Home > Vulnerability Database > CVE-2018-3620

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2018-3620

Good to know:

Date: August 13, 2018

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Language: C

Severity Score

5.6

Related Resources (58)

Url: http://www.securitytracker.com/id/1041451

Url: https://usn.ubuntu.com/3823-1/

Url: https://security-tracker.debian.org/tracker/CVE-2018-3620

Url: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Url: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

Url: https://access.redhat.com/errata/RHSA-2018:2388

Url: https://www.oracle.com/security-alerts/cpujul2020.html

Url: https://access.redhat.com/errata/RHSA-2018:2389

Url: https://usn.ubuntu.com/3741-2/

Url: https://access.redhat.com/errata/RHSA-2018:2387

Url: http://www.vmware.com/security/advisories/VMSA-2018-0021.html

Url: https://access.redhat.com/errata/RHSA-2018:2384

Url: https://usn.ubuntu.com/3740-1/

Url: http://xenbits.xen.org/xsa/advisory-273.html

Url: https://access.redhat.com/errata/RHSA-2018:2603

Url: https://support.f5.com/csp/article/K95275140

Url: https://access.redhat.com/errata/RHSA-2018:2403

Url: https://access.redhat.com/errata/RHSA-2018:2404

Url: https://access.redhat.com/errata/RHSA-2018:2602

Url: http://www.securityfocus.com/bid/105080

Url: https://www.debian.org/security/2018/dsa-4279

Url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

Url: https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Url: https://www.debian.org/security/2018/dsa-4274

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

Url: https://usn.ubuntu.com/3740-2/

Url: https://security.netapp.com/advisory/ntap-20180815-0001/

Url: https://www.synology.com/support/security/Synology_SA_18_45

Url: http://support.lenovo.com/us/en/solutions/LEN-24163

Url: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc

Url: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Url: https://access.redhat.com/errata/RHSA-2018:2402

Url: https://usn.ubuntu.com/3742-1/

Url: https://access.redhat.com/security/cve/CVE-2018-3620

Url: https://www.kb.cert.org/vuls/id/982149

Url: https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html

Url: https://foreshadowattack.eu/

Url: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3620

Url: https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

Url: https://security.gentoo.org/glsa/201810-06

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

Url: https://access.redhat.com/errata/RHSA-2018:2393

Url: https://access.redhat.com/errata/RHSA-2018:2394

Url: https://access.redhat.com/errata/RHSA-2018:2391

Url: https://access.redhat.com/errata/RHSA-2018:2392

Url: https://access.redhat.com/errata/RHSA-2018:2390

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-3620

Url: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

Url: https://usn.ubuntu.com/3742-2/

Url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

Url: https://access.redhat.com/errata/RHSA-2018:2395

Url: https://usn.ubuntu.com/3741-1/

Url: https://access.redhat.com/errata/RHSA-2018:2396

Url: https://www.mend.io/vulnerability-database/CVE-2018-3620

Severity Score

5.6

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version v4.19-rc1,v4.14.63,v4.17.15,v4.18.1,v4.9.120

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.7
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us