Vulnerability Details : CVE-2018-3615
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
Products affected by CVE-2018-3615
- cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*
- cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-3615
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-3615
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:P/A:N |
3.4
|
7.8
|
NIST | |
6.4
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |
1.1
|
4.7
|
NIST |
CWE ids for CVE-2018-3615
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-3615
-
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
-
http://www.securityfocus.com/bid/105080
Multiple Intel Processors Side Channel Attack Multiple Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
https://foreshadowattack.eu/
Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order ExecutionTechnical Description;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20180815-0001/
Intel SA-00161 L1 Terminal Fault Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
HPESBHF03874 rev.1 - Certain HPE Products using Intel-based Processors, L1 Terminal Fault (L1TF) Speculative Side-channel Vulnerabilities, Local Disclosure of InformationThird Party Advisory
-
https://www.kb.cert.org/vuls/id/982149
VU#982149 - Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)Third Party Advisory
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
Security Advisory - CPU Side Channel Vulnerability "L1TF"Third Party Advisory
-
http://www.securitytracker.com/id/1041451
Intel CPUs Let Local Users Obtain or Infer Portions of L1 Cache Memory on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.synology.com/support/security/Synology_SA_18_45
Synology Inc.Third Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
CPU Side-Channel Information Disclosure Vulnerabilities: August 2018Third Party Advisory
-
http://support.lenovo.com/us/en/solutions/LEN-24163
L1 Terminal Fault Side Channel Vulnerabilities - USThird Party Advisory
-
https://support.f5.com/csp/article/K35558453
Third Party Advisory
-
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
L1 Terminal FaultMitigation;Vendor Advisory
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
SonicWall Security AdvisoryThird Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
[SECURITY] [DLA 1506-1] intel-microcode security update
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
INTEL-SA-00161Vendor Advisory
Jump to