VMware Virtual Appliance Mitigations address L1 Terminal Fault - OS vulnerability. Successful exploitation of this issue may lead to local information disclosure of sensitive information. Unaffected products lines are documented in KB55807.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3620 to this issue.

Column 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
umeq3.x
vidmlt19.03
vcsalt6.7u1
vcsalt6.5u2d
vcsalt6.0u3i
vdplt6.1.11
viclt1.4.3
vralt7.5.0

Name	Operator	Version
um	eq	3.x
vidm	lt	19.03
vcsa	lt	6.7u1
vcsa	lt	6.5u2d
vcsa	lt	6.0u3i
vdp	lt	6.1.11
vic	lt	1.4.3
vra	lt	7.5.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620

kb.vmware.com/kb/52284

kb.vmware.com/kb/52312

kb.vmware.com/kb/52377

kb.vmware.com/kb/52467

kb.vmware.com/kb/52497

kb.vmware.com/kb/55636

kb.vmware.com/kb/55807

nessus 70

prion 1

cve 1

ibm 9

vmware 1

ubuntucve 1

debiancve 1

oraclelinux 11

osv 4

f5 2

veracode 1

fedora 2

redhatcve 2

redhat 15

freebsd 1

photon 4

debian 5

openvas 31

freebsd_advisory 1

xen 1

ubuntu 9

mageia 4

cloudfoundry 2

intel 1

thn 1

paloalto 1

msrc 2

slackware 1

cert 1

threatpost 2

lenovo 2

cisco 1

amazon 2

huawei 1

citrix 1

virtuozzo 2

centos 1

mscve 1

nessus

Photon OS 1.0: Linux PHSA-2018-1.0-0180

2019-02-07 00:00:00

F5 Networks BIG-IP : OS Kernel and SMM mode L1 Terminal Fault vulnerability (K95275140) (Foreshadow)

2019-05-29 00:00:00

VMware vCenter Server Appliance 6.0 / 6.5 / 6.7 Information Disclosure vulnerability (VMSA-2018-0021)

2018-08-31 00:00:00

prion

Information disclosure

2018-08-14 19:29:00

cve

CVE-2018-3620

2018-08-14 19:29:00

ibm

Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow

2018-09-26 21:15:02

Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620)

2018-12-07 02:45:02

Security Bulletin: L1TF - L1 Terminal Fault Attack affect IBM Netezza Host Management

2019-10-18 03:36:34

vmware

Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.

2018-08-14 00:00:00

ubuntucve

CVE-2018-3620

2018-08-14 00:00:00

debiancve

CVE-2018-3620

2018-08-14 19:29:00

oraclelinux

Unbreakable Enterprise kernel security update

2018-09-13 00:00:00

Unbreakable Enterprise kernel security update

2018-09-06 00:00:00

Unbreakable Enterprise kernel security update

2018-09-13 00:00:00

osv

CVE-2018-3620

2018-08-14 19:29:00

linux-4.9 - security update

2018-08-28 00:00:00

linux - security update

2018-08-20 00:00:00

K95275140 : OS Kernel and SMM mode L1 Terminal Fault vulnerability CVE-2018-3620

2018-10-05 00:00:00

K70675920 : August 2018 Intel security vulnerability announcement

2018-08-15 00:00:00

veracode

Information Disclosure

2019-01-15 09:24:09

fedora

[SECURITY] Fedora 28 Update: kernel-headers-4.17.14-3.fc28

2018-08-16 08:08:45

[SECURITY] Fedora 27 Update: kernel-headers-4.17.14-3.fc27

2018-08-16 07:24:56

redhatcve

CVE-2018-3646

2021-01-24 22:39:20

CVE-2018-3620

2021-03-20 21:41:50

redhat

(RHSA-2018:2404) Important: rhev-hypervisor7 security update

2018-08-15 15:14:04

(RHSA-2018:2388) Important: kernel security and bug fix update

2018-08-14 18:50:39

(RHSA-2018:2602) Important: kernel security update

2018-08-29 18:04:28

freebsd

FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure

2018-08-14 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0180

2018-08-28 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0088

2018-08-28 00:00:00

Critical Photon OS Security Update - PHSA-2018-0088

2018-08-28 00:00:00

debian

[SECURITY] [DSA 4279-1] linux security update

2018-08-20 11:44:32

[SECURITY] [DSA 4274-1] xen security update

2018-08-16 20:47:43

[SECURITY] [DSA 4279-1] linux security update

2018-08-20 11:44:32

openvas

Ubuntu: Security Advisory (USN-3823-1)

2022-08-26 00:00:00

Debian: Security Advisory (DSA-4279-1)

2018-08-19 00:00:00

Fedora Update for kernel-headers FEDORA-2018-f8cba144ae

2018-08-19 00:00:00

freebsd_advisory

FreeBSD-SA-18:09.l1tf

2018-08-14 00:00:00

xen

L1 Terminal Fault speculative side channel

2018-08-14 17:15:00

ubuntu

Linux kernel vulnerabilities

2018-11-15 00:00:00

Linux kernel vulnerabilities

2018-08-14 00:00:00

Linux kernel (HWE) vulnerabilities

2018-08-14 00:00:00

mageia

Updated kernel packages fix security vulnerabilities

2018-08-19 14:24:54

Updated microcode packages fix security vulnerabilities

2018-08-19 14:24:54

Updated kernel-linus packages fix security vulnerabilities

2018-08-19 14:24:54

cloudfoundry

USN-3740-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry

2018-09-11 00:00:00

USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2018-08-17 00:00:00

intel

Q3 2018 Speculative Execution Side Channel Update

2021-05-11 00:00:00

thn

Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

2018-08-15 07:40:00

paloalto

Information about L1 Terminal Fault findings

2018-08-17 00:00:00

msrc

Analysis and mitigation of L1 Terminal Fault (L1TF)

2018-08-13 07:00:00

Analysis and mitigation of L1 Terminal Fault (L1TF)

2018-08-13 07:00:00

slackware

[slackware-security] Slackware 14.2 kernel

2018-08-28 23:41:10

cert

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

2018-08-15 00:00:00

threatpost

Intel CPUs Undermined By Fresh Speculative Execution Flaws

2018-08-14 19:24:34

New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants

2018-10-09 19:37:35

lenovo

L1 Terminal Fault Side Channel Vulnerabilities - Lenovo Support NL

2018-08-16 14:27:00

L1 Terminal Fault Side Channel Vulnerabilities - US

2018-08-16 14:27:00

cisco

CPU Side-Channel Information Disclosure Vulnerabilities: August 2018

2018-08-14 17:00:00

amazon

Critical: kernel

2018-08-10 22:53:00

Critical: kernel

2018-08-10 20:26:00

huawei

Security Advisory - CPU Side Channel Vulnerability "L1TF"

2018-08-15 00:00:00

citrix

XenServer Multiple Security Updates

2018-08-14 04:00:00

virtuozzo

Important kernel security update: CVE-2018-3620 and other issues; new kernel 3.10.0-862.11.6.vz7.64.7; Virtuozzo 7.0 Update 8 Hotfix 1 (7.0.8-507)

2018-08-30 00:00:00

Important kernel security update: CVE-2018-3620 and other issues; new kernel 2.6.32-042stab133.1; Virtuozzo 6.0 Update 12 Hotfix 30 (6.0.12-3713)

2018-08-20 00:00:00

centos

kernel, perf, python security update

2018-08-15 03:59:04

mscve

Microsoft Guidance to mitigate L1TF variant

2018-08-14 07:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for VMSA-2018-0021.2