CVE-2018-3615

Name: CVE-2018-3615
Creator: NVD / NIST
Published: 2018-08-14T19:29:00.67+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.3/10EPSS 6.30%

Last modified Jun 17, 2026

CVE-2018-3615 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.. EPSS estimates a 6.30% chance of exploitation in the next 30 days.

Description

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

Metrics

CVSS 3.1

7.3/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

EPSS Probability

6.30%

92.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Intel	Core I3	6006u
Intel	Core I3	6098p
Intel	Core I3	6100
Intel	Core I3	6100e
Intel	Core I3	6100h
Intel	Core I3	6100t
Intel	Core I3	6100te
Intel	Core I3	6100u
Intel	Core I3	6102e
Intel	Core I3	6157u
Intel	Core I3	6167u
Intel	Core I3	6300
Intel	Core I3	6300t
Intel	Core I3	6320
Intel	Core I5	650
Intel	Core I5	655k
Intel	Core I5	660
Intel	Core I5	661
Intel	Core I5	670
Intel	Core I5	680
Intel	Core I5	6200u
Intel	Core I5	6260u
Intel	Core I5	6267u
Intel	Core I5	6287u
Intel	Core I5	6300hq
Intel	Core I5	6300u
Intel	Core I5	6350hq
Intel	Core I5	6360u
Intel	Core I5	6400
Intel	Core I5	6400t
Intel	Core I5	6402p
Intel	Core I5	6440eq
Intel	Core I5	6440hq
Intel	Core I5	6442eq
Intel	Core I5	6500
Intel	Core I5	6500t
Intel	Core I5	6500te
Intel	Core I5	6585r
Intel	Core I5	6600
Intel	Core I5	6600k
Intel	Core I5	6600t
Intel	Core I5	6685r
Intel	Core I7	610e
Intel	Core I7	620le
Intel	Core I7	620lm
Intel	Core I7	620m
Intel	Core I7	620ue
Intel	Core I7	620um
Intel	Core I7	640lm
Intel	Core I7	640m

Showing 50 of 129 affected configurations. See NVD for the full list.

References

http://support.lenovo.com/us/en/solutions/LEN-24163Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enThird Party Advisory
http://www.securityfocus.com/bid/105080Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041451Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/Technical Description, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0001/Third Party Advisory
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-faultMitigation, Vendor Advisory
https://support.f5.com/csp/article/K35558453Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_usThird Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannelThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.htmlVendor Advisory
https://www.kb.cert.org/vuls/id/982149Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_45Third Party Advisory
http://support.lenovo.com/us/en/solutions/LEN-24163Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-enThird Party Advisory
http://www.securityfocus.com/bid/105080Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041451Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/Technical Description, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0001/Third Party Advisory
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-faultMitigation, Vendor Advisory
https://support.f5.com/csp/article/K35558453Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_usThird Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannelThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.htmlVendor Advisory
https://www.kb.cert.org/vuls/id/982149Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_45Third Party Advisory

Timeline

Published: Aug 14, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-3615?

How severe is CVE-2018-3615?

CVE-2018-3615 has a CVSS score of 7.3/10 (HIGH severity). The EPSS model estimates a 6.30% probability of exploitation in the next 30 days.

How do I fix CVE-2018-3615?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-3615?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST