Side-channel attack in Intel products - CVE-2018-3615
Published: August 14, 2018 / Updated: August 15, 2018
Vulnerability identifier: #VU14410
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-3615
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
8th Generation Intel Core Processors
7th Generation Intel Core Processors
6th Generation Intel Core Processors
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E3 v5 Family
8th Generation Intel Core Processors
7th Generation Intel Core Processors
6th Generation Intel Core Processors
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E3 v5 Family
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX). A local attacker can conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache from an enclave.
How to mitigate CVE-2018-3615
Install update from vendor's website.