Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2018-3620 | Mondoo Vulnerability Intelligence

CVE-2018-3620

MEDIUM5.6

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis

Published Aug 14, 2018

Modified 1 years ago

No fix available

Details

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

References

WEBhttp://support.lenovo.com/us/en/solutions/LEN-24163 WEBhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en WEBhttp://www.securityfocus.com/bid/105080 WEBhttp://www.securitytracker.com/id/1041451 WEBhttp://www.vmware.com/security/advisories/VMSA-2018-0021.html WEBhttp://xenbits.xen.org/xsa/advisory-273.html ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2384 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2387 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2388 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2389 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2390 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2391 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2392 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2393 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2394 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2395 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2396 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2402 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2403 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2404 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2602 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2603 WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf WEBhttps://foreshadowattack.eu/WEBhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 WEBhttps://lists.debian.org/debian-lts-announce/2018/08/msg00029.html WEBhttps://lists.debian.org/debian-lts-announce/2018/09/msg00017.html ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018 WEBhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009 ADVISORYhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc ADVISORYhttps://security.gentoo.org/glsa/201810-06 WEBhttps://security.netapp.com/advisory/ntap-20180815-0001/WEBhttps://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault WEBhttps://support.f5.com/csp/article/K95275140 WEBhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us ADVISORYhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel ADVISORYhttps://usn.ubuntu.com/3740-1/ADVISORYhttps://usn.ubuntu.com/3740-2/ADVISORYhttps://usn.ubuntu.com/3741-1/ADVISORYhttps://usn.ubuntu.com/3741-2/ADVISORYhttps://usn.ubuntu.com/3742-1/ADVISORYhttps://usn.ubuntu.com/3742-2/ADVISORYhttps://usn.ubuntu.com/3823-1/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2018-3620 ADVISORYhttps://www.debian.org/security/2018/dsa-4274 ADVISORYhttps://www.debian.org/security/2018/dsa-4279 WEBhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html ADVISORYhttps://www.kb.cert.org/vuls/id/982149 WEBhttps://www.oracle.com/security-alerts/cpujul2020.html WEBhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html WEBhttps://www.synology.com/support/security/Synology_SA_18_45

CVSS Analysis

CVSS v3.0

5.6

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

5.6/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Ecosystems

Timeline

PublishedAug 14, 2018

ModifiedSep 17, 2024