CVE-2018-3615

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

Published: 2018-08-14 Last update: 2026-05-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2018-3615 is rated High Risk (66.3/100): CVSS High severity, with high exploitation likelihood (EPSS 6.30%, 93th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +4.63% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2018-3615

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.67% 6.30% +4.63%
2 2026-06-06 1.63% 1.67% +0.04%
3 2026-05-30 1.63%

Full EPSS history (24 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2018-3615

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.3 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 2.0 4.7 134c704f-9b21-4f2e-91b3-4a467353bcc0
6.4 3.0 MEDIUM
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 1.1 4.7 [email protected]
5.4 2.0 MEDIUM
AV:L/AC:M/Au:N/C:C/I:P/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 3.4 7.8 [email protected]

Weakness enumeration for CVE-2018-3615

GitHub Security Advisory for CVE-2018-3615

GHSA-9w6j-7396-jgw4 · Severity: medium — Systems with microprocessors utilizing speculative execution and Intel software guard extensions ...

OS Trackers for CVE-2018-3615

vendor priority summary link
debian not yet assigned CVE-2018-3615 not yet assigned priority: Debian including 1 source packages (intel-microcode), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2018-3615
redhat https://access.redhat.com/security/cve/CVE-2018-3615
ubuntu medium CVE-2018-3615 medium priority: Ubuntu including 24 source packages (linux, linux-aws, …), 96 status rows across 4 suites (bionic, trusty, upstream, xenial): not-affected 50, DNE 45, ignored 1. https://ubuntu.com/security/CVE-2018-3615

Affected software / configurations for CVE-2018-3615

Vendor Product Version Raw CPE
intel core_i3 6006u cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*
intel core_i3 6098p cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*
intel core_i3 6100 cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*
intel core_i3 6100e cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*
intel core_i3 6100h cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*
intel core_i3 6100t cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*
intel core_i3 6100te cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*
intel core_i3 6100u cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*
intel core_i3 6102e cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*
intel core_i3 6157u cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*
intel core_i3 6167u cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*
intel core_i3 6300 cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*
intel core_i3 6300t cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*
intel core_i3 6320 cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*
intel core_i5 650 cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*
intel core_i5 655k cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*
intel core_i5 660 cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*
intel core_i5 661 cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*
intel core_i5 670 cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*
intel core_i5 680 cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*
intel core_i5 6200u cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*
intel core_i5 6260u cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*
intel core_i5 6267u cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*
intel core_i5 6287u cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*
intel core_i5 6300hq cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*
intel core_i5 6300u cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*
intel core_i5 6350hq cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*
intel core_i5 6360u cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*
intel core_i5 6400 cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*
intel core_i5 6400t cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*
intel core_i5 6402p cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*
intel core_i5 6440eq cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*
intel core_i5 6440hq cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*
intel core_i5 6442eq cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*
intel core_i5 6500 cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*
intel core_i5 6500t cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*
intel core_i5 6500te cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*
intel core_i5 6585r cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*
intel core_i5 6600 cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*
intel core_i5 6600k cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*
intel core_i5 6600t cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*
intel core_i5 6685r cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*
intel core_i7 610e cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*
intel core_i7 620le cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*
intel core_i7 620lm cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*
intel core_i7 620m cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*
intel core_i7 620ue cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*
intel core_i7 620um cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*
intel core_i7 640lm cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*
intel core_i7 640m cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*
intel core_i7 640um cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*
intel core_i7 660lm cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*
intel core_i7 660ue cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*
intel core_i7 660um cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*
intel core_i7 680um cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*
intel core_i5 750 cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*
intel core_i5 750s cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*
intel core_i5 760 cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*
intel core_i7 7y75 cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*
intel core_i7 720qm cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*
intel core_i7 740qm cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*
intel core_i7 7500u cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*
intel core_i7 7560u cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*
intel core_i7 7567u cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*
intel core_i7 7600u cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*
intel core_i7 7660u cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*
intel core_i7 7700 cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*
intel core_i7 7700hq cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*
intel core_i7 7700k cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*
intel core_i7 7700t cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*
intel core_i7 7820eq cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*
intel core_i7 7820hk cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*
intel core_i7 7820hq cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*
intel core_i7 7920hq cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*
intel core_i3 8100 cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*
intel core_i3 8350k cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*
intel core_i5 8250u cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*
intel core_i5 8350u cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*
intel core_i5 8400 cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*
intel core_i5 8600k cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*

References for CVE-2018-3615

URL Tags
http://support.lenovo.com/us/en/solutions/LEN-24163 Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en Third Party Advisory
http://www.securityfocus.com/bid/105080 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041451 Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/ Technical Description Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008 Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0001/ Third Party Advisory
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault Mitigation Vendor Advisory
https://support.f5.com/csp/article/K35558453 Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html Vendor Advisory
https://www.kb.cert.org/vuls/id/982149 Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_45 Third Party Advisory
cvelogic Threat Intelligence