ID

VAR-201808-0957


CVE

CVE-2018-3646


TITLE

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

Trust: 0.8

sources: CERT/CC: VU#982149

DESCRIPTION

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. 7.2) - noarch, x86_64 3. Description: The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. (CVE-2018-3620, CVE-2018-3646) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode (only available in Debian non-free). Common server class CPUs are covered in the update released as DSA 4273-1. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u3. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlt6p8ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TBJg//VmtxfP6VLm5Q2hHuOlUejrc2W4hOcNRR0Ud7DjJ0B5Gfb9y/u1k+RXBj akX5/Csi6l+kLOWs4/amX3VAxdQRYFL6eEJBNZzlCkBasu1DpkvJdL9F0EP9gru7 Xd/StpSQs8GaBAlklQsckHtKqPzhB5D56gLosLupfmdNovlRKPhX282Ae5JCgjyf BjQv7Oa5K+pUw7F4sZUsdTPZHvl3bZ14u2SDzkIYX6K0KSRi3r4kBNGlRkCnRUTd AW8LpC2uWFX584LhVqJhnKhtd2lveadkwjX9TTRDJkJJOW88Yf2hDSyvWRAKS90D 65SEB2SIrgYiOTqCW4TQXPv5cNSn+LPimrkPus4likNyxJajbck5lB5GVLTTd0dp X0WPp4uhNsISHERZzdJpT8Y3uu5VrPzgSxPay/aPh+n7vy/wFknliZ4IfBSZtOri J5OrlN+Dal0M7eli1ojoByMLsH5Tzzd6/pfmOtWH/wNUFuMPdNwM/KuzcZRn+aMY FZ6jk6Ge0UNgFoQQPb6ddu0YBlPQGK5t+jPS47qR8fEqV7VxBDFVQYKK5Lni9iwi bIarRFTWQNj3nYZ44VOsk95QuyKe2Gw5NkjzlsEhQdQ318urQ6tpAAvjet/xbaHv 6SO/0r3APr5jxH2GGrLUvRRezbXYkBhEVhWOtcOQryXEzPAbcGc= =Cd8P -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-3742-2 August 14, 2018 linux-lts-trusty vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-155-generic 3.13.0-155.206~precise1 linux-image-3.13.0-155-generic-lpae 3.13.0-155.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.155.145 linux-image-generic-lts-trusty 3.13.0.155.145 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2390-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2390 Issue date: 2018-08-14 CVE Names: CVE-2017-0861 CVE-2017-15265 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-7566 CVE-2018-10901 CVE-2018-1000004 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port() 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601849 - CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm ppc64: kernel-2.6.32-754.3.5.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm kernel-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-headers-2.6.32-754.3.5.el6.ppc64.rpm perf-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-headers-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.3.5.el6.s390x.rpm perf-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-0861 https://access.redhat.com/security/cve/CVE-2017-15265 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10901 https://access.redhat.com/security/cve/CVE-2018-1000004 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3Me0NzjgjWX9erEAQhkDBAAjGcoEad9NOtCUJqgDcVHLArXg9OKAloW +BaoAYrYtzH3h9teocV6U3mYaxhwu2Cd13JlbKJsc8BLRzHUSZpwxjcsewCzjx2u dotwAksPej7L3U/U5YPSJ37r/OP+ni7trT1dtEmCI578QHFZB6+4/qK/1aYM+biQ EI0BoaSMV6RDo9u+U6zPgk8L7ugMhWs2PCXbtV7koyg563tasvo5jWlfVYNVD1fz cKTzsTwVQwirynWa2mvtaI+vaslYX3x9Zn6dJ2VEzpD4w6tU54/sViaetmLnSOir ZVdtkeO0pdEBO2YUr+Igc+ZOtLdGpzOjkQVQMBG+YE6bDdynYYFrxkPcNPeB1f1K 2bTNHA/FnirFDOII3JuYEqg8TXdh8NYRZ4a8rqchGo2JCeh5Q5LnhJDYWJv2HbTW TZUQY/nStRfWVpygQJV72GJENICnRVjjQ5D569KFBopnK0iXWLpxlf3dmp5Lvdg2 0rBVnnclfQCQVxZvOiZ3s0wkA9d0o7v4pDN2YgTRDlU4nzI3xE4jh0Sevsn4tVco ePUubCuxhjQfxJswBPoZA8Al3GGlSxOMKFHO6HscnnAh6YL5LVusx4PpJt4Y3tjW Vf8Rk4bFbn+M0RtVM+vnFGjWAr7w6iKvRya8y0LzElfAtpeedcnuxfJGtecT73IZ /6fv2MlabwY=kAUc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Note that due to a client issue, this livepatch may report that it failed to load. You can verify that the patch has successfully loaded by looking in /sys/kernel/livepatch for a directory starting with the name "lkp_Ubuntu," followed by your kernel version, and ending with the version number, "44." The next client update should correct this problem. (CVE-2018-3620) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. (CVE-2018-15572) Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. (CVE-2018-17182) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-133.159 | 44.1 | generic, lowlatency | | 4.4.0-133.159~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-134.160 | 44.1 | generic, lowlatency | | 4.4.0-134.160~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-135.161~14.04.1 | 44.1 | lowlatency, generic | | 4.15.0-32.35 | 44.1 | lowlatency, generic | | 4.15.0-32.35~16.04.1 | 44.1 | generic, lowlatency | | 4.15.0-33.36 | 44.1 | lowlatency, generic | | 4.15.0-33.36~16.04.1 | 44.1 | lowlatency, generic | | 4.15.0-34.37 | 44.1 | generic, lowlatency | | 4.15.0-34.37~16.04.1 | 44.2 | lowlatency, generic | References: CVE-2018-3620, CVE-2018-15594, CVE-2018-3646, CVE-2018-6555, CVE-2018-14633, CVE-2018-15572, CVE-2018-17182 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU. Details on the vulnerability and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Due to the high complexity of the fixes and the need for a corresponding CPU microcode update for a complete fix, we are unable to livepatch these CVEs. Please plan to reboot into an updated kernel as soon as possible. Users running Ubuntu 16.04 LTS or 14.04 LTS should upgrade to kernel version 4.4.0-133.159 or later. References: CVE-2018-3620, and CVE-2018-3646 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Trust: 3.24

