CVE-2018-3646
5.6 MEDIUMSystems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information re...
Published: 2018-08-14 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 5.6 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
- CWE
- CWE-200
Affected products
| Vendor | Product |
|---|---|
| intel | core_i3, core_i5, core_i7 |
Description
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2018-3646
- [Other]http://support.lenovo.com/us/en/solutions/LEN-24163
- [Other]http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- [Other]http://www.securityfocus.com/bid/105080
- [Other]http://www.securitytracker.com/id/1041451
- [Other]http://www.securitytracker.com/id/1042004
- [Other]http://www.vmware.com/security/advisories/VMSA-2018-0020.html
- [Other]http://xenbits.xen.org/xsa/advisory-273.html
- [Other]https://access.redhat.com/errata/RHSA-2018:2384
- [Other]https://access.redhat.com/errata/RHSA-2018:2387
- [Other]https://access.redhat.com/errata/RHSA-2018:2388
- [Other]https://access.redhat.com/errata/RHSA-2018:2389
- [Other]https://access.redhat.com/errata/RHSA-2018:2390
- [Other]https://access.redhat.com/errata/RHSA-2018:2391
- [Other]https://access.redhat.com/errata/RHSA-2018:2392
- [Other]https://access.redhat.com/errata/RHSA-2018:2393
- [Other]https://access.redhat.com/errata/RHSA-2018:2394
- [Other]https://access.redhat.com/errata/RHSA-2018:2395
- [Other]https://access.redhat.com/errata/RHSA-2018:2396
- [Other]https://access.redhat.com/errata/RHSA-2018:2402
- [Other]https://access.redhat.com/errata/RHSA-2018:2403
- [Other]https://access.redhat.com/errata/RHSA-2018:2404
- [Other]https://access.redhat.com/errata/RHSA-2018:2602
- [Other]https://access.redhat.com/errata/RHSA-2018:2603
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- [Other]https://foreshadowattack.eu/
- [Other]https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [Other]https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
- [Other]https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
- [Other]https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
- [Other]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
- [Other]https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
- [Other]https://security.gentoo.org/glsa/201810-06
- [Other]https://security.netapp.com/advisory/ntap-20180815-0001/
- [Vendor advisory]https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- [Other]https://support.f5.com/csp/article/K31300402
- [Other]https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- [Other]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- [Other]https://usn.ubuntu.com/3740-1/
- [Other]https://usn.ubuntu.com/3740-2/
- [Other]https://usn.ubuntu.com/3741-1/
- [Other]https://usn.ubuntu.com/3741-2/
- [Other]https://usn.ubuntu.com/3742-1/
- [Other]https://usn.ubuntu.com/3742-2/
- [Other]https://usn.ubuntu.com/3756-1/
- [Other]https://usn.ubuntu.com/3823-1/
- [Other]https://www.debian.org/security/2018/dsa-4274
- [Other]https://www.debian.org/security/2018/dsa-4279
- [Vendor advisory]https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- [Other]https://www.kb.cert.org/vuls/id/982149
- [Other]https://www.oracle.com/security-alerts/cpujul2020.html
- [Other]https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- [Other]https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- [Other]https://www.synology.com/support/security/Synology_SA_18_45
- [Other]http://support.lenovo.com/us/en/solutions/LEN-24163
- [Other]http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- [Other]http://www.securityfocus.com/bid/105080
- [Other]http://www.securitytracker.com/id/1041451
- [Other]http://www.securitytracker.com/id/1042004
- [Other]http://www.vmware.com/security/advisories/VMSA-2018-0020.html
- [Other]http://xenbits.xen.org/xsa/advisory-273.html
- [Other]https://access.redhat.com/errata/RHSA-2018:2384
- [Other]https://access.redhat.com/errata/RHSA-2018:2387
- [Other]https://access.redhat.com/errata/RHSA-2018:2388
- [Other]https://access.redhat.com/errata/RHSA-2018:2389
- [Other]https://access.redhat.com/errata/RHSA-2018:2390
- [Other]https://access.redhat.com/errata/RHSA-2018:2391
- [Other]https://access.redhat.com/errata/RHSA-2018:2392
- [Other]https://access.redhat.com/errata/RHSA-2018:2393
- [Other]https://access.redhat.com/errata/RHSA-2018:2394
- [Other]https://access.redhat.com/errata/RHSA-2018:2395
- [Other]https://access.redhat.com/errata/RHSA-2018:2396
- [Other]https://access.redhat.com/errata/RHSA-2018:2402
- [Other]https://access.redhat.com/errata/RHSA-2018:2403
- [Other]https://access.redhat.com/errata/RHSA-2018:2404
- [Other]https://access.redhat.com/errata/RHSA-2018:2602
- [Other]https://access.redhat.com/errata/RHSA-2018:2603
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- [Other]https://foreshadowattack.eu/
- [Other]https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [Other]https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
- [Other]https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
- [Other]https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
- [Other]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
- [Other]https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
- [Other]https://security.gentoo.org/glsa/201810-06
- [Other]https://security.netapp.com/advisory/ntap-20180815-0001/
- [Vendor advisory]https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- [Other]https://support.f5.com/csp/article/K31300402
- [Other]https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- [Other]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
- [Other]https://usn.ubuntu.com/3740-1/
- [Other]https://usn.ubuntu.com/3740-2/
- [Other]https://usn.ubuntu.com/3741-1/
- [Other]https://usn.ubuntu.com/3741-2/
- [Other]https://usn.ubuntu.com/3742-1/
- [Other]https://usn.ubuntu.com/3742-2/
- [Other]https://usn.ubuntu.com/3756-1/
- [Other]https://usn.ubuntu.com/3823-1/
- [Other]https://www.debian.org/security/2018/dsa-4274
- [Other]https://www.debian.org/security/2018/dsa-4279
- [Vendor advisory]https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- [Other]https://www.kb.cert.org/vuls/id/982149
- [Other]https://www.oracle.com/security-alerts/cpujul2020.html
- [Other]https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- [Other]https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- [Other]https://www.synology.com/support/security/Synology_SA_18_45
Related CVEs
Same vendor
- CVE-2019-11135 — TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable infor... (6.5 MEDIUM)
- CVE-2019-11091 — Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution m... (5.6 MEDIUM)
- CVE-2018-12130 — Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an a... (5.9 MEDIUM)
- CVE-2018-12127 — Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authe... (5.6 MEDIUM)
- CVE-2018-12126 — Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an... (5.6 MEDIUM)
Same CWE
- CVE-2026-12117 — Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
- CVE-2026-12320 — Information disclosure in the Password Manager component (4.3 MEDIUM)
- CVE-2026-12311 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
- CVE-2026-50870 — An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)
- CVE-2026-39007 — An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export ... (7.5 HIGH)