernel (Trusty HWE) regressions2018-08-21
Ubuntu
Linux kernel regressions2018-08-17
Ubuntu
Linux kernel vulnerabilities2018-08-14
Ubuntu
Linux kernel vulnerabilities2018-08-14

💬Community

2
Bugzilla
CVE-2018-3620 CVE-2018-3646 kernel: hw: cpu: L1 terminal fault (L1TF) [fedora-all]2018-08-14
Bugzilla
CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)2018-06-01