National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-3665 Detail

Current Description

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Source:  MITRE
Description Last Modified:  06/21/2018
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 5.6 MEDIUM
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N (V3 legend)
Impact Score: 4.0
Exploitability Score: 1.1


Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): High
Integrity (I): None
Availability (A): None

CVSS v2.0 Severity and Metrics:

Base Score: 4.7 MEDIUM
Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N) (V2 legend)
Impact Subscore: 6.9
Exploitability Subscore: 3.4


Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): None
Availability (A): None
Additional Information:
Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securityfocus.com/bid/104460 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041124 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041125 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1852 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1944 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2164 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2165 Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc Third Party Advisory
https://security.netapp.com/advisory/ntap-20181016-0001/
https://support.citrix.com/article/CTX235745 Third Party Advisory
https://usn.ubuntu.com/3696-1/ Third Party Advisory
https://usn.ubuntu.com/3696-2/ Third Party Advisory
https://usn.ubuntu.com/3698-1/ Third Party Advisory
https://usn.ubuntu.com/3698-2/ Third Party Advisory
https://www.debian.org/security/2018/dsa-4232 Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html Vendor Advisory
https://www.synology.com/support/security/Synology_SA_18_31 Third Party Advisory

Technical Details

Vulnerability Type (View All)

  • Information Leak / Disclosure (CWE-200)

Vulnerable software and versions Switch to CPE 2.3

Configuration 1
OR
cpe:/h:intel:core_i3:330e
cpe:/h:intel:core_i3:330m
cpe:/h:intel:core_i3:330um
cpe:/h:intel:core_i3:350m
cpe:/h:intel:core_i3:370m
cpe:/h:intel:core_i3:380m
cpe:/h:intel:core_i3:380um
cpe:/h:intel:core_i3:390m
cpe:/h:intel:core_i3:530
cpe:/h:intel:core_i3:540
cpe:/h:intel:core_i3:550
cpe:/h:intel:core_i3:560
cpe:/h:intel:core_i3:2100
cpe:/h:intel:core_i3:2100t
cpe:/h:intel:core_i3:2102
cpe:/h:intel:core_i3:2105
cpe:/h:intel:core_i3:2115c
cpe:/h:intel:core_i3:2120
cpe:/h:intel:core_i3:2120t
cpe:/h:intel:core_i3:2125
cpe:/h:intel:core_i3:2130
cpe:/h:intel:core_i3:2310e
cpe:/h:intel:core_i3:2310m
cpe:/h:intel:core_i3:2312m
cpe:/h:intel:core_i3:2328m
cpe:/h:intel:core_i3:2330e
cpe:/h:intel:core_i3:2330m
cpe:/h:intel:core_i3:2340ue
cpe:/h:intel:core_i3:2348m
cpe:/h:intel:core_i3:2350m
cpe:/h:intel:core_i3:2357m
cpe:/h:intel:core_i3:2365m
cpe:/h:intel:core_i3:2367m
cpe:/h:intel:core_i3:2370m
cpe:/h:intel:core_i3:2375m
cpe:/h:intel:core_i3:2377m
cpe:/h:intel:core_i3:3110m
cpe:/h:intel:core_i3:3115c
cpe:/h:intel:core_i3:3120m
cpe:/h:intel:core_i3:3120me
cpe:/h:intel:core_i3:3130m
cpe:/h:intel:core_i3:3210
cpe:/h:intel:core_i3:3217u
cpe:/h:intel:core_i3:3217ue
cpe:/h:intel:core_i3:3220
cpe:/h:intel:core_i3:3220t
cpe:/h:intel:core_i3:3225
cpe:/h:intel:core_i3:3227u
cpe:/h:intel:core_i3:3229y
cpe:/h:intel:core_i3:3240
cpe:/h:intel:core_i3:3240t
cpe:/h:intel:core_i3:3245
cpe:/h:intel:core_i3:3250
cpe:/h:intel:core_i3:3250t
cpe:/h:intel:core_i3:4000m
cpe:/h:intel:core_i3:4005u
cpe:/h:intel:core_i3:4010u
cpe:/h:intel:core_i3:4010y
cpe:/h:intel:core_i3:4012y
cpe:/h:intel:core_i3:4020y
cpe:/h:intel:core_i3:4025u
cpe:/h:intel:core_i3:4030u
cpe:/h:intel:core_i3:4030y
cpe:/h:intel:core_i3:4100e
cpe:/h:intel:core_i3:4100m
cpe:/h:intel:core_i3:4100u
cpe:/h:intel:core_i3:4102e
cpe:/h:intel:core_i3:4110e
cpe:/h:intel:core_i3:4110m
cpe:/h:intel:core_i3:4112e
cpe:/h:intel:core_i3:4120u
cpe:/h:intel:core_i3:4130
cpe:/h:intel:core_i3:4130t
cpe:/h:intel:core_i3:4150
cpe:/h:intel:core_i3:4150t
cpe:/h:intel:core_i3:4158u
cpe:/h:intel:core_i3:4160
cpe:/h:intel:core_i3:4160t
cpe:/h:intel:core_i3:4170
cpe:/h:intel:core_i3:4170t
cpe:/h:intel:core_i3:4330
cpe:/h:intel:core_i3:4330t
cpe:/h:intel:core_i3:4330te
cpe:/h:intel:core_i3:4340
cpe:/h:intel:core_i3:4340te
cpe:/h:intel:core_i3:4350
cpe:/h:intel:core_i3:4350t
cpe:/h:intel:core_i3:4360
cpe:/h:intel:core_i3:4360t
cpe:/h:intel:core_i3:4370
cpe:/h:intel:core_i3:4370t
cpe:/h:intel:core_i3:5005u
cpe:/h:intel:core_i3:5010u
cpe:/h:intel:core_i3:5015u
cpe:/h:intel:core_i3:5020u
cpe:/h:intel:core_i3:5157u
cpe:/h:intel:core_i3:6006u
cpe:/h:intel:core_i3:6098p
cpe:/h:intel:core_i3:6100
cpe:/h:intel:core_i3:6100e
cpe:/h:intel:core_i3:6100h
Configuration 2
Configuration 3
Configuration 4
Configuration 5
Configuration 6
Configuration 7
Configuration 8
Showing 100 of 481 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

9 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-3665
NVD Published Date:
06/21/2018
NVD Last Modified:
11/30/2018