Side-channel attack in Intel products - CVE-2018-3665
Published: June 14, 2018 / Updated: June 14, 2018
Vulnerability identifier: #VU13337
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-3665
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Intel Core M 32nm
Intel Core M 45nm
Intel Core i7 32nm
Intel Core i7 45nm
Intel Core i5 32nm
Intel Core i5 45nm
Intel Core i3 32nm
Intel Core i3 45nm
Intel Core M 32nm
Intel Core M 45nm
Intel Core i7 32nm
Intel Core i7 45nm
Intel Core i5 32nm
Intel Core i5 45nm
Intel Core i3 32nm
Intel Core i3 45nm
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. A local attacker can conduct cache side-channel attacks and determine register values of other processes.
Note: This vulnerability is known as LazyFP.
How to mitigate CVE-2018-3665
Update the affected software.