CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

high 7.3 CVSS 3.1

Published: Aug 14, 2018

Modified: May 29, 2026

Vendor: Intel

Product: Core I3

Versions: 6006u,6098p,6100,6100e,6100h,6100t,6100te,6100u,6102e,6157u

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

References

http://support.lenovo.com/us/en/solutions/LEN-24163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
http://www.securityfocus.com/bid/105080
http://www.securitytracker.com/id/1041451
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
https://security.netapp.com/advisory/ntap-20180815-0001/

Related CVEs

CVSS Breakdown

Version	3.1
Score	7.3 / 10
Severity	high

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Weakness (CWE)

CWE-203

Affected Product

Vendor	Intel
Product	Core I3
Versions	6006u,6098p,6100,6100e,6100h,6100t,6100te,6100u,6102e,6157u