CVE-2018-3615
CVE-2018-3615
In short
A security flaw in Intel processors with SGX allows a local attacker to steal secret data stored in the processor's L1 cache by observing timing patterns. This bypasses SGX's protection meant to isolate sensitive code.
Technical detail
CVE-2018-3615 exploits speculative execution combined with L1 data cache side-channel analysis to leak information from SGX enclaves. An attacker with local user access can infer enclave secrets through cache timing measurements; this requires the victim enclave to be running but no memory corruption or code execution within the enclave itself.
Summary generated and translated by AI from the official description.
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Affected products
Intel Corporation · MultipleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfhttps://foreshadowattack.eu/https://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008https://security.netapp.com/advisory/ntap-20180815-0001/https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-faulthttps://support.f5.com/csp/article/K35558453https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannelhttp://support.lenovo.com/us/en/solutions/LEN-24163https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html