Information Disclosure Vulnerability in Intel Processors
CVE-2018-3620

5.6MEDIUM

Key Information:

Vendor
Intel
Status
Multiple
Vendor
CVE Published:
14 August 2018

Summary

This vulnerability arises from how systems with microprocessors utilizing speculative execution and address translations can inadvertently allow an attacker with local user access to disclose sensitive information. By exploiting a terminal page fault alongside side-channel analysis tactics, unauthorized users may be able to gain access to confidential data stored in the L1 data cache. This poses a significant risk for systems utilizing affected Intel processors, necessitating immediate attention and mitigation actions to safeguard sensitive information.

Affected Version(s)

Multiple Multiple

References

https://www.kb.cert.org/vuls/id/982149
third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id/1041451
vdb-entryx_refsource_SECTRACK
https://security.gentoo.org/glsa/201810-06
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.