5.6
CVE-2018-3646
- EPSS 8.1%
- Veröffentlicht 14.08.2018 19:29:00
- Zuletzt bearbeitet 29.05.2026 21:16:36
- Quelle secure@intel.com
- CVE-Watchlists
- Unerledigt
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.1% | 0.941 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.6 | 1.1 | 4 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| nvd@nist.gov | 4.7 | 3.4 | 6.9 |
AV:L/AC:M/Au:N/C:C/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.6 | 1.1 | 4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/security-alerts/cpujul2020.html
http://www.securitytracker.com/id/1042004
https://access.redhat.com/errata/RHSA-2018:2390
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://security.gentoo.org/glsa/201810-06
https://access.redhat.com/errata/RHSA-2018:2384
https://access.redhat.com/errata/RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2396
https://usn.ubuntu.com/3756-1/
https://access.redhat.com/errata/RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2392
https://access.redhat.com/errata/RHSA-2018:2393
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
https://access.redhat.com/errata/RHSA-2018:2402
https://access.redhat.com/errata/RHSA-2018:2403
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
http://support.lenovo.com/us/en/solutions/LEN-24163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
http://www.securityfocus.com/bid/105080
http://www.securitytracker.com/id/1041451
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://foreshadowattack.eu/
https://security.netapp.com/advisory/ntap-20180815-0001/
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://www.kb.cert.org/vuls/id/982149
https://www.synology.com/support/security/Synology_SA_18_45
http://xenbits.xen.org/xsa/advisory-273.html
https://access.redhat.com/errata/RHSA-2018:2388
https://access.redhat.com/errata/RHSA-2018:2389
https://access.redhat.com/errata/RHSA-2018:2404
https://access.redhat.com/errata/RHSA-2018:2602
https://access.redhat.com/errata/RHSA-2018:2603
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3823-1/
https://www.debian.org/security/2018/dsa-4274
https://www.debian.org/security/2018/dsa-4279
http://www.vmware.com/security/advisories/VMSA-2018-0020.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
https://support.f5.com/csp/article/K31300402