#VU14412 Side-channel attack in Intel products - CVE-2018-3646
Published: August 15, 2018
Vulnerability identifier: #VU14412
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-3646
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Intel Xeon Processor D 2100
Intel Xeon Processor D 1500
Intel Xeon Processor E7 v4 Family
Intel Xeon Processor E7 v3 Family
Intel Xeon Processor E7 v2 Family
Intel Xeon Processor E7 Family
Intel Xeon Processor E5 v4 Family
Intel Xeon Processor E5 v3 Family
Intel Xeon Processor E5 v2 Family
Intel Xeon Processor E5 Family
Intel Xeon Processor E3 v4 Family
Intel Xeon Processor E3 v3 Family
Intel Xeon Processor E3 v2 Family
Intel Xeon Processor E3 Family
Intel Xeon processor 7500 series
Intel Xeon processor 6500 series
Intel Xeon processor 5600 series
Intel Xeon processor 5500 series
Intel Xeon processor 3600 series
Intel Xeon processor 3400 series
Intel Core X-series Processor Family for Intel X299 platforms
Intel Core X-series Processor Family for Intel X99 platforms
5th generation Intel Core processors
4th generation Intel Core processors
3rd Generation Intel Core Processors
2nd generation Intel Core processors
Intel Core M processor family 32nm
Intel Core M processor family 45nm
Intel Core i7 processor 32nm
Intel Core i7 processor 45nm
Intel Core i5 processor 32nm
Intel Core i5 processor 45nm
Intel Core i3 processor 32nm
Intel Core i3 processor 45nm
8th Generation Intel Core Processors
7th Generation Intel Core Processors
6th Generation Intel Core Processors
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E3 v5 Family
Intel Xeon Scalable Processors
Intel Xeon Processor D 2100
Intel Xeon Processor D 1500
Intel Xeon Processor E7 v4 Family
Intel Xeon Processor E7 v3 Family
Intel Xeon Processor E7 v2 Family
Intel Xeon Processor E7 Family
Intel Xeon Processor E5 v4 Family
Intel Xeon Processor E5 v3 Family
Intel Xeon Processor E5 v2 Family
Intel Xeon Processor E5 Family
Intel Xeon Processor E3 v4 Family
Intel Xeon Processor E3 v3 Family
Intel Xeon Processor E3 v2 Family
Intel Xeon Processor E3 Family
Intel Xeon processor 7500 series
Intel Xeon processor 6500 series
Intel Xeon processor 5600 series
Intel Xeon processor 5500 series
Intel Xeon processor 3600 series
Intel Xeon processor 3400 series
Intel Core X-series Processor Family for Intel X299 platforms
Intel Core X-series Processor Family for Intel X99 platforms
5th generation Intel Core processors
4th generation Intel Core processors
3rd Generation Intel Core Processors
2nd generation Intel Core processors
Intel Core M processor family 32nm
Intel Core M processor family 45nm
Intel Core i7 processor 32nm
Intel Core i7 processor 45nm
Intel Core i5 processor 32nm
Intel Core i5 processor 45nm
Intel Core i3 processor 32nm
Intel Core i3 processor 45nm
8th Generation Intel Core Processors
7th Generation Intel Core Processors
6th Generation Intel Core Processors
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E3 v5 Family
Intel Xeon Scalable Processors
Software vendor:
Intel
Intel
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.
Remediation
Install update from vendor's website.