Upstream information

CVE-2018-3615 at MITRE

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

Upstream Security Advisories:

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.4
Vector AV:L/AC:M/Au:N/C:C/I:P/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 6.4
Vector CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Impact High
Integrity Impact Low
Availability Impact None
CVSSv3 Version 3

Note from the SUSE Security Team

This issue covers the SGX related code of the L1 Terminal Fault issue. Fixes for this specific issue will be provided by Intel.

SUSE Bugzilla entries: 1087078 [RESOLVED / FIXED], 1087080 [RESOLVED / FIXED], 1091107 [RESOLVED / FIXED], 1136865 [NEW], 1201877 [RESOLVED / WORKSFORME]

SUSE Security Advisories:

SUSE Timeline for this CVE

CVE page created: Tue Mar 27 16:15:29 2018
CVE page last modified: Thu Nov 10 11:45:26 2022