4.7
CVSSv2

CVE-2018-3646

Published: 14/08/2018 Updated: 23/04/2019
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 421
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Vulnerability Trend

Affected Products

Vendor Product Versions
IntelCore I3330e, 330m, 330um, 350m, 370m, 380m, 380um, 390m, 530, 540, 550, 560, 2100, 2100t, 2102, 2105, 2115c, 2120, 2120t, 2125, 2130, 2310e, 2310m, 2312m, 2328m, 2330e, 2330m, 2340ue, 2348m, 2350m, 2357m, 2365m, 2367m, 2370m, 2375m, 2377m, 3110m, 3115c, 3120m, 3120me, 3130m, 3210, 3217u, 3217ue, 3220, 3220t, 3225, 3227u, 3229y, 3240, 3240t, 3245, 3250, 3250t, 4000m, 4005u, 4010u, 4010y, 4012y, 4020y, 4025u, 4030u, 4030y, 4100e, 4100m, 4100u, 4102e, 4110e, 4110m, 4112e, 4120u, 4130, 4130t, 4150, 4150t, 4158u, 4160, 4160t, 4170, 4170t, 4330, 4330t, 4330te, 4340, 4340te, 4350, 4350t, 4360, 4360t, 4370, 4370t, 5005u, 5010u, 5015u, 5020u, 5157u, 6006u, 6098p, 6100, 6100e, 6100h, 6100t, 6100te, 6100u, 6102e, 6157u, 6167u, 6300, 6300t, 6320, 8100, 8350k
IntelCore I5430m, 430um, 450m, 460m, 470um, 480m, 520e, 520m, 520um, 540m, 540um, 560m, 560um, 580m, 650, 655k, 660, 661, 670, 680, 750, 750s, 760, 2300, 2310, 2320, 2380p, 2390t, 2400, 2400s, 2405s, 2410m, 2430m, 2435m, 2450m, 2450p, 2467m, 2500, 2500k, 2500s, 2500t, 2510e, 2515e, 2520m, 2537m, 2540m, 2550k, 2557m, 3210m, 3230m, 3317u, 3320m, 3330, 3330s, 3337u, 3339y, 3340, 3340m, 3340s, 3350p, 3360m, 3380m, 3427u, 3437u, 3439y, 3450, 3450s, 3470, 3470s, 3470t, 3475s, 3550, 3550s, 3570, 3570k, 3570s, 3570t, 3610me, 4200h, 4200m, 4200u, 4200y, 4202y, 4210h, 4210m, 4210u, 4210y, 4220y, 4250u, 4258u, 4260u, 4278u, 4288u, 4300m, 4300u, 4300y, 4302y, 4308u, 4310m, 4310u, 4330m, 4340m, 4350u, 4360u, 4400e, 4402e, 4402ec, 4410e, 4422e, 4430, 4430s, 4440, 4440s, 4460, 4460s, 4460t, 4570, 4570r, 4570s, 4570t, 4570te, 4590, 4590s, 4590t, 4670, 4670k, 4670r, 4670s, 4670t, 4690, 4690k, 4690s, 4690t, 5200u, 5250u, 5257u, 5287u, 5300u, 5350h, 5350u, 5575r, 5675c, 5675r, 6200u, 6260u, 6267u, 6287u, 6300hq, 6300u, 6350hq, 6360u, 6400, 6400t, 6402p, 6440eq, 6440hq, 6442eq, 6500, 6500t, 6500te, 6585r, 6600, 6600k, 6600t, 6685r, 8250u, 8350u, 8400, 8600k
IntelCore I77y75, 610e, 620le, 620lm, 620m, 620ue, 620um, 640lm, 640m, 640um, 660lm, 660ue, 660um, 680um, 720qm, 740qm, 820qm, 840qm, 860, 860s, 870, 870s, 875k, 880, 920, 920xm, 930, 940, 940xm, 950, 960, 965, 970, 975, 980, 980x, 990x, 2600, 2600k, 2600s, 2610ue, 2617m, 2620m, 2629m, 2630qm, 2635qm, 2637m, 2640m, 2649m, 2655le, 2657m, 2670qm, 2675qm, 2677m, 2700k, 2710qe, 2715qe, 2720qm, 2760qm, 2820qm, 2860qm, 2920xm, 2960xm, 3517u, 3517ue, 3520m, 3537u, 3540m, 3555le, 3610qe, 3610qm, 3612qe, 3612qm, 3615qe, 3615qm, 3630qm, 3632qm, 3635qm, 3667u, 3687u, 3689y, 3720qm, 3740qm, 3770, 3770k, 3770s, 3770t, 3820qm, 3840qm, 4500u, 4510u, 4550u, 4558u, 4578u, 4600m, 4600u, 4610m, 4610y, 4650u, 4700ec, 4700eq, 4700hq, 4700mq, 4702ec, 4702hq, 4702mq, 4710hq, 4710mq, 4712hq, 4712mq, 4720hq, 4722hq, 4750hq, 4760hq, 4765t, 4770, 4770hq, 4770k, 4770r, 4770s, 4770t, 4770te, 4771, 4785t, 4790, 4790k, 4790s, 4790t, 4800mq, 4810mq, 4850hq, 4860hq, 4870hq, 4900mq, 4910mq, 4950hq, 4960hq, 4980hq, 5500u, 5550u, 5557u, 5600u, 5650u, 5700eq, 5700hq, 5750hq, 5775c, 5775r, 5850eq, 5850hq, 5950hq, 7500u, 7560u, 7567u, 7600u, 7660u, 7700, 7700hq, 7700k, 7700t, 7820eq, 7820hk, 7820hq, 7920hq, 8550u, 8650u, 8700, 8700k
IntelCore M5y10, 5y10a, 5y10c, 5y31, 5y51, 5y70, 5y71
IntelCore M36y30, 7y30, 7y32
IntelCore M56y54, 6y57
IntelCore M76y75
IntelXeon*

Vendor Advisories

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: rhev-hypervisor7 security update Type/Severity Security Advisory: Important Topic An update for rhev-hypervisor7 is now available for RHEV 3X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7 ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Sol ...
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 59 Long LifeRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses, including from the kernel ...
This update provides mitigations for the L1 Terminal Fault vulnerability affecting a range of Intel CPUs For additional information please refer to xenbitsxenorg/xsa/advisory-273html The microcode updates mentioned there are not yet available in a form distributable by Debian In addition two denial of service vulnerabilities have been ...
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Several security issues were mitigated in the Linux kernel ...
vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache The ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Several security issues were fixed in the Linux kernel ...
The system could be made to expose sensitive information ...
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimizati ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache The ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis ...
USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 1204 ESM ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis(CVE-2018-3620 ) L1 Termi ...
There are multiple vulnerabilities that affect the IBM OS Image for Red Hat Linux Systems in IBM PureApplication System IBM has released Version 2253 for IBM PureApplication System, in response to CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 The products that are identified for this support are: – PureApplication System – PureApplicatio ...
5On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault (L1TF) that affects modern Intel microprocessors These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged me ...
Several security issues have been identified that impact XenServer Customers should consider these issues and determine possible impact to their own systems  These updates provide a mitigation for recently disclosed issues affecting Intel CPUs  These issues, if exploited, could allow malicious unprivileged code in guest VMs to ...
Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis(CVE-2018-3620 ) L1 Termi ...
Summary Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF) also known as Foreshadow This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX) There is no indication that other CPU vendors are affected  The Foreshadow / L1-terminal- ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
A new speculative execution side channel variant has been discovered called L1 Terminal Fault (L1TF) There are no reports that L1TF has been used in real world exploits This currently affects select Intel processors Mitigations will require microcode updates released earlier this year, plus operating system and hypervisor software updates ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products Publication Date: 2018-10-09 Last Update: 2019-03-12 Current Version: 14 CVSS v30 Base Score: 79 SUMMARY ======= Security researchers published information on vulnerabilities known ...
Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations These vulnerabilities are named by researchers as "Foreshadow" and "For ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
IBM Security Guardium has addressed the following vulnerabilities ...
In January 2018, three security vulnerabilities were made public that allow unauthorized users to bypass the hardware barrier between applications and kernel memory These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are ...
Oracle Linux Bulletin - July 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle Critical Patch Update Advisory - January 2019 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle VM Server for x86 Bulletin - July 2018 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc These attacks allow malicious userspace processes to read kernel memory, thus potentially causing kernel sensitive information to leak These attacks are referred to as Meltdown and Spectre class vulnerabilities, and variants of them: o CVE-2017-5753 Variant ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click jacking attacks ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4274-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff August 16, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4279-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso August 20, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:09l1tf Security Advisory The FreeBSD Project Topic: L1 Terminal Fault (L1TF) Kernel Information Disclo ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10141, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10141, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 1012 ...

