CVE-2018-3665

CWE-200Information Exposure13 documents10 sources
Severity
5.6MEDIUM
EPSS
1.3%
top 20.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Intel Corporation Intel Core-based MicroprocessorsCanonical Ubuntu LinuxCitrix Xenserver+12 more
Timeline
PublishedJun 21
Latest updateMay 13

Description

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages13 packages

NVDintel/core_m7 versions+6
NVDintel/core_i3112 versions+111
NVDintel/core_i5169 versions+168
NVDintel/core_i7168 versions+167

Also affects: Freebsd 11.0, 11.1, 11.2, Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

3
GHSA
GHSA-723g-x9c7-6562: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to i2022-05-13
CVEList
CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to i2018-06-21
OSV
CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to i2018-06-21

📋Vendor Advisories

8
Apple
CVE-2018-3665: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan2018-07-09
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-07-02
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-07-02

💬Community

1
Bugzilla
CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore2018-06-01