CVE-2018-3665

high-risk

Published 2018-06-21

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Do I need to act?

1.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Core I3

Affected Vendors

Freebsd Debian Redhat Intel Citrix Canonical

References (50)

Third Party Advisory http://www.securityfocus.com/bid/104460

Third Party Advisory http://www.securitytracker.com/id/1041124

Third Party Advisory http://www.securitytracker.com/id/1041125

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1852

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1944

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2164

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2165

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1170

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1190

Third Party Advisory https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur...

Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html

Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html

Third Party Advisory https://nvidia.custhelp.com/app/answers/detail/a_id/4787

Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc

Third Party Advisory https://security.netapp.com/advisory/ntap-20181016-0001/

Third Party Advisory https://security.paloaltonetworks.com/CVE-2018-3665

Third Party Advisory https://support.citrix.com/article/CTX235745

Third Party Advisory https://usn.ubuntu.com/3696-1/

Third Party Advisory https://usn.ubuntu.com/3696-2/

Third Party Advisory https://usn.ubuntu.com/3698-1/

and 30 more references

/ 100

high-risk

Severity 15/34 · Moderate

Exploitability 4/34 · Minimal

Exposure 33/34 · Critical