CVE-2018-3620 — MEDIUM (5.6)

Vulnerability Description

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

CVSS Score

5.6

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Intel	Core I3	330e
Intel	Core I5	430m
Intel	Core I7	7y75
Intel	Core M	5y10
Intel	Core M3	6y30
Intel	Core M5	6y54
Intel	Core M7	6y75
Intel	Xeon	All versions

Related Weaknesses (CWE)

CWE-203

References

http://support.lenovo.com/us/en/solutions/LEN-24163Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enThird Party Advisory
http://www.securityfocus.com/bid/105080Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041451Third Party AdvisoryVDB Entry
http://www.vmware.com/security/advisories/VMSA-2018-0021.htmlThird Party Advisory
http://xenbits.xen.org/xsa/advisory-273.htmlThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2387Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2388Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2389Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2390Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2391Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2392Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2393Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2394Third Party Advisory

FAQ

What is CVE-2018-3620?

CVE-2018-3620 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acce...

How severe is CVE-2018-3620?

CVE-2018-3620 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-3620?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Core I3, Intel Core I5, Intel Core I7, Intel Core M, Intel Core M3.