CVE-2018-3615

NameCVE-2018-3615
DescriptionSystems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
intel-microcode (PTS)jessie/non-free3.20180425.1~deb8u1vulnerable
stretch/non-free (security), stretch/non-free3.20180807a.1~deb9u1fixed
sid/non-free, buster/non-free3.20180807a.2fixed
jessie/non-free (security)3.20180807a.1~deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
intel-microcodesource(unstable)3.20180703.1medium

Notes

https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://foreshadowattack.eu/
The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
most server type CPUs, additional models were supported in the 3.20180807a.1 release

Search for package or bug name: Reporting problems