CVE-2018-3646
Severity
5.6MEDIUM
EPSS
3.9%
top 11.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 14
Latest updateMay 13
Description
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
CVSS vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0
🔴Vulnerability Details
11GHSA▶
GHSA-qj7r-58vw-6www: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the↗2022-05-13
CVEList▶
CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the↗2018-08-14
📋Vendor Advisories
17VMware▶
VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabiliti↗2019-05-14
Apple▶
CVE-2018-3646: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra↗2018-10-30