sources: NVD: CVE-2018-3646 // CERT/CC: VU#982149 // JVNDB: JVNDB-2018-006428 // VULHUB: VHN-133677 // VULMON: CVE-2018-3646 // PACKETSTORM: 148908 // PACKETSTORM: 148912 // PACKETSTORM: 148952 // PACKETSTORM: 149010 // PACKETSTORM: 148917 // PACKETSTORM: 148898 // PACKETSTORM: 149718 // PACKETSTORM: 148934

AFFECTED PRODUCTS

vendor:intelmodel:core i7scope:eqversion:930

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6400

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:720qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2655le

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3470

Trust: 1.0

vendor:intelmodel:core mscope:eqversion:5y31

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:550

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6585r

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:8550u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4210m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4150t

Trust: 1.0

vendor:intelmodel:core mscope:eqversion:5y10c

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4150

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:740qm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4350t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6300hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:920xm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3340m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3630qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4720hq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4000m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2405s

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:8100

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4670k

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2435m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4770

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3770t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:620m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3380m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4360

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5350u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2410m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6400t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3317u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4700ec

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4160t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3339y

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:460m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2620m

Trust: 1.0

vendor:intelmodel:core m3scope:eqversion:7y32

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:950

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2960xm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4570s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:840qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:8700k

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4330m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2400s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4500u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4160

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4400e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6300t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5750hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4570r

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:8350u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2760qm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:650

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6685r

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:520um

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3770s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3570k

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7700k

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4130

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:970

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5550u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3225

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6260u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2310

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:875k

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:680

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5350h

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3840qm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4308u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2920xm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2340ue

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3240

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4712mq

Trust: 1.0

vendor:intelmodel:core m3scope:eqversion:7y30

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4670s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3230m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2720qm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4130t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5775c

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3227u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:760

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5700eq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4330t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4460

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6600

Trust: 1.0

vendor:intelmodel:xeonscope:eqversion:*

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5675c

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4790

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4702mq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4570

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5557u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:5157u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3517u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2629m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2380p

