CVE-2018-3620 – Kernel: hw: cpu: L1 terminal fault (L1TF)
https://notcve.org/view.php?id=CVE-2018-3620
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y traducciones de direcciones podría permitir la divulgación no autorizada de información que reside en la caché de datos L1 a un atacante con acceso de usuario local mediante un error de página del terminal y un análisis de canal lateral. Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. • http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.securityfocus.com/bid/105080 http://www.securitytracker.com/id/1041451 http://www.vmware.com/security/advisories/VMSA-2018-0021.html http://xenbits.xen.org/xsa/advisory-273.html https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2388 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2018-3615
https://notcve.org/view.php?id=CVE-2018-3615
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores que emplean ejecución especulativa y extensiones Intel software guard (Intel SGX) podría permitir la fuga no autorizada de información que reside en la caché de datos L1 desde un enclave a un atacante con acceso de usuario local mediante un análisis de canal lateral. • http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.securityfocus.com/bid/105080 http://www.securitytracker.com/id/1041451 https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://foreshadowattack.eu https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://psirt.global.sonicwall.com/vuln-detail/ • CWE-203: Observable Discrepancy •
CVE-2018-3646 – Kernel: hw: cpu: L1 terminal fault (L1TF)
https://notcve.org/view.php?id=CVE-2018-3646
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y traducciones de direcciones podría permitir la divulgación no autorizada de información que reside en la caché de datos L1 a un atacante con acceso de usuario local con privilegios de invitado del sistema operativo mediante un error de página del terminal y un análisis de canal lateral. Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. • http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.securityfocus.com/bid/105080 http://www.securitytracker.com/id/1041451 http://www.securitytracker.com/id/1042004 http://www.vmware.com/security/advisories/VMSA-2018-0020.html http://xenbits.xen.org/xsa/advisory-273.html https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2387 https://access • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2020:0174 https://cdrdv2.intel.com/v1/dl/getContent/685359 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180823-0001 https://www.oracle.com/s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-3619
https://notcve.org/view.php?id=CVE-2018-3619
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access. Vulnerabilidad de divulgación de información en el medio de almacenamiento en sistemas con el módulo de memoria Intel Optane con Whole Disk Encryption podría permitir que un atacante recupere datos mediante el acceso físico. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00114.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •