What is CVE-2018-3646?

CVE-2018-3646 is a medium-severity vulnerability in Intel Core_i3, classified under Information Disclosure. CVSS score: 5.6/10. Published 2018-08-14.

How severe is CVE-2018-3646?

Medium severity. CVSS v3 base score is 5.6 out of 10.

Is CVE-2018-3646 known to be exploited?

31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Intel Core_i3

CVE-2018-3646

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a termin…

Vulnerability class: Information Disclosure

EPSS: 0.025 (85.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.6 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Intel Core_i3 — versions 330e, 330m, 330um
Intel Core_i5 — versions 430m, 430um, 450m
Intel Core_i7 — versions 7y75, 610e, 620le
Intel Core_m — versions 5y10, 5y10a, 5y10c
Intel Core_m3 — versions 6y30, 7y30, 7y32
Intel Core_m5 — versions 6y54, 6y57
Intel Core_m7 — versions 6y75
Intel Xeon
Intel Corporation Multiple — versions Multiple

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

secure@intel.com (x_refsource_CERT-VN, third-party-advisory)
secure@intel.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
secure@intel.com (vendor-advisory, x_refsource_GENTOO)
secure@intel.com (x_refsource_UBUNTU, vendor-advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_UBUNTU, vendor-advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (vdb-entry, x_refsource_SECTRACK)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secure@intel.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2018-3646?: CVE-2018-3646 is a medium-severity vulnerability in Intel Core_i3, classified under Information Disclosure. CVSS score: 5.6/10. Published 2018-08-14.
How severe is CVE-2018-3646?: Medium severity. CVSS v3 base score is 5.6 out of 10.
Is CVE-2018-3646 known to be exploited?: 31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.