6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
5.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:P/A:N
0.002 Low
EPSS
Percentile
54.4%
Lenovo Security Advisory: LEN-24163
Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Summary Description:
Intel has made Lenovo aware of vulnerabilities collectively named “L1 Terminal Fault” affecting certain Intel processors. Lenovo has already released new BIOSes addressing these vulnerabilities under LEN-22133, because Intel included fixes for L1 Terminal Fault in a cumulative microcode update at that time. This advisory is to disclose the L1 Terminal Fault vulnerabilities and recommend additional actions you should take to protect yourself.
Mitigation Strategy for Customers (what you should do to protect yourself):
There are three vulnerability variants, each attacking a different sub-component of the processor architecture:
CVE-2018-3615 affects SGX enclaves
CVE-2018-3620 affects OS and SMM (System Management Mode)
CVE-2018-3646 affects VMMs (Virtual Machine Managers)
6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
5.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:P/A:N
0.002 Low
EPSS
Percentile
54.4%