Name | CVE-2018-3615 |
Description | Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
intel-microcode (PTS) | bullseye/non-free | 3.20240813.1~deb11u1 | fixed |
| bullseye/non-free (security) | 3.20240910.1~deb11u1 | fixed |
| bookworm/non-free-firmware | 3.20240910.1~deb12u1 | fixed |
| bookworm/non-free-firmware (security) | 3.20231114.1~deb12u1 | fixed |
| sid/non-free-firmware, trixie/non-free-firmware | 3.20241112.1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
intel-microcode | source | (unstable) | 3.20180703.1 | | | |
Notes
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://foreshadowattack.eu/
The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
most server type CPUs, additional models were supported in the 3.20180807a.1 release