CVE-2018-3646

Sažetak

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Reference

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3740-1/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://access.redhat.com/errata/RHSA-2018:2396
https://access.redhat.com/errata/RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2393
https://access.redhat.com/errata/RHSA-2018:2392
https://access.redhat.com/errata/RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2389
https://access.redhat.com/errata/RHSA-2018:2388
https://access.redhat.com/errata/RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2384
http://www.securitytracker.com/id/1041451
http://www.securityfocus.com/bid/105080
https://www.synology.com/support/security/Synology_SA_18_45
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://foreshadowattack.eu/
http://support.lenovo.com/us/en/solutions/LEN-24163
https://security.netapp.com/advisory/ntap-20180815-0001/
https://access.redhat.com/errata/RHSA-2018:2404
https://access.redhat.com/errata/RHSA-2018:2403
https://access.redhat.com/errata/RHSA-2018:2402
https://support.f5.com/csp/article/K31300402
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
http://xenbits.xen.org/xsa/advisory-273.html
http://www.vmware.com/security/advisories/VMSA-2018-0020.html
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
https://www.kb.cert.org/vuls/id/982149
https://www.debian.org/security/2018/dsa-4274
https://www.debian.org/security/2018/dsa-4279
https://usn.ubuntu.com/3741-2/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
https://usn.ubuntu.com/3756-1/
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
https://access.redhat.com/errata/RHSA-2018:2603
https://access.redhat.com/errata/RHSA-2018:2602
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://security.gentoo.org/glsa/201810-06
http://www.securitytracker.com/id/1042004
https://usn.ubuntu.com/3823-1/
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://www.oracle.com/security-alerts/cpujul2020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/

CVSS

Base:	4.7
Impact:	6.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:58

Objavljeno

14-08-2018 - 19:29