CVE-2018-3620 Information

Feb 14, 2021 cve

Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Reference

http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.securityfocus.com/bid/105080 http://www.securitytracker.com/id/1041451 http://www.vmware.com/security/advisories/VMSA-2018-0021.html http://xenbits.xen.org/xsa/advisory-273.html https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2388 https://access.redhat.com/errata/RHSA-2018:2389 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2391 https://access.redhat.com/errata/RHSA-2018:2392 https://access.redhat.com/errata/RHSA-2018:2393 https://access.redhat.com/errata/RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2402 https://access.redhat.com/errata/RHSA-2018:2403 https://access.redhat.com/errata/RHSA-2018:2404 https://access.redhat.com/errata/RHSA-2018:2602 https://access.redhat.com/errata/RHSA-2018:2603 https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://foreshadowattack.eu/ https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc https://security.gentoo.org/glsa/201810-06 https://security.netapp.com/advisory/ntap-20180815-0001/ https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault https://support.f5.com/csp/article/K95275140 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel https://usn.ubuntu.com/3740-1/ https://usn.ubuntu.com/3740-2/ https://usn.ubuntu.com/3741-1/ https://usn.ubuntu.com/3741-2/ https://usn.ubuntu.com/3742-1/ https://usn.ubuntu.com/3742-2/ https://usn.ubuntu.com/3823-1/ https://www.debian.org/security/2018/dsa-4274 https://www.debian.org/security/2018/dsa-4279 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html https://www.kb.cert.org/vuls/id/982149 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.synology.com/support/security/Synology_SA_18_45

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.6

Share on: