CVE-2018-3615
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-3615
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3615.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-3615
- Downstream
- Related
- Published
- 2018-08-14T19:29:00Z
- Modified
- 2025-08-19T14:18:59.956415Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
- References
-
- http://support.lenovo.com/us/en/solutions/LEN-24163
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- http://www.securityfocus.com/bid/105080
- http://www.securitytracker.com/id/1041451
- https://foreshadowattack.eu/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- https://security.netapp.com/advisory/ntap-20180815-0001/
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://support.f5.com/csp/article/K35558453
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://www.kb.cert.org/vuls/id/982149
- https://www.synology.com/support/security/Synology_SA_18_45
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- https://security-tracker.debian.org/tracker/CVE-2018-3615
Affected packages
Debian:11 / intel-microcode
Package
- Name
- intel-microcode
- Purl
- pkg:deb/debian/intel-microcode?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.20180703.1
Affected versions
0.*
0.20080131-1
0.20080220-1
0.20080401-1
0.20080910-1
0.20080910-2
0.20090330-1
0.20090927-1
0.20100826-1
0.20100914-1
0.20101123-1
0.20110428-1
0.20110915-1
0.20111110-1
0.20120606-1
1.*
1.20120606.1
1.20120606.2
1.20120606.3
1.20120606.4
1.20120606.5
1.20120606.6~bpo60+1
1.20120606.6
1.20120606.v2.1
1.20120606.v2.2~bpo60+1
1.20120606.v2.2
1.20130222.1~bpo60+1
1.20130222.1
1.20130222.3
1.20130222.4
1.20130222.5
1.20130222.6
1.20130808.1
1.20130808.2
1.20130906.1
1.20140122.1~bpo60+1
1.20140122.1
1.20140430.1~bpo60+1
1.20140430.1
1.20140624.1~bpo60+1
1.20140624.1
1.20140913.1~bpo60+1
1.20140913.1
1.20150121.1
2.*
2.20130808.1~bpo70+1
2.20130808.1
2.20130906.1~bpo70+1
2.20130906.1
2.20140122.1~bpo70+1
2.20140122.1
2.20140430.1~bpo70+1
2.20140430.1
2.20140624.1~bpo70+1
2.20140624.1
3.*
3.20140913.1~bpo70+1
3.20140913.1~bpo70+2
3.20140913.1
3.20150107.1~bpo70+1
3.20150107.1
3.20150121.1~bpo70+1
3.20150121.1
3.20151106.1~bpo7+1
3.20151106.1~bpo8+1
3.20151106.1~deb8u1
3.20151106.1
3.20151106.2
3.20160607.1
3.20160607.2~bpo8+1
3.20160607.2
3.20160714.1~bpo8+1
3.20160714.1~deb8u1~bpo7+1
3.20160714.1~deb8u1
3.20160714.1
3.20161104.1~bpo8+1
3.20161104.1~deb8u1~bpo7+1
3.20161104.1~deb8u1
3.20161104.1
3.20170511.1~bpo8+1
3.20170511.1
3.20170707.1~bpo8+1
3.20170707.1~bpo9+1
3.20170707.1~deb8u1
3.20170707.1~deb9u1
3.20170707.1
3.20171117.1~bpo8+1
3.20171117.1~bpo9+1
3.20171117.1
3.20171215.1
3.20180108.1
3.20180108.1+really20171117.1
3.20180312.1~bpo8+1