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5257u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4700mq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4005u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:560um

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:640lm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6600t

Trust: 1.0

vendor:intelmodel:core m5scope:eqversion:6y57

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:820qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2600k

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2675qm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2310m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6100u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5300u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:8350k

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3220

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3475s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4460t

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4340te

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4310u

Trust: 1.0

vendor:intelmodel:core mscope:eqversion:5y10

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4460s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2860qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2637m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3120m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4210u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5200u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:580m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4260u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:560

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4690k

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5675r

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3612qm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2500

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4750hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4785t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3610qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4770t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2600s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4722hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5500u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:8650u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2120

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4600m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2375m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4340m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2500s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2540m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5600u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:430um

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6100t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4590s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3720qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4860hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2820qm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2310e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3210

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4770te

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3217u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7820eq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:670

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:960

Trust: 1.0

vendor:intelmodel:core m7scope:eqversion:6y75

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2102

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4170t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6440eq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3610me

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3610qe

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2700k

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2330e

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:470um

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:640m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4210y

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2649m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2600

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:330um

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3550

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4370t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6402p

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:610e

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4950hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:540um

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2300

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:530

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:520m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:660lm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:660um

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:860

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4770s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4402e

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:870

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2390t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2617m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2515e

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:560m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3667u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4600u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2467m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4850hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5775r

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2557m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4570te

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:620le

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4440s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4578u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4800mq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:350m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4030u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4300m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4430

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:540

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6500t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4670

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4350

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:870s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2550k

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3689y

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5700hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4910mq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7820hk

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4440

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6287u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4100u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3350p

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4202y

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3437u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6100h

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4300y

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4700eq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7500u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4100m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:8250u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2320

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6157u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4110e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4100e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4370

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4610m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4550u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3520m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4200u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7660u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4410e

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:750

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:980x

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2670qm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4340

Trust: 1.0

vendor:intelmodel:core mscope:eqversion:5y51

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:640um

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4250u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:370m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:540m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4360t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4770r

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2430m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2357m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3550s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:940

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7820hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3330

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6006u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4158u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3217ue

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3360m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4112e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2348m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3570

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4012y

Trust: 1.0

vendor:intelmodel:core mscope:eqversion:5y70

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4771

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:520e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2120t

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3229y

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4702ec

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5650u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:620um

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:980

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:620ue

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:480m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:620lm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2100

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:430m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3330s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4278u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3130m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6200u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:380m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4510u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2640m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3340

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4690

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4200m

Trust: 1.0

vendor:intelmodel:core mscope:eqversion:5y71

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2125

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2370m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3427u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5575r

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3250t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4558u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4710mq

Trust: 1.0

vendor:intelmodel:core m3scope:eqversion:6y30

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2630qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3517ue

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4422e

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3320m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4770hq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3245

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2510e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2312m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4310m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3632qm

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4710hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:660

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4200y

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:5015u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6267u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3687u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4300u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4790s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7700

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3635qm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6167u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4330te

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:860s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7567u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4765t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4670t

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3240t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3340s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:965

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3450

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3115c

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7700t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5287u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:940xm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6100te

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:660ue

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:975

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2635qm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2450m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4670r

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3615qm

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6300

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4770k

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3470s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4790t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4712hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4760hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:655k

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4200h

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:990x

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2450p

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4102e

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:8700

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:8600k

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3615qe

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4960hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4810mq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7600u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3450s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:8400

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5950hq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4030y

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4210h

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4360u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6442eq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3210m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3439y

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6300u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2365m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5850eq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6098p

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3120me

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7560u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4790k

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3110m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4288u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:750s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3612qe

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3540m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7y75

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4900mq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2537m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6102e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3250

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3555le

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4350u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:5020u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4590

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:3220t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:661

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2677m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4302y

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7700hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4258u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3337u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6600k

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4330

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2100t

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4010y

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4610y

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2657m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6100e

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2330m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:5010u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:5250u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4010u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2377m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4590t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4690t

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2115c

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2500k

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3470t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2710qe

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2400

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:880

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:920

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4700hq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4170

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3820qm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2520m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4120u

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2350m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4220y

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6500te

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4650u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3770k

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2367m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4110m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3740qm

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6350hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4430s

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4980hq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6320

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:5005u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4402ec

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:680um

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2715qe

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4020y

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2130

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:450m

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:2500t

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4702hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:5850hq

Trust: 1.0

vendor:intelmodel:core mscope:eqversion:5y10a

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:330e

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3570t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6500

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:2610ue

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:390m

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2328m

Trust: 1.0

vendor:intelmodel:core m5scope:eqversion:6y54

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:380um

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:2105

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:4025u

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4570t

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:4690s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:3570s

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6360u

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:7920hq

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:330m

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3770

Trust: 1.0

vendor:intelmodel:core i3scope:eqversion:6100

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:4870hq

Trust: 1.0

vendor:intelmodel:core i5scope:eqversion:6440hq

Trust: 1.0

vendor:intelmodel:core i7scope:eqversion:3537u

Trust: 1.0

vendor:intelmodel: - scope: - version: -

Trust: 0.8

vendor:intelmodel:core i3scope: - version: -

Trust: 0.8

vendor:intelmodel:core i5scope: - version: -

Trust: 0.8

vendor:intelmodel:core i7scope: - version: -

Trust: 0.8

vendor:intelmodel:core mscope: - version: -

Trust: 0.8

vendor:intelmodel:core m3scope: - version: -

Trust: 0.8

vendor:intelmodel:core m5scope: - version: -

Trust: 0.8

vendor:intelmodel:core m7scope: - version: -

Trust: 0.8

vendor:intelmodel:xeonscope: - version: -

Trust: 0.8

sources: CERT/CC: VU#982149 // JVNDB: JVNDB-2018-006428 // NVD: CVE-2018-3646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3646
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3646
value: MEDIUM

Trust: 0.8

VULHUB: VHN-133677
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-3646
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3646
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-133677
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3646
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.1
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133677 // VULMON: CVE-2018-3646 // JVNDB: JVNDB-2018-006428 // NVD: CVE-2018-3646

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-133677 // JVNDB: JVNDB-2018-006428 // NVD: CVE-2018-3646

THREAT TYPE

local

Trust: 0.3

sources: PACKETSTORM: 148912 // PACKETSTORM: 148917 // PACKETSTORM: 149718

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 149010

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006428

PATCH

title:L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620 , CVE-2018-3646 / INTEL-SA-00161url:https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

Trust: 0.8

title:INTEL-SA-00161url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Trust: 0.8

title:JVNVU#97646030(CVE-2018-3615、CVE-2018-3620、CVE-2018-3646)url:http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2018/cve-2018-3620.html

Trust: 0.8

title:The Registerurl:https://www.theregister.co.uk/2018/08/15/foreshadow_sgx_software_attestations_collateral_damage/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/

Trust: 0.2

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182387 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182388 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182389 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rhev-hypervisor7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182404 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182391 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182603 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182602 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rhvm-appliance security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182402 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182392 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182396 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182393 - Security Advisory

Trust: 0.1

title:Red Hat: Important: redhat-virtualization-host security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182403 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182394 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4274-1 xen -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=2129055bb51ebf11b86d56acef7f5da1

Trust: 0.1

title:Debian Security Advisories: DSA-4279-1 linux -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=dac4eea76febd76490afc049b9aa11cb

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182384 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3823-1

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182395 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-3646

Trust: 0.1

title:Red Hat: CVE-2018-3646url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-3646

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182390 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3740-1

Trust: 0.1

title:Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3740-2

Trust: 0.1

title:Ubuntu Security Notice: intel-microcode vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3756-1

Trust: 0.1

title:Ubuntu Security Notice: linux regressionsurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-3

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-2

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2018-1058url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1058

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-trusty vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-2

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-trusty regressionsurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-3

Trust: 0.1

title:Amazon Linux 2: ALAS2-2018-1058url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1058

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=831545c255e00dbde24c93b2cf2135d6

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f295531b3aa99d37dbc53693639947d9

Trust: 0.1

title:HP: HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)url:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03590

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)url:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=ba953f0879f87a755234bc0818c99c6d

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)url:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=deca5f6210b098f58ce384c28747b82c

Trust: 0.1

title:Huawei Security Advisories: Security Advisory - CPU Side Channel Vulnerability "L1TF"url:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=28eb43a14c12e8c070afa60d55f86b55

Trust: 0.1

title:Cisco: CPU Side-Channel Information Disclosure Vulnerabilities: August 2018url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180814-cpusidechannel

Trust: 0.1

title:Forcepoint Security Advisories: Meltdown and Spectre Vulnerability CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646url:https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=459877525c31ac6029f4be4a6ea97e17

Trust: 0.1

title:Citrix Security Bulletins: XenServer Multiple Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=89d06253986d1cdae0f8d9ffbff97d18

Trust: 0.1

title:IBM: Potential Impact on Processors in the POWER Familyurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cf9e1e42799edbda36ec7415288ad7f0

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=75b9d198a73a91d81765c8b428423224

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=621cdbb127d953e0d9d06eff7dd10106

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=204a1aa9ebf7b5f47151e8b011269862

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Palo Alto Networks Security Advisory: PAN-SA-2018-0011 Information about L1 Terminal Fault findingsurl:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=74b853f8cd89b12964ff841924244a71

Trust: 0.1

title:Fortinet Security Advisories: Meltdown and Spectre class vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-18-002

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=05b5bbd6fb289370b459faf1f4e3919d

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=55ea315dfb69fce8383762ac64250315

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61

Trust: 0.1

title:vmware-esxi-67url:https://github.com/casagency/vmware-esxi-67

Trust: 0.1

title:711552870_surl:https://github.com/Qwhqfmmx/711552870_s

Trust: 0.1

title: - url:https://github.com/teusink/Home-Security-by-OS-Hardening

Trust: 0.1

title:Network_research_reporturl:https://github.com/dongminkim0220/Network_research_report

Trust: 0.1

title:Home-Security-by-W10-Hardeningurl:https://github.com/teusink/Home-Security-by-W10-Hardening

Trust: 0.1

title:l1tf-pocurl:https://github.com/gregvish/l1tf-poc

Trust: 0.1

title:arch_linux_installation_guideurl:https://github.com/kyberdrb/arch_linux_installation_guide

Trust: 0.1

title:711552870_surl:https://github.com/yoobao55/711552870_s

Trust: 0.1

title:l1tf-demourl:https://github.com/blitz/l1tf-demo

Trust: 0.1

title:lx-port-dataurl:https://github.com/omniosorg/lx-port-data

Trust: 0.1

title:win10-regtweakurl:https://github.com/interlunar/win10-regtweak

Trust: 0.1

title:cpu-reporturl:https://github.com/rosenbergj/cpu-report

Trust: 0.1

title:specter---meltdown--checkerurl:https://github.com/vurtne/specter---meltdown--checker

Trust: 0.1

title:TEApoturl:https://github.com/github-3rr0r/TEApot

Trust: 0.1

title:TEApoturl:https://github.com/Mashiro1995/TEApot

Trust: 0.1

title: - url:https://github.com/kali973/spectre-meltdown-checker

Trust: 0.1

title:puppet-meltdownurl:https://github.com/timidri/puppet-meltdown

Trust: 0.1

title:cSpeculationControlFixesurl:https://github.com/poshsecurity/cSpeculationControlFixes

Trust: 0.1

title: - url:https://github.com/es0j/hyperbleed

Trust: 0.1

title:Linux-Toolsurl:https://github.com/minutesinch/Linux-Tools

Trust: 0.1

title:spectre-meltdownurl:https://github.com/edsonjt81/spectre-meltdown

Trust: 0.1

title:spectre-meltdown-checkerurl:https://github.com/speed47/spectre-meltdown-checker

Trust: 0.1

title: - url:https://github.com/merlinepedra25/spectre-meltdown-checker

Trust: 0.1

title: - url:https://github.com/merlinepedra/spectre-meltdown-checker

Trust: 0.1

title: - url:https://github.com/kin-cho/my-spectre-meltdown-checker

Trust: 0.1

title:Hardware-and-Firmware-Security-Guidanceurl:https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance

Trust: 0.1

title:Firmware-Securityurl:https://github.com/virusbeeE/Firmware-Security

Trust: 0.1

title:hardware-attacks-state-of-the-arturl:https://github.com/codexlynx/hardware-attacks-state-of-the-art

