CVE-2018-3620
Public on 2018-08-10
Modified on 2018-08-14
Description
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | kernel | 2018-08-10 | ALAS-2018-1058 | Fixed |
Amazon Linux 2 - Core | kernel | 2018-08-10 | ALAS2-2018-1058 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.6 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
NVD | CVSSv2 | 4.7 | AV:L/AC:M/Au:N/C:C/I:N/A:N |
NVD | CVSSv3 | 5.6 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |