Lenovo Security Advisory: LEN-24163
Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Summary Description:
Intel has made Lenovo aware of vulnerabilities collectively named “L1 Terminal Fault” affecting certain Intel processors. Lenovo has already released new BIOSes addressing these vulnerabilities under LEN-22133, because Intel included fixes for L1 Terminal Fault in a cumulative microcode update at that time. This advisory is to disclose the L1 Terminal Fault vulnerabilities and recommend additional actions you should take to protect yourself.
Mitigation Strategy for Customers (what you should do to protect yourself):
There are three vulnerability variants, each attacking a different sub-component of the processor architecture:
CVE-2018-3615 affects SGX enclaves
CVE-2018-3620 affects OS and SMM (System Management Mode)
CVE-2018-3646 affects VMMs (Virtual Machine Managers)