Speculative Execution Vulnerability in Intel Software Guard Extensions
CVE-2018-3615

6.4MEDIUM

Key Information:

Vendor
Intel
Status
Multiple
Vendor
CVE Published:
14 August 2018

Summary

This vulnerability arises in systems using Intel Software Guard Extensions (SGX) where speculative execution might allow an attacker with local user access to exploit side-channel methods. By analyzing the L1 data cache, the attacker could potentially gain unauthorized access to sensitive information stored within an enclave, posing serious security risks to affected systems.

Affected Version(s)

Multiple Multiple

References

https://www.kb.cert.org/vuls/id/982149
third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id/1041451
vdb-entryx_refsource_SECTRACK
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-201...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.