3.20180312.1~bpo9+1
3.20180312.1
3.20180425.1~bpo8+1
3.20180425.1~bpo9+1
3.20180425.1~deb8u1
3.20180425.1~deb9u1
3.20180425.1
Debian:12 / intel-microcode
Package
- Name
- intel-microcode
- Purl
- pkg:deb/debian/intel-microcode?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.20180703.1
Affected versions
0.*
0.20080131-1
0.20080220-1
0.20080401-1
0.20080910-1
0.20080910-2
0.20090330-1
0.20090927-1
0.20100826-1
0.20100914-1
0.20101123-1
0.20110428-1
0.20110915-1
0.20111110-1
0.20120606-1
1.*
1.20120606.1
1.20120606.2
1.20120606.3
1.20120606.4
1.20120606.5
1.20120606.6~bpo60+1
1.20120606.6
1.20120606.v2.1
1.20120606.v2.2~bpo60+1
1.20120606.v2.2
1.20130222.1~bpo60+1
1.20130222.1
1.20130222.3
1.20130222.4
1.20130222.5
1.20130222.6
1.20130808.1
1.20130808.2
1.20130906.1
1.20140122.1~bpo60+1
1.20140122.1
1.20140430.1~bpo60+1
1.20140430.1
1.20140624.1~bpo60+1
1.20140624.1
1.20140913.1~bpo60+1
1.20140913.1
1.20150121.1
2.*
2.20130808.1~bpo70+1
2.20130808.1
2.20130906.1~bpo70+1
2.20130906.1
2.20140122.1~bpo70+1
2.20140122.1
2.20140430.1~bpo70+1
2.20140430.1
2.20140624.1~bpo70+1
2.20140624.1
3.*
3.20140913.1~bpo70+1
3.20140913.1~bpo70+2
3.20140913.1
3.20150107.1~bpo70+1
3.20150107.1
3.20150121.1~bpo70+1
3.20150121.1
3.20151106.1~bpo7+1
3.20151106.1~bpo8+1
3.20151106.1~deb8u1
3.20151106.1
3.20151106.2
3.20160607.1
3.20160607.2~bpo8+1
3.20160607.2
3.20160714.1~bpo8+1
3.20160714.1~deb8u1~bpo7+1
3.20160714.1~deb8u1
3.20160714.1
3.20161104.1~bpo8+1
3.20161104.1~deb8u1~bpo7+1
3.20161104.1~deb8u1
3.20161104.1
3.20170511.1~bpo8+1
3.20170511.1
3.20170707.1~bpo8+1
3.20170707.1~bpo9+1
3.20170707.1~deb8u1
3.20170707.1~deb9u1
3.20170707.1
3.20171117.1~bpo8+1
3.20171117.1~bpo9+1
3.20171117.1
3.20171215.1
3.20180108.1
3.20180108.1+really20171117.1
3.20180312.1~bpo8+1
3.20180312.1~bpo9+1
3.20180312.1
3.20180425.1~bpo8+1
3.20180425.1~bpo9+1
3.20180425.1~deb8u1
3.20180425.1~deb9u1
3.20180425.1
Debian:13 / intel-microcode
Package
- Name
- intel-microcode
- Purl
- pkg:deb/debian/intel-microcode?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.20180703.1
Affected versions
0.*
0.20080131-1
0.20080220-1
0.20080401-1
0.20080910-1
0.20080910-2
0.20090330-1
0.20090927-1
0.20100826-1
0.20100914-1
0.20101123-1
0.20110428-1
0.20110915-1
0.20111110-1
0.20120606-1
1.*
1.20120606.1
1.20120606.2
1.20120606.3
1.20120606.4
1.20120606.5
1.20120606.6~bpo60+1
1.20120606.6
1.20120606.v2.1
1.20120606.v2.2~bpo60+1
1.20120606.v2.2
1.20130222.1~bpo60+1
1.20130222.1
1.20130222.3
1.20130222.4
1.20130222.5
1.20130222.6
1.20130808.1
1.20130808.2
1.20130906.1
1.20140122.1~bpo60+1
1.20140122.1
1.20140430.1~bpo60+1
1.20140430.1
1.20140624.1~bpo60+1
1.20140624.1
1.20140913.1~bpo60+1
1.20140913.1
1.20150121.1
2.*
2.20130808.1~bpo70+1
2.20130808.1
2.20130906.1~bpo70+1
2.20130906.1
2.20140122.1~bpo70+1
2.20140122.1
2.20140430.1~bpo70+1
2.20140430.1
2.20140624.1~bpo70+1
2.20140624.1
3.*
3.20140913.1~bpo70+1
3.20140913.1~bpo70+2
3.20140913.1
3.20150107.1~bpo70+1
3.20150107.1
3.20150121.1~bpo70+1
3.20150121.1
3.20151106.1~bpo7+1
3.20151106.1~bpo8+1
3.20151106.1~deb8u1
3.20151106.1
3.20151106.2
3.20160607.1
3.20160607.2~bpo8+1
3.20160607.2
3.20160714.1~bpo8+1
3.20160714.1~deb8u1~bpo7+1
3.20160714.1~deb8u1
3.20160714.1
3.20161104.1~bpo8+1
3.20161104.1~deb8u1~bpo7+1
3.20161104.1~deb8u1
3.20161104.1
3.20170511.1~bpo8+1
3.20170511.1
3.20170707.1~bpo8+1
3.20170707.1~bpo9+1
3.20170707.1~deb8u1
3.20170707.1~deb9u1
3.20170707.1
3.20171117.1~bpo8+1
3.20171117.1~bpo9+1
3.20171117.1
3.20171215.1
3.20180108.1
3.20180108.1+really20171117.1
3.20180312.1~bpo8+1
3.20180312.1~bpo9+1
3.20180312.1
3.20180425.1~bpo8+1
3.20180425.1~bpo9+1
3.20180425.1~deb8u1
3.20180425.1~deb9u1
3.20180425.1
Debian:14 / intel-microcode
Package
- Name
- intel-microcode
- Purl
- pkg:deb/debian/intel-microcode?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.20180703.1
Affected versions
0.*
0.20080131-1
0.20080220-1
0.20080401-1
0.20080910-1
0.20080910-2
0.20090330-1
0.20090927-1
0.20100826-1
0.20100914-1
0.20101123-1
0.20110428-1
0.20110915-1
0.20111110-1
0.20120606-1
1.*
1.20120606.1
1.20120606.2
1.20120606.3
1.20120606.4
1.20120606.5
1.20120606.6~bpo60+1
1.20120606.6
1.20120606.v2.1
1.20120606.v2.2~bpo60+1
1.20120606.v2.2
1.20130222.1~bpo60+1
1.20130222.1
1.20130222.3
1.20130222.4
1.20130222.5
1.20130222.6
1.20130808.1
1.20130808.2
1.20130906.1
1.20140122.1~bpo60+1
1.20140122.1
1.20140430.1~bpo60+1
1.20140430.1
1.20140624.1~bpo60+1
1.20140624.1
1.20140913.1~bpo60+1
1.20140913.1
1.20150121.1
2.*
2.20130808.1~bpo70+1
2.20130808.1
2.20130906.1~bpo70+1
2.20130906.1
2.20140122.1~bpo70+1
2.20140122.1
2.20140430.1~bpo70+1
2.20140430.1
2.20140624.1~bpo70+1
2.20140624.1
3.*
3.20140913.1~bpo70+1
3.20140913.1~bpo70+2
3.20140913.1
3.20150107.1~bpo70+1
3.20150107.1
3.20150121.1~bpo70+1
3.20150121.1
3.20151106.1~bpo7+1
3.20151106.1~bpo8+1
3.20151106.1~deb8u1
3.20151106.1
3.20151106.2
3.20160607.1
3.20160607.2~bpo8+1
3.20160607.2
3.20160714.1~bpo8+1
3.20160714.1~deb8u1~bpo7+1
3.20160714.1~deb8u1
3.20160714.1
3.20161104.1~bpo8+1
3.20161104.1~deb8u1~bpo7+1
3.20161104.1~deb8u1
3.20161104.1
3.20170511.1~bpo8+1
3.20170511.1
3.20170707.1~bpo8+1
3.20170707.1~bpo9+1
3.20170707.1~deb8u1
3.20170707.1~deb9u1
3.20170707.1
3.20171117.1~bpo8+1
3.20171117.1~bpo9+1
3.20171117.1
3.20171215.1
3.20180108.1
3.20180108.1+really20171117.1
3.20180312.1~bpo8+1
3.20180312.1~bpo9+1
3.20180312.1
3.20180425.1~bpo8+1
3.20180425.1~bpo9+1
3.20180425.1~deb8u1
3.20180425.1~deb9u1
3.20180425.1