Lucene search

GoogleOSV:CVE-2018-3646

HistoryAug 14, 2018 - 7:29 p.m.

CVE-2018-3646

2018-08-1419:29:00

Google

osv.dev

AI Score

5.8

Confidence

High

EPSS

Percentile

13.3%

JSON

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

References

support.lenovo.com/us/en/solutions/LEN-24163

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

www.securityfocus.com/bid/105080

www.securitytracker.com/id/1041451

www.securitytracker.com/id/1042004

www.vmware.com/security/advisories/VMSA-2018-0020.html

xenbits.xen.org/xsa/advisory-273.html

access.redhat.com/errata/RHSA-2018:2384

access.redhat.com/errata/RHSA-2018:2387

access.redhat.com/errata/RHSA-2018:2388

access.redhat.com/errata/RHSA-2018:2389

access.redhat.com/errata/RHSA-2018:2390

access.redhat.com/errata/RHSA-2018:2391

access.redhat.com/errata/RHSA-2018:2392

access.redhat.com/errata/RHSA-2018:2393

access.redhat.com/errata/RHSA-2018:2394

access.redhat.com/errata/RHSA-2018:2395

access.redhat.com/errata/RHSA-2018:2396

access.redhat.com/errata/RHSA-2018:2402

access.redhat.com/errata/RHSA-2018:2403

access.redhat.com/errata/RHSA-2018:2404

access.redhat.com/errata/RHSA-2018:2602

access.redhat.com/errata/RHSA-2018:2603

cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

foreshadowattack.eu/

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.debian.org/debian-lts-announce/2018/08/msg00029.html

lists.debian.org/debian-lts-announce/2018/09/msg00017.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/

portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010

security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc

security.gentoo.org/glsa/201810-06

security.netapp.com/advisory/ntap-20180815-0001/

software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

support.f5.com/csp/article/K31300402

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

usn.ubuntu.com/3740-1/

usn.ubuntu.com/3740-2/

usn.ubuntu.com/3741-1/

usn.ubuntu.com/3741-2/

usn.ubuntu.com/3742-1/

usn.ubuntu.com/3742-2/

usn.ubuntu.com/3756-1/

usn.ubuntu.com/3823-1/

www.debian.org/security/2018/dsa-4274

www.debian.org/security/2018/dsa-4279

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

www.kb.cert.org/vuls/id/982149

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.synology.com/support/security/Synology_SA_18_45