CVE - CVE-2018-3620

CVE-ID
CVE-2018-3620	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:105080 URL:http://www.securityfocus.com/bid/105080 CERT-VN:VU#982149 URL:https://www.kb.cert.org/vuls/id/982149 CISCO:20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018 URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel CONFIRM:http://support.lenovo.com/us/en/solutions/LEN-24163 URL:http://support.lenovo.com/us/en/solutions/LEN-24163 CONFIRM:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en URL:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en CONFIRM:http://www.vmware.com/security/advisories/VMSA-2018-0021.html URL:http://www.vmware.com/security/advisories/VMSA-2018-0021.html CONFIRM:http://xenbits.xen.org/xsa/advisory-273.html URL:http://xenbits.xen.org/xsa/advisory-273.html CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf URL:https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf URL:https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf CONFIRM:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 URL:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 CONFIRM:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018 URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018 CONFIRM:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009 URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009 CONFIRM:https://security.netapp.com/advisory/ntap-20180815-0001/ URL:https://security.netapp.com/advisory/ntap-20180815-0001/ CONFIRM:https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault URL:https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault CONFIRM:https://support.f5.com/csp/article/K95275140 URL:https://support.f5.com/csp/article/K95275140 CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us URL:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us CONFIRM:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html URL:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html CONFIRM:https://www.synology.com/support/security/Synology_SA_18_45 URL:https://www.synology.com/support/security/Synology_SA_18_45 DEBIAN:DSA-4274 URL:https://www.debian.org/security/2018/dsa-4274 DEBIAN:DSA-4279 URL:https://www.debian.org/security/2018/dsa-4279 FEDORA:FEDORA-2018-1c80fea1cd URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/ FEDORA:FEDORA-2018-f8cba144ae URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/ FREEBSD:FreeBSD-SA-18:09 URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc GENTOO:GLSA-201810-06 URL:https://security.gentoo.org/glsa/201810-06 MISC:https://foreshadowattack.eu/ URL:https://foreshadowattack.eu/ MISC:https://www.oracle.com/security-alerts/cpujul2020.html URL:https://www.oracle.com/security-alerts/cpujul2020.html MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html URL:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html MLIST:[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html MLIST:[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html REDHAT:RHSA-2018:2384 URL:https://access.redhat.com/errata/RHSA-2018:2384 REDHAT:RHSA-2018:2387 URL:https://access.redhat.com/errata/RHSA-2018:2387 REDHAT:RHSA-2018:2388 URL:https://access.redhat.com/errata/RHSA-2018:2388 REDHAT:RHSA-2018:2389 URL:https://access.redhat.com/errata/RHSA-2018:2389 REDHAT:RHSA-2018:2390 URL:https://access.redhat.com/errata/RHSA-2018:2390 REDHAT:RHSA-2018:2391 URL:https://access.redhat.com/errata/RHSA-2018:2391 REDHAT:RHSA-2018:2392 URL:https://access.redhat.com/errata/RHSA-2018:2392 REDHAT:RHSA-2018:2393 URL:https://access.redhat.com/errata/RHSA-2018:2393 REDHAT:RHSA-2018:2394 URL:https://access.redhat.com/errata/RHSA-2018:2394 REDHAT:RHSA-2018:2395 URL:https://access.redhat.com/errata/RHSA-2018:2395 REDHAT:RHSA-2018:2396 URL:https://access.redhat.com/errata/RHSA-2018:2396 REDHAT:RHSA-2018:2402 URL:https://access.redhat.com/errata/RHSA-2018:2402 REDHAT:RHSA-2018:2403 URL:https://access.redhat.com/errata/RHSA-2018:2403 REDHAT:RHSA-2018:2404 URL:https://access.redhat.com/errata/RHSA-2018:2404 REDHAT:RHSA-2018:2602 URL:https://access.redhat.com/errata/RHSA-2018:2602 REDHAT:RHSA-2018:2603 URL:https://access.redhat.com/errata/RHSA-2018:2603 SECTRACK:1041451 URL:http://www.securitytracker.com/id/1041451 UBUNTU:USN-3740-1 URL:https://usn.ubuntu.com/3740-1/ UBUNTU:USN-3740-2 URL:https://usn.ubuntu.com/3740-2/ UBUNTU:USN-3741-1 URL:https://usn.ubuntu.com/3741-1/ UBUNTU:USN-3741-2 URL:https://usn.ubuntu.com/3741-2/ UBUNTU:USN-3742-1 URL:https://usn.ubuntu.com/3742-1/ UBUNTU:USN-3742-2 URL:https://usn.ubuntu.com/3742-2/ UBUNTU:USN-3823-1 URL:https://usn.ubuntu.com/3823-1/
Assigning CNA
Intel Corporation
Date Record Created
20171228	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20171228)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)