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-intel-microcode-for-windows-10-server-2016/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/

Trust: 0.1

sources: VULMON: CVE-2018-3646 // JVNDB: JVNDB-2018-006428

EXTERNAL IDS

db:CERT/CCid:VU#982149

Trust: 2.8

db:NVDid:CVE-2018-3646

Trust: 2.8

db:SIEMENSid:SSA-608355

Trust: 1.2

db:SIEMENSid:SSA-254686

Trust: 1.2

db:SECTRACKid:1041451

Trust: 1.2

db:SECTRACKid:1042004

Trust: 1.2

db:BIDid:105080

Trust: 1.2

db:LENOVOid:LEN-24163

Trust: 1.2

db:JVNid:JVNVU97646030

Trust: 0.8

db:JVNDBid:JVNDB-2018-006428

Trust: 0.8

db:PACKETSTORMid:148991

Trust: 0.1

db:PACKETSTORMid:148896

Trust: 0.1

db:VULHUBid:VHN-133677

Trust: 0.1

db:VULMONid:CVE-2018-3646

Trust: 0.1

db:PACKETSTORMid:148908

Trust: 0.1

db:PACKETSTORMid:148912

Trust: 0.1

db:PACKETSTORMid:148952

Trust: 0.1

db:PACKETSTORMid:149010

Trust: 0.1

db:PACKETSTORMid:148917

Trust: 0.1

db:PACKETSTORMid:148898

Trust: 0.1

db:PACKETSTORMid:149718

Trust: 0.1

db:PACKETSTORMid:148934

Trust: 0.1

sources: CERT/CC: VU#982149 // VULHUB: VHN-133677 // VULMON: CVE-2018-3646 // PACKETSTORM: 148908 // PACKETSTORM: 148912 // PACKETSTORM: 148952 // PACKETSTORM: 149010 // PACKETSTORM: 148917 // PACKETSTORM: 148898 // PACKETSTORM: 149718 // PACKETSTORM: 148934 // JVNDB: JVNDB-2018-006428 // NVD: CVE-2018-3646

