CVE-2018-3615
7.3 HIGHSystems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized discl...
Published: 2018-08-14 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
- CWE
- CWE-203
Affected products
| Vendor | Product |
|---|---|
| intel | core_i3, core_i5, core_i7 |
Description
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2018-3615
- [Other]http://support.lenovo.com/us/en/solutions/LEN-24163
- [Other]http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- [Other]http://www.securityfocus.com/bid/105080
- [Other]http://www.securitytracker.com/id/1041451
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- [Other]https://foreshadowattack.eu/
- [Other]https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- [Other]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- [Other]https://security.netapp.com/advisory/ntap-20180815-0001/
- [Vendor advisory]https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- [Other]https://support.f5.com/csp/article/K35558453
- [Other]https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- [Other]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- [Vendor advisory]https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- [Other]https://www.kb.cert.org/vuls/id/982149
- [Other]https://www.synology.com/support/security/Synology_SA_18_45
- [Other]http://support.lenovo.com/us/en/solutions/LEN-24163
- [Other]http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- [Other]http://www.securityfocus.com/bid/105080
- [Other]http://www.securitytracker.com/id/1041451
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- [Other]https://foreshadowattack.eu/
- [Other]https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- [Other]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
- [Other]https://security.netapp.com/advisory/ntap-20180815-0001/
- [Vendor advisory]https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- [Other]https://support.f5.com/csp/article/K35558453
- [Other]https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- [Other]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- [Vendor advisory]https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- [Other]https://www.kb.cert.org/vuls/id/982149
- [Other]https://www.synology.com/support/security/Synology_SA_18_45
Related CVEs
Same vendor
- CVE-2019-11135 — TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable infor... (6.5 MEDIUM)
- CVE-2019-11091 — Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution m... (5.6 MEDIUM)
- CVE-2018-12130 — Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an a... (5.9 MEDIUM)
- CVE-2018-12127 — Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authe... (5.6 MEDIUM)
- CVE-2018-12126 — Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an... (5.6 MEDIUM)
Same CWE
- CVE-2026-11289 — Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via... (6.5 MEDIUM)
- CVE-2026-11284 — Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origi... (6.5 MEDIUM)
- CVE-2026-45294 — FreeScout is a free help desk and shared inbox built with PHP's Laravel framework (5.3 MEDIUM)
- CVE-2026-45410 — TREK is a collaborative travel planner (5.3 MEDIUM)
- CVE-2025-11145 — Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauth... (7.5 HIGH)