Problem Description:
On certain Intel 64-bit x86 systems there is a period
of time during terminal fault handling where the CPU may
use speculative execution to try to load data. The CPU may
speculatively access the level 1 data cache (L1D). Data
which would otherwise be protected may then be determined
by using side channel methods.
This issue affects bhyve on FreeBSD/amd64 systems.
Impact:
An attacker executing user code, or kernel code inside
of a virtual machine, may be able to read secret data from
the kernel or from another virtual machine.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd-kernel= 11.2UNKNOWN
FreeBSDanynoarchfreebsd-kernel< 11.2_2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freebsd-kernel	= 11.2	UNKNOWN
FreeBSD	any	noarch	freebsd-kernel	< 11.2_2	UNKNOWN

nessus 73

fedora 2

redhatcve 2

redhat 13

osv 5

ibm 9

openvas 38

ubuntu 9

debian 4

freebsd_advisory 1

xen 1

intel 1

thn 1

f5 3

mageia 4

msrc 2

threatpost 2

lenovo 2

cisco 1

cert 1

oraclelinux 4

cloudfoundry 2

huawei 1

amazon 2

citrix 1

prion 2

vmware 3

cve 2

veracode 2

debiancve 2

ubuntucve 2

suse 2

nessus

OracleVM 3.4 : xen (OVMSA-2018-0246) (Foreshadow)

2018-08-16 00:00:00

FreeBSD : FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure (2310b814-a652-11e8-805b-a4badb2f4699) (Foreshadow)

2018-08-23 00:00:00

Fedora 28 : kernel / kernel-headers (2018-f8cba144ae) (Foreshadow)

2019-01-03 00:00:00

fedora

[SECURITY] Fedora 28 Update: kernel-headers-4.17.14-3.fc28

2018-08-16 08:08:45

[SECURITY] Fedora 27 Update: kernel-headers-4.17.14-3.fc27

2018-08-16 07:24:56

redhatcve

CVE-2018-3646

2021-01-24 22:39:20

CVE-2018-3620

2021-03-20 21:41:50

redhat

(RHSA-2018:2404) Important: rhev-hypervisor7 security update

2018-08-15 15:14:04

(RHSA-2018:2602) Important: kernel security update

2018-08-29 18:04:28

(RHSA-2018:2389) Important: kernel security update

2018-08-14 18:50:42

osv

linux-4.9 - security update

2018-08-28 00:00:00

linux - security update

2018-08-20 00:00:00

xen - security update

2018-08-16 00:00:00

ibm

Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability

2019-02-07 19:55:01

Security Bulletin: L1TF - L1 Terminal Fault Attack affect IBM Netezza Host Management

2019-10-18 03:36:34

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private Cloud Foundry (CVE-2018-3646, CVE-2018-3615, CVE-2018-3620)

2018-11-19 15:40:01

openvas

Fedora Update for kernel-headers FEDORA-2018-1c80fea1cd

2018-08-19 00:00:00

Debian: Security Advisory (DLA-1481-1)

2018-09-02 00:00:00

Debian: Security Advisory (DSA-4279-1)

2018-08-19 00:00:00

ubuntu

Linux kernel vulnerabilities

2018-11-15 00:00:00

Linux kernel (HWE) vulnerabilities

2018-08-14 00:00:00

Linux kernel vulnerabilities

2018-08-14 00:00:00

debian

[SECURITY] [DSA 4274-1] xen security update

2018-08-16 20:47:43

[SECURITY] [DSA 4279-1] linux security update

2018-08-20 11:44:32

[SECURITY] [DLA 1481-1] linux-4.9 security update

2018-08-28 17:10:51

freebsd_advisory

FreeBSD-SA-18:09.l1tf

2018-08-14 00:00:00

xen

L1 Terminal Fault speculative side channel

2018-08-14 17:15:00

intel

Q3 2018 Speculative Execution Side Channel Update

2021-05-11 00:00:00

thn

Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

2018-08-15 07:40:00

K70675920 : August 2018 Intel security vulnerability announcement

2018-08-15 00:00:00

K95275140 : OS Kernel and SMM mode L1 Terminal Fault vulnerability CVE-2018-3620

2018-10-05 00:00:00

Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646

2018-10-04 15:26:00

mageia

Updated kernel-linus packages fix security vulnerabilities

2018-08-19 14:24:54

Updated kernel-tmb packages fix security vulnerabilities

2018-08-19 14:24:54

Updated kernel packages fix security vulnerabilities

2018-08-19 14:24:54

msrc

Analysis and mitigation of L1 Terminal Fault (L1TF)

2018-08-13 07:00:00

Analysis and mitigation of L1 Terminal Fault (L1TF)

2018-08-13 07:00:00

threatpost

Intel CPUs Undermined By Fresh Speculative Execution Flaws

2018-08-14 19:24:34

New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants

2018-10-09 19:37:35

lenovo

L1 Terminal Fault Side Channel Vulnerabilities - Lenovo Support NL

2018-08-16 14:27:00

L1 Terminal Fault Side Channel Vulnerabilities - US

2018-08-16 14:27:00

cisco

CPU Side-Channel Information Disclosure Vulnerabilities: August 2018

2018-08-14 17:00:00

cert

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

2018-08-15 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2018-09-06 00:00:00

Unbreakable Enterprise kernel security update

2018-08-14 00:00:00

Unbreakable Enterprise kernel security update

2018-09-13 00:00:00

cloudfoundry

USN-3740-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry

2018-09-11 00:00:00

USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2018-08-17 00:00:00

huawei

Security Advisory - CPU Side Channel Vulnerability "L1TF"

2018-08-15 00:00:00

amazon

Critical: kernel

2018-08-10 20:26:00

Critical: kernel

2018-08-10 22:53:00

citrix

XenServer Multiple Security Updates

2018-08-14 04:00:00

prion

Information disclosure

2018-08-14 19:29:00

Information disclosure

2018-08-14 19:29:00

vmware

Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.

2018-08-14 00:00:00

Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.

2018-08-14 00:00:00

VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.

2018-08-14 00:00:00

cve

CVE-2018-3620

2018-08-14 19:29:00

CVE-2018-3646

2018-08-14 19:29:00

veracode

Information Disclosure

2019-01-15 09:24:09

Information Disclosure

2019-05-16 03:11:25

debiancve

CVE-2018-3620

2018-08-14 19:29:00

CVE-2018-3646

2018-08-14 19:29:00

ubuntucve

CVE-2018-3620

2018-08-14 00:00:00

CVE-2018-3646

2018-08-14 00:00:00

suse

Security update for xen (important)

2018-08-19 15:09:36

Security update for xen (important)

2018-08-19 15:10:45

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for 2310B814-A652-11E8-805B-A4BADB2F4699