CVE-2018-3615

Vulnerability Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://support.lenovo.com/us/en/solutions/LEN-24163Third Party Advisory
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enThird Party Advisory
• http://www.securityfocus.com/bid/105080Third Party AdvisoryVDB Entry
• http://www.securitytracker.com/id/1041451Third Party AdvisoryVDB Entry
• https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
• https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
• https://foreshadowattack.eu/Technical DescriptionThird Party Advisory
• https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008Third Party Advisory
• https://security.netapp.com/advisory/ntap-20180815-0001/Third Party Advisory
• https://software.intel.com/security-software-guidance/software-guidance/l1-termiMitigationVendor Advisory
• https://support.f5.com/csp/article/K35558453Third Party Advisory
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Third Party Advisory
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.Vendor Advisory