Vulnerability Description
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Core I3 | 330e |
| Intel | Core I5 | 430m |
| Intel | Core I7 | 7y75 |
| Intel | Core M | 5y10 |
| Intel | Core M3 | 6y30 |
| Intel | Core M5 | 6y54 |
| Intel | Core M7 | 6y75 |
| Intel | Xeon | All versions |
References
- http://support.lenovo.com/us/en/solutions/LEN-24163Third Party Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enThird Party Advisory
- http://www.securityfocus.com/bid/105080Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041451Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042004
- http://www.vmware.com/security/advisories/VMSA-2018-0020.htmlThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-273.htmlThird Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2387Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2388Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2389Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2390Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2391Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2392Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2393Third Party Advisory
FAQ
What is CVE-2018-3646?
CVE-2018-3646 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acce...
How severe is CVE-2018-3646?
CVE-2018-3646 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3646?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Core I3, Intel Core I5, Intel Core I7, Intel Core M, Intel Core M3.