CVE-2018-3646

Impact:
Important
Public Date:
2018-08-14
CWE:
CWE-200
Bugzilla:
1585005: CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.

Find out more about CVE-2018-3646 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.

CVSS v3 metrics

CVSS3 Base Score 5.6
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Advanced Update Support 7.2 (kernel) RHSA-2018:2389 2018-08-14
Red Hat Enterprise Linux Server TUS (v. 7.2) (kernel) RHSA-2018:2389 2018-08-14
Red Hat Enterprise Linux 7 (kernel) RHSA-2018:2384 2018-08-14
Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (kernel) RHSA-2018:2389 2018-08-14
Red Hat Enterprise Linux Extended Update Support 7.3 (kernel) RHSA-2018:2388 2018-08-14
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) RHSA-2018:2404 2018-08-15
Red Hat Enterprise Linux Extended Update Support 6.7 (kernel) RHSA-2018:2391 2018-08-14
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-release-virtualization-host) RHSA-2018:2403 2018-08-15
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhvm-appliance) RHSA-2018:2402 2018-08-16
Red Hat Enterprise Linux Advanced Update Support 6.6 (kernel) RHSA-2018:2392 2018-08-14
Red Hat Enterprise Linux Advanced Update Support 6.5 (kernel) RHSA-2018:2393 2018-08-14
Red Hat Enterprise Linux 6 (kernel) RHSA-2018:2390 2018-08-14
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2018:2396 2018-08-14
Red Hat Enterprise Linux Advanced Update Support 6.4 (kernel) RHSA-2018:2394 2018-08-14
Red Hat Enterprise Linux Server TUS (v. 6.6) (kernel) RHSA-2018:2392 2018-08-14
Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) RHSA-2018:2387 2018-08-14
Red Hat Enterprise Linux Server (v. 5 ELS) (kernel) RHSA-2018:2602 2018-08-29
Red Hat Enterprise Linux Long Life (v. 5.9 server) (kernel) RHSA-2018:2603 2018-08-29
RHEV Hypervisor for RHEL-6 (rhev-hypervisor7) RHSA-2018:2404 2018-08-15
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2018:2395 2018-08-14

Acknowledgements

Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting this issue.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.