CVE-2018-3620

Name	CVE-2018-3620
Description	Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DLA-1481-1, DLA-1529-1, DSA-4274-1, DSA-4279-1
NVD severity	medium

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
intel-microcode (PTS)	jessie/non-free	3.20180425.1~deb8u1	vulnerable
	stretch/non-free	3.20190618.1~deb9u1	fixed
	buster/non-free	3.20190618.1	fixed
	bullseye/non-free, sid/non-free	3.20191115.2	fixed
	jessie/non-free (security)	3.20191115.2~deb8u1	fixed
	stretch/non-free (security)	3.20191115.2~deb9u1	fixed
	buster/non-free (security)	3.20191115.2~deb10u1	fixed
linux (PTS)	jessie	3.16.56-1+deb8u1	vulnerable
	jessie (security)	3.16.81-1	fixed
	stretch	4.9.189-3	fixed
	stretch (security)	4.9.189-3+deb9u2	fixed
	buster	4.19.67-2+deb10u1	fixed
	buster (security)	4.19.67-2+deb10u2	fixed
	bullseye, sid	5.4.13-1	fixed
linux-4.9 (PTS)	jessie (security)	4.9.189-3+deb9u2~deb8u1	fixed
xen (PTS)	jessie	4.4.1-9+deb8u10	vulnerable
	jessie (security)	4.4.4lts5-0+deb8u1	vulnerable
	stretch	4.8.5+shim4.10.2+xsa282-1+deb9u11	fixed
	stretch (security)	4.8.5.final+shim4.10.4-1+deb9u12	fixed
	buster	4.11.1+92-g6c33308a8d-2	fixed
	buster (security)	4.11.3+24-g14b62ab3e5-1~deb10u1	fixed
	bullseye, sid	4.11.3+24-g14b62ab3e5-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
intel-microcode	source	(unstable)	3.20180703.1
linux	source	(unstable)	4.17.15-1
linux	source	jessie	3.16.59-1	DLA-1529-1
linux	source	stretch	4.9.110-3+deb9u3	DSA-4279-1
linux-4.9	source	jessie	4.9.110-3+deb9u4~deb8u1	DLA-1481-1
xen	source	(unstable)	4.11.1~pre.20180911.5acdd26fdc+dfsg-2
xen	source	stretch	4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10	DSA-4274-1

Notes

[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
Updates were already shipped with 20180703 release, but only disclosed later, see #906158
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://foreshadowattack.eu/
https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
https://xenbits.xen.org/xsa/advisory-273.html
The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
most server type CPUs, additional models were supported in the 3.20180807a.1 release