Upstream information

CVE-2018-3615 at MITRE

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.4
Vector AV:L/AC:M/Au:N/C:C/I:P/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 6.4
Vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Access Vector Local
Access Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Impact High
Integrity Impact Low
Availability Impact None

Note from the SUSE Security Team

This issue covers the SGX related code of the L1 Terminal Fault issue. Fixes for this specific issue will be provided by Intel.

SUSE Bugzilla entries: 1087078 [NEW], 1087080 [RESOLVED / FIXED], 1091107 [RESOLVED / FIXED]

SUSE Security Advisories: