Vulnerability Description
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Core I3 | 330e |
| Intel | Core I5 | 430m |
| Intel | Core I7 | 7y75 |
| Intel | Core M | 5y10 |
| Intel | Core M3 | 6y30 |
| Intel | Core M5 | 6y54 |
| Intel | Core M7 | 6y75 |
| Citrix | Xenserver | 7.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 8.0 |
| Freebsd | Freebsd | 11.0 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104460Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041124Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041125Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:1852Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1944Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2165Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1170Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1190Third Party Advisory
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxurThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlThird Party Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4787Third Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.ascThird Party Advisory
- https://security.netapp.com/advisory/ntap-20181016-0001/Third Party Advisory
FAQ
What is CVE-2018-3665?
CVE-2018-3665 is a vulnerability with a CVSS score of 5.6 (MEDIUM). System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculati...
How severe is CVE-2018-3665?
CVE-2018-3665 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3665?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Core I3, Intel Core I5, Intel Core I7, Intel Core M, Intel Core M3.