CVE-2018-3646

high-risk

Published 2018-08-14

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Do I need to act?

3.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Core I3

Affected Vendors

Intel

References (112)

Third Party Advisory http://support.lenovo.com/us/en/solutions/LEN-24163

Third Party Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

Third Party Advisory http://www.securityfocus.com/bid/105080

Third Party Advisory http://www.securitytracker.com/id/1041451

http://www.securitytracker.com/id/1042004

Third Party Advisory http://www.vmware.com/security/advisories/VMSA-2018-0020.html

Third Party Advisory http://xenbits.xen.org/xsa/advisory-273.html

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2384

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2387

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2388

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2389

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2390

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2391

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2392

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2393

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2394

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2395

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2396

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2402

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2403

and 92 more references

/ 100

high-risk

Severity 15/34 · Moderate

Exploitability 7/34 · Low

Exposure 33/34 · Critical