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Trust: 2.8

url:https://www.kb.cert.org/vuls/id/982149

Trust: 2.1

url:https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

Trust: 2.0

url:https://foreshadowattack.eu/

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2018-3646

Trust: 1.6

url:https://access.redhat.com/errata/rhsa-2018:2387

Trust: 1.3

url:https://access.redhat.com/errata/rhsa-2018:2389

Trust: 1.3

url:https://access.redhat.com/errata/rhsa-2018:2390

Trust: 1.3

url:https://access.redhat.com/errata/rhsa-2018:2402

Trust: 1.3

url:http://www.securityfocus.com/bid/105080

Trust: 1.2

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180814-cpusidechannel

Trust: 1.2

url:http://support.lenovo.com/us/en/solutions/len-24163

Trust: 1.2

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

Trust: 1.2

url:http://www.vmware.com/security/advisories/vmsa-2018-0020.html

Trust: 1.2

url:http://xenbits.xen.org/xsa/advisory-273.html

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

Trust: 1.2

url:https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0

Trust: 1.2

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180018

Trust: 1.2

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0010

Trust: 1.2

url:https://security.netapp.com/advisory/ntap-20180815-0001/

Trust: 1.2

url:https://support.f5.com/csp/article/k31300402

Trust: 1.2

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.2

url:https://www.synology.com/support/security/synology_sa_18_45

Trust: 1.2

url:https://www.debian.org/security/2018/dsa-4274

Trust: 1.2

url:https://www.debian.org/security/2018/dsa-4279

Trust: 1.2

url:https://security.freebsd.org/advisories/freebsd-sa-18:09.l1tf.asc

Trust: 1.2

url:https://security.gentoo.org/glsa/201810-06

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.2

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2384

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2388

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2391

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2392

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2393

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2394

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2395

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2396

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2403

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2404

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2602

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2603

Trust: 1.2

url:http://www.securitytracker.com/id/1041451

Trust: 1.2

url:http://www.securitytracker.com/id/1042004

Trust: 1.2

url:https://usn.ubuntu.com/3740-1/

Trust: 1.2

url:https://usn.ubuntu.com/3740-2/

Trust: 1.2

url:https://usn.ubuntu.com/3741-1/

Trust: 1.2

url:https://usn.ubuntu.com/3741-2/

Trust: 1.2

url:https://usn.ubuntu.com/3742-1/

Trust: 1.2

url:https://usn.ubuntu.com/3742-2/

Trust: 1.2

url:https://usn.ubuntu.com/3756-1/

Trust: 1.2

url:https://usn.ubuntu.com/3823-1/

Trust: 1.2

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03874en_us

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xrfkqwyv2h4bv75cungcge5tnvqclbgz/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/v4uwgorqwcencif2bhwuef2odbv75qs2/

Trust: 1.1

url:https://www.usenix.org/conference/usenixsecurity18/presentation/bulck

Trust: 0.8

url:https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html

Trust: 0.8

url:https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-3620

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3646

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97646030/index.html

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/vulnerabilities/l1tf

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-3646

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-3620

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://wiki.ubuntu.com/securityteam/knowledgebase/l1tf

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-5391

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-5390

Trust: 0.2

url:https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Trust: 0.2

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbhf03874en_us

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xrfkqwyv2h4bv75cungcge5tnvqclbgz/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/v4uwgorqwcencif2bhwuef2odbv75qs2/

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/casagency/vmware-esxi-67

Trust: 0.1

url:https://github.com/teusink/home-security-by-w10-hardening

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1019.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1019.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1015.18

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1020.22

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-32.35

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3740-1

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5390

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/linux

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3742-2

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3742-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18344

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-15265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-7566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3693

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-0861

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-0861

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3693

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10901

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000004

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10901

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-6555

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-17182

Trust: 0.1

sources: CERT/CC: VU#982149 // VULHUB: VHN-133677 // VULMON: CVE-2018-3646 // PACKETSTORM: 148908 // PACKETSTORM: 148912 // PACKETSTORM: 148952 // PACKETSTORM: 149010 // PACKETSTORM: 148917 // PACKETSTORM: 148898 // PACKETSTORM: 149718 // PACKETSTORM: 148934 // JVNDB: JVNDB-2018-006428 // NVD: CVE-2018-3646

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 148908 // PACKETSTORM: 148952 // PACKETSTORM: 148898

SOURCES

db:CERT/CCid:VU#982149
db:VULHUBid:VHN-133677
db:VULMONid:CVE-2018-3646
db:PACKETSTORMid:148908
db:PACKETSTORMid:148912
db:PACKETSTORMid:148952
db:PACKETSTORMid:149010
db:PACKETSTORMid:148917
db:PACKETSTORMid:148898
db:PACKETSTORMid:149718
db:PACKETSTORMid:148934
db:JVNDBid:JVNDB-2018-006428
db:NVDid:CVE-2018-3646

LAST UPDATE DATE

2025-07-10T20:01:34.748000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#982149date:2018-09-10T00:00:00
db:VULHUBid:VHN-133677date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-3646date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2018-006428date:2018-09-03T00:00:00
db:NVDid:CVE-2018-3646date:2024-11-21T04:05:50.020

SOURCES RELEASE DATE

db:CERT/CCid:VU#982149date:2018-08-15T00:00:00
db:VULHUBid:VHN-133677date:2018-08-14T00:00:00
db:VULMONid:CVE-2018-3646date:2018-08-14T00:00:00
db:PACKETSTORMid:148908date:2018-08-15T04:40:53
db:PACKETSTORMid:148912date:2018-08-15T04:42:35
db:PACKETSTORMid:148952date:2018-08-16T14:16:41
db:PACKETSTORMid:149010date:2018-08-20T17:06:29
db:PACKETSTORMid:148917date:2018-08-15T04:43:02
db:PACKETSTORMid:148898date:2018-08-15T04:37:29
db:PACKETSTORMid:149718date:2018-10-08T23:55:14
db:PACKETSTORMid:148934date:2018-08-14T19:02:22
db:JVNDBid:JVNDB-2018-006428date:2018-08-21T00:00:00
db:NVDid:CVE-2018-3646date:2018-08-14T19:29:00.920