Github Repositories

Overview This is a proof-of-concept self-contained L1TF demonstrator that works in the presence of the Linux kernel's default L1TF mitigation This code does by design not work on a vanilla Linux kernel The purpose is to help validate and improve defenses and not build a practical attack The Linux Kernel User's and Administrator's Guide describes two attack sce

L1TF (Foreshadow) VM guest to host memory read PoC This is a PoC for CVE-2018-3646 This is a vulnerability that enables malicious/compromised VM guests to read host machine physical memory The vulnerability is exploitable on most Intel CPUs that support VT-x and EPT (extended page tables) This includes all Intel Core iX CPUs This PoC works only on 64 bit x86-64 systems (hos

Home-Security-by-W10-Hardening Description on how I configured the installation and Security of Windows 10 Home and Pro, and how I keep it fit for use and purpose Table of Contents Introduction The Scope Steps to take 1 - Control Panel 2 - Settings 3 - Xbox Game Bar 4 - Explorer 5 - Registry 6 - Remove third-party software 7 - Systems repair Introduction The goal of this

Cheat-sheet for a single-user Windows 10 installation As you might notice, things are a little ad-hoc If you are looking for something reproducible and more of a *nix flavour, check-out the Playbook Before install Recognize that you are dealing with the closed-source operating system that has useful features and hostile elements simultaneously To give you an idea on how ch

r151019 r151019 / Mar20 Date Subject Commit 20Mar2014 OS-2834 ship lx brand e8facfd99e91cf5fefa4291a3ba0b6a0710eea09 r151019 / Jun08 Date Subject Commit 20Mar2014 OS-2836 lx brand installer hardcodes /usr/sfw/bin/gtar ea8e5e6536094a59f04195b1aa255e96ac1bbc44 28Mar2014 OS-2863 lx brand need finer grained control over version 75c15d410d1e0a2763da7339ed8f40732c3

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

meltdown Table of Contents Description Setup - The basics of getting started with meltdown Reference - An under-the-hood peek at what the module is doing and how Limitations - OS compatibility, etc Development - Guide for contributing to the module Description This module detects whether your system is vulnerable for Meltdown (CVE-2017-5754) or Spectre (CVE-2017-5753, CVE-20

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdow

Spectre & Meltdown Checker A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' CVE-2017-5754 [rogue data cache load] aka 'Meltdown&#

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Temporarily Disable Intel Hyper-Threading 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

Recent Articles

Microsoft Rolls Out New Intel Microcode for Windows 10, Server 2016
BleepingComputer • Ionut Ilascu • 22 Aug 2018

Microsoft has released multiple microcode updates that mitigate additional variants of the speculative code execution vulnerabilities affecting Intel processors. The patches cover the recently disclosed CPU flaws generically referred to as Foreshadow or L1 Terminal Fault.
All security gaps covered by these patches are varieties of the Spectre vulnerability revealed on the first days of the year. It affects all microprocessors that use branch prediction and speculative code execution to ...

