#VU14410 Side-channel attack in Intel products - CVE-2018-3615
Published: August 14, 2018 / Updated: August 15, 2018
Vulnerability identifier: #VU14410
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-3615
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
8th Generation Intel Core Processors
7th Generation Intel Core Processors
6th Generation Intel Core Processors
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E3 v5 Family
8th Generation Intel Core Processors
7th Generation Intel Core Processors
6th Generation Intel Core Processors
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E3 v5 Family
Software vendor:
Intel
Intel
Description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX). A local attacker can conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache from an enclave.
Remediation
Install update from vendor's website.