Information disclosure in Intel CPUs

1) Side-channel attack

EUVDB-ID: #VU14410

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3615

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX). A local attacker can conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache from an enclave.

Mitigation

Install update from vendor's website.

Vulnerable software versions

8th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

6th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Side-channel attack

EUVDB-ID: #VU14411

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3620

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Intel Xeon Processor D 2100: All versions

Intel Xeon Processor D 1500: All versions

Intel Xeon Scalable Processors: All versions

Intel Xeon Processor E7 v4 Family: All versions

Intel Xeon Processor E7 v3 Family: All versions

Intel Xeon Processor E7 v2 Family: All versions

Intel Xeon Processor E7 Family: All versions

Intel Xeon Processor E5 v4 Family: All versions

Intel Xeon Processor E5 v3 Family: All versions

Intel Xeon Processor E5 v2 Family: All versions

Intel Xeon Processor E5 Family: All versions

Intel Xeon Processor E3 v4 Family: All versions

Intel Xeon Processor E3 v3 Family: All versions

Intel Xeon Processor E3 v2 Family: All versions

Intel Xeon Processor E3 Family: All versions

Intel Xeon processor 7500 series: All versions

Intel Xeon processor 6500 series: All versions

Intel Xeon processor 5600 series: All versions

Intel Xeon processor 5500 series: All versions

Intel Xeon processor 3600 series: All versions

Intel Xeon processor 3400 series: All versions

Intel Core X-series Processor Family for Intel X299 platforms: All versions

Intel Core X-series Processor Family for Intel X99 platforms: All versions

5th generation Intel Core processors: All versions

4th generation Intel Core processors: All versions

3rd Generation Intel Core Processors: All versions

2nd generation Intel Core processors: All versions

Intel Core M processor family 32nm: All versions

Intel Core M processor family 45nm: All versions

Intel Core i7 processor 32nm: All versions

Intel Core i7 processor 45nm: All versions

Intel Core i5 processor 32nm: All versions

Intel Core i5 processor 45nm: All versions

Intel Core i3 processor 32nm: All versions

Intel Core i3 processor 45nm: All versions

8th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

6th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Side-channel attack

EUVDB-ID: #VU14412

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3646

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Intel Xeon Processor D 2100: All versions

Intel Xeon Processor D 1500: All versions

Intel Xeon Scalable Processors: All versions

Intel Xeon Processor E7 v4 Family: All versions

Intel Xeon Processor E7 v3 Family: All versions

Intel Xeon Processor E7 v2 Family: All versions

Intel Xeon Processor E7 Family: All versions

Intel Xeon Processor E5 v4 Family: All versions

Intel Xeon Processor E5 v3 Family: All versions

Intel Xeon Processor E5 v2 Family: All versions

Intel Xeon Processor E5 Family: All versions

Intel Xeon Processor E3 v4 Family: All versions

Intel Xeon Processor E3 v3 Family: All versions

Intel Xeon Processor E3 v2 Family: All versions

Intel Xeon Processor E3 Family: All versions

Intel Xeon processor 7500 series: All versions

Intel Xeon processor 6500 series: All versions

Intel Xeon processor 5600 series: All versions

Intel Xeon processor 5500 series: All versions

Intel Xeon processor 3600 series: All versions

Intel Xeon processor 3400 series: All versions

Intel Core X-series Processor Family for Intel X299 platforms: All versions

Intel Core X-series Processor Family for Intel X99 platforms: All versions

5th generation Intel Core processors: All versions

4th generation Intel Core processors: All versions

3rd Generation Intel Core Processors: All versions

2nd generation Intel Core processors: All versions

Intel Core M processor family 32nm: All versions

Intel Core M processor family 45nm: All versions

Intel Core i7 processor 32nm: All versions

Intel Core i7 processor 45nm: All versions

Intel Core i5 processor 32nm: All versions

Intel Core i5 processor 45nm: All versions

Intel Core i3 processor 32nm: All versions

Intel Core i3 processor 45nm: All versions

8th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

6th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.