Foreshadow and Intel SGX software attestation: 'The whole trust model collapses'
The Register • Richard Chirgwin • 15 Aug 2018

El Reg talks to Dr Yuval Yarom about Intel's memory leaking catastrophe

Interview In the wake of yet another collection of Intel bugs, The Register had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher Dr Yuval Yarom about its impact.
Dr Yarom explained that one of the big impacts of Foreshadow is that it destroys an important trust model – SGX attestations, which guarantee that the code you publish is the code someone else is running.
Think of it as tamper-evident packaging for software: having published ...

Three more data-leaking security holes found in Intel chips as designers swap security for speed
The Register • Chris Williams, Editor in Chief • 14 Aug 2018

Apps, kernels, virtual machines, SGX, SMM at risk from attack

Intel will today disclose three more vulnerabilities in its processors that can be exploited by malware and malicious virtual machines to potentially steal secret information from computer memory.
These secrets can include passwords, personal and financial records, and encryption keys. They can be potentially lifted from other applications and other customers' virtual machines, as well as SGX enclaves, and System Management Mode (SMM) memory. SGX is Intel's technology that is supposed to p...

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs
BleepingComputer • Catalin Cimpanu • 14 Aug 2018

Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs.
All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.
These flaws target data processed during speculative execution that is stored inside a processor's L1 cac...

References

CWE-200http://support.lenovo.com/us/en/solutions/LEN-24163http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enhttp://www.securityfocus.com/bid/105080http://www.securitytracker.com/id/1041451http://www.securitytracker.com/id/1042004http://www.vmware.com/security/advisories/VMSA-2018-0020.htmlhttp://xenbits.xen.org/xsa/advisory-273.htmlhttps://access.redhat.com/errata/RHSA-2018:2384https://access.redhat.com/errata/RHSA-2018:2387https://access.redhat.com/errata/RHSA-2018:2388https://access.redhat.com/errata/RHSA-2018:2389https://access.redhat.com/errata/RHSA-2018:2390https://access.redhat.com/errata/RHSA-2018:2391https://access.redhat.com/errata/RHSA-2018:2392https://access.redhat.com/errata/RHSA-2018:2393https://access.redhat.com/errata/RHSA-2018:2394https://access.redhat.com/errata/RHSA-2018:2395https://access.redhat.com/errata/RHSA-2018:2396https://access.redhat.com/errata/RHSA-2018:2402https://access.redhat.com/errata/RHSA-2018:2403https://access.redhat.com/errata/RHSA-2018:2404https://access.redhat.com/errata/RHSA-2018:2602https://access.redhat.com/errata/RHSA-2018:2603https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfhttps://foreshadowattack.eu/https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://lists.debian.org/debian-lts-announce/2018/08/msg00029.htmlhttps://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.aschttps://security.gentoo.org/glsa/201810-06https://security.netapp.com/advisory/ntap-20180815-0001/https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-faulthttps://support.f5.com/csp/article/K31300402https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannelhttps://usn.ubuntu.com/3740-1/https://usn.ubuntu.com/3740-2/https://usn.ubuntu.com/3741-1/https://usn.ubuntu.com/3741-2/https://usn.ubuntu.com/3742-1/https://usn.ubuntu.com/3742-2/https://usn.ubuntu.com/3756-1/https://usn.ubuntu.com/3823-1/https://www.debian.org/security/2018/dsa-4274https://www.debian.org/security/2018/dsa-4279https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.htmlhttps://www.kb.cert.org/vuls/id/982149https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.synology.com/support/security/Synology_SA_18_45https://access.redhat.com/errata/RHSA-2018:2387https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2018-3646https://nvd.nist.govhttps://usn.ubuntu.com/3823-1/https://www.kb.cert.org/vuls/id/982149