Information Disclosure Vulnerability in Intel Processors
CVE-2018-3620

5.6MEDIUM

Key Information:

Vendor

Intel
Status
Multiple
Vendor
CVE Published:
14 August 2018

What is CVE-2018-3620?

This vulnerability arises from how systems with microprocessors utilizing speculative execution and address translations can inadvertently allow an attacker with local user access to disclose sensitive information. By exploiting a terminal page fault alongside side-channel analysis tactics, unauthorized users may be able to gain access to confidential data stored in the L1 data cache. This poses a significant risk for systems utilizing affected Intel processors, necessitating immediate attention and mitigation actions to safeguard sensitive information.

Affected Version(s)

Multiple Multiple

References

https://www.kb.cert.org/vuls/id/982149
third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id/1041451
vdb-entryx_refsource_SECTRACK
https://security.gentoo.org/glsa/201810-06
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.