Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
References
Link Providers
http://support.lenovo.com/us/en/solutions/LEN-24163 cve-icon cve-icon
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en cve-icon cve-icon
http://www.securityfocus.com/bid/105080 cve-icon cve-icon
http://www.securitytracker.com/id/1041451 cve-icon cve-icon
http://www.securitytracker.com/id/1042004 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2018-0020.html cve-icon cve-icon
http://xenbits.xen.org/xsa/advisory-273.html cve-icon cve-icon
https://access.redhat.com/articles/3562741 cve-icon
https://access.redhat.com/errata/RHSA-2018:2384 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2387 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2388 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2389 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2390 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2391 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2392 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2393 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2394 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2395 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2396 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2402 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2403 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2404 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2602 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2603 cve-icon cve-icon
https://access.redhat.com/security/vulnerabilities/L1TF cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf cve-icon cve-icon
https://foreshadowattack.eu/ cve-icon cve-icon cve-icon
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-3646 cve-icon
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018 cve-icon cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010 cve-icon cve-icon
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc cve-icon cve-icon
https://security.gentoo.org/glsa/201810-06 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20180815-0001/ cve-icon cve-icon
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault cve-icon cve-icon cve-icon
https://support.f5.com/csp/article/K31300402 cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel cve-icon cve-icon
https://usn.ubuntu.com/3740-1/ cve-icon cve-icon
https://usn.ubuntu.com/3740-2/ cve-icon cve-icon
https://usn.ubuntu.com/3741-1/ cve-icon cve-icon
https://usn.ubuntu.com/3741-2/ cve-icon cve-icon
https://usn.ubuntu.com/3742-1/ cve-icon cve-icon
https://usn.ubuntu.com/3742-2/ cve-icon cve-icon
https://usn.ubuntu.com/3756-1/ cve-icon cve-icon
https://usn.ubuntu.com/3823-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-3646 cve-icon
https://www.debian.org/security/2018/dsa-4274 cve-icon cve-icon
https://www.debian.org/security/2018/dsa-4279 cve-icon cve-icon
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html cve-icon cve-icon
https://www.kb.cert.org/vuls/id/982149 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html cve-icon cve-icon
https://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow cve-icon
https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know cve-icon
https://www.synology.com/support/security/Synology_SA_18_45 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: intel

Published: 2018-08-14T19:00:00Z

Updated: 2024-09-17T02:27:21.556Z

Reserved: 2017-12-28T00:00:00

Link: CVE-2018-3646

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-14T19:29:00.920

Modified: 2023-11-07T02:58:08.630

Link: CVE-2018-3646

cve-icon Redhat

Severity : Important

Publid Date: 2018-08-14T17:00:00Z

Links: CVE-2018-3646 - Bugzilla