Information Disclosure Vulnerability in Microprocessors by Intel
CVE-2018-3646

5.6MEDIUM

Key Information:

Vendor
Intel
Status
Multiple
Vendor
CVE Published:
14 August 2018

Summary

This vulnerability arises from the architecture of Intel microprocessors, where speculative execution and address translations can potentially allow unauthorized users with local access to gain sensitive data from the L1 data cache. Attackers could exploit this flaw through techniques like terminal page faults and side-channel analysis, posing a significant risk to systems reliant on these processors, particularly in environments with multi-tenant architectures.

Affected Version(s)

Multiple Multiple

References

https://www.kb.cert.org/vuls/id/982149
third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id/1041451
vdb-entryx_refsource_SECTRACK
https://security.gentoo.org/glsa/201810-06
vendor-advisoryx_refsource_GENTOO

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.