4.7
CVSSv2

CVE-2018-3665

Published: 21/06/2018 Updated: 15/07/2020
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 419
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Vulnerability Summary

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Vulnerability Trend

Vendor Advisories

Synopsis Moderate: kernel-rt security update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis Moderate: kernel security update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Synopsis Moderate: kernel-rt security, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated kernel-rt packages that fix two security issues and add one enhancement are now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security imp ...
This update provides mitigations for the lazy FPU vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU For additional information please refer to xenbitsxenorg/xsa/advisory-267html For the stable distribution (stretch), this proble ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue An unprivileged local attacker could use this flaw to read FPU state bits by conducti ...
An issue has been identified in certain CPUs that may allow code running in a guest VM to read data from another process in the same VM or another VM running on the same host  The data that can be read is limited to specific CPU registers rather than memory or disk storage; however, those registers may contain sensitive information ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Palo Alto Networks has determined that the WildFire Appliance (WF-500) is affected by the vulnerability disclosure known as LazyFP and has completed an update to address these issues The WildFire Appliance (WF-500) software update is now available to customers that use the WildFire Appliance (WF-500) for on-premise sandboxing Please note that cus ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Oracle Linux Bulletin - July 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle Linux Bulletin - April 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical P ...
Oracle VM Server for x86 Bulletin - October 2018 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...
Oracle VM Server for x86 Bulletin - April 2018 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are publi ...
New types of side channel attacks impact most processors including Intel, AMD, ARM, etc These attacks allow malicious userspace processes to read kernel memory, thus potentially causing kernel sensitive information to leak These attacks are referred to as Meltdown and Spectre class vulnerabilities, and variants of them: o CVE-2017-5753 Variant ...
Oracle VM Server for x86 Bulletin - July 2018 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4232-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff June 20, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:07lazyfpu Security Advisory The FreeBSD Project Topic: Lazy FPU State Restore Information Disclosure Cat ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availabl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the following: AMD Available for: macOS High Sierra 1 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the following: AMD Available for: macOS High Sierra 1 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availabl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availa ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availa ...

Github Repositories

TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre. My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite.

Transient Execution Attack Pot TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite This project is mainly based on project Transient Fail developed by IAIK More information will be found on their paper A Sy

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Disable Intel Hyper-Threading (Updated!) 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources

Scripts to install and execute the Vuls vulnerability scanner running RHEL/CentOS on AWS EC2

rhel-centos-ec2-vuls Installation and execution scripts of the Vuls vulnerability scanner (vulsio) for RHEL/CentOS on AWS EC2 Description Vuls is an open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc Use these scripts to install Vuls and run vulnerability scans on your RHEL/CentOS instance on AWS EC2 Files instal

Microarchitectural exploitation and other hardware attacks.

Hardware attacks / State of the art Microarchitectural exploitation and other hardware attacks Contributing: Contributions, comments and corrections are welcome, please do PR Flaws: TPM-FAIL / TPM meets Timing and Lattice Attacks [CVE-2019-11090] For Intel fTPM [CVE-2019-16863] For STMicroelectronics TPM [CVE-2015-0565] Rowhammer based: [CVE-2016-6728] DRAMMER [CV

Recent Articles

Hope for Hutchins, Navy sinks contractor, there's another Russian hacking scandal, and more
The Register • Shaun Nichols in San Francisco • 14 Jul 2018

Also, make sure you update your Juniper kit quickly

Roundup This week, when we weren't watching the football and sobbing uncontrollably, we saw security headaches at NPM and Ticketmaster, and a priest in hot water with cybercrime charges.
But there's always more in the security world. Here are a few other bits of security news from recent days.
The US Senate is asking the Justice Department to look into the possibility that an Islamic extremist hacking group was actually the work of the Russian government.
Senators Ron Wyden (D-...

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors
The Register • Richard Chirgwin • 26 Jun 2018

Oracle Linux and VM get their innoculations

Oracle has released fixes for Spectre v3a, Spectre v4, and the “Lazy FPU” vulnerability.
The two Spectre patches cover CVE-2018-3640 and CVE-2018-3640.
As Oracle's director of security assurance Eric Maurice explained, the patches apply to both Oracle Linux and Oracle VM and the associated Intel microcode.
The company was also busy on Friday with fixes for admins with systems that use its Ksplice no-reboot patches.
The one everyone was waiting for patches Oracle Linux...

Intel chip flaw: Math unit may spill crypto secrets from apps to malware
The Register • Chris Williams, Editor in Chief • 13 Jun 2018

Nasties on Cores, Xeons may lift computations, mitigations in place or coming

Updated A security flaw within Intel Core and Xeon processors can be potentially exploited to swipe sensitive data from the chips' math processing units.
Malware or malicious logged-in users can attempt to leverage this design blunder to steal the inputs and results of computations performed in private by other software.
These numbers, held in FPU registers, could potentially be used to discern parts of cryptographic keys being used to secure data in the system. For example, Intel's ...

References

CWE-200http://www.securityfocus.com/bid/104460http://www.securitytracker.com/id/1041124http://www.securitytracker.com/id/1041125https://access.redhat.com/errata/RHSA-2018:1852https://access.redhat.com/errata/RHSA-2018:1944https://access.redhat.com/errata/RHSA-2018:2164https://access.redhat.com/errata/RHSA-2018:2165https://access.redhat.com/errata/RHSA-2019:1170https://access.redhat.com/errata/RHSA-2019:1190https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlhttps://nvidia.custhelp.com/app/answers/detail/a_id/4787https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.aschttps://security.netapp.com/advisory/ntap-20181016-0001/https://security.paloaltonetworks.com/CVE-2018-3665https://support.citrix.com/article/CTX235745https://usn.ubuntu.com/3696-1/https://usn.ubuntu.com/3696-2/https://usn.ubuntu.com/3698-1/https://usn.ubuntu.com/3698-2/https://www.debian.org/security/2018/dsa-4232https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.synology.com/support/security/Synology_SA_18_31https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2018-3665https://access.redhat.com/errata/RHSA-2018:1944https://nvd.nist.govhttps://github.com/Mashiro1995/TEApothttps://tools.cisco.com/security/center/viewAlert.x?alertId=58196https://usn.ubuntu.com/3696-1/