CVE-2018-3665

Name: CVE-2018-3665
Creator: NVD / NIST
Published: 2018-06-21T20:29:00.373+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.6/10EPSS 0.61%

Last modified Jun 17, 2026

CVE-2018-3665 is a medium-severity vulnerability rated 5.6/10 on the CVSS scale. System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.. EPSS estimates a 0.61% chance of exploitation in the next 30 days.

Description

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Metrics

CVSS 3.1

5.6/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

0.61%

44.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Intel	Core I3	330e
Intel	Core I3	330m
Intel	Core I3	330um
Intel	Core I3	350m
Intel	Core I3	370m
Intel	Core I3	380m
Intel	Core I3	380um
Intel	Core I3	390m
Intel	Core I3	530
Intel	Core I3	540
Intel	Core I3	550
Intel	Core I3	560
Intel	Core I3	2100
Intel	Core I3	2100t
Intel	Core I3	2102
Intel	Core I3	2105
Intel	Core I3	2115c
Intel	Core I3	2120
Intel	Core I3	2120t
Intel	Core I3	2125
Intel	Core I3	2130
Intel	Core I3	2310e
Intel	Core I3	2310m
Intel	Core I3	2312m
Intel	Core I3	2328m
Intel	Core I3	2330e
Intel	Core I3	2330m
Intel	Core I3	2340ue
Intel	Core I3	2348m
Intel	Core I3	2350m
Intel	Core I3	2357m
Intel	Core I3	2365m
Intel	Core I3	2367m
Intel	Core I3	2370m
Intel	Core I3	2375m
Intel	Core I3	2377m
Intel	Core I3	3110m
Intel	Core I3	3115c
Intel	Core I3	3120m
Intel	Core I3	3120me
Intel	Core I3	3130m
Intel	Core I3	3210
Intel	Core I3	3217u
Intel	Core I3	3217ue
Intel	Core I3	3220
Intel	Core I3	3220t
Intel	Core I3	3225
Intel	Core I3	3227u
Intel	Core I3	3229y
Intel	Core I3	3240

Showing 50 of 481 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/104460Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041124Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041125Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:1852Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1944Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2165Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1190Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlThird Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4787Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.ascThird Party Advisory
https://security.netapp.com/advisory/ntap-20181016-0001/Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-3665Third Party Advisory
https://support.citrix.com/article/CTX235745Third Party Advisory
https://usn.ubuntu.com/3696-1/Third Party Advisory
https://usn.ubuntu.com/3696-2/Third Party Advisory
https://usn.ubuntu.com/3698-1/Third Party Advisory
https://usn.ubuntu.com/3698-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4232Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
https://www.synology.com/support/security/Synology_SA_18_31Third Party Advisory
http://www.securityfocus.com/bid/104460Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041124Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041125Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:1852Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1944Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2165Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1190Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlThird Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4787Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.ascThird Party Advisory
https://security.netapp.com/advisory/ntap-20181016-0001/Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-3665Third Party Advisory
https://support.citrix.com/article/CTX235745Third Party Advisory
https://usn.ubuntu.com/3696-1/Third Party Advisory
https://usn.ubuntu.com/3696-2/Third Party Advisory
https://usn.ubuntu.com/3698-1/Third Party Advisory
https://usn.ubuntu.com/3698-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4232Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.htmlVendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
https://www.synology.com/support/security/Synology_SA_18_31Third Party Advisory

Timeline

Published: Jun 21, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-3665?

How severe is CVE-2018-3665?

CVE-2018-3665 has a CVSS score of 5.6/10 (MEDIUM severity). The EPSS model estimates a 0.61% probability of exploitation in the next 30 days.

How do I fix CVE-2018-3665?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-3665?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST