CVE-2018-3620

high-risk

Published 2018-08-14

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Do I need to act?

3.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Core I3

Affected Vendors

Intel

References (106)

Third Party Advisory http://support.lenovo.com/us/en/solutions/LEN-24163

Third Party Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

Third Party Advisory http://www.securityfocus.com/bid/105080

Third Party Advisory http://www.securitytracker.com/id/1041451

Third Party Advisory http://www.vmware.com/security/advisories/VMSA-2018-0021.html

Third Party Advisory http://xenbits.xen.org/xsa/advisory-273.html

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2384

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2387

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2388

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2389

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2390

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2391

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2392

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2393

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2394

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2395

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2396

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2402

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2403

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2404

and 86 more references

/ 100

high-risk

Severity 15/34 · Moderate

Exploitability 6/34 · Minimal

Exposure 33/34 · Critical