CVE-2018-3646 [Medium] | Information Disclosure in Core I3

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-30	3.88%	2.53%	-1.35%
2	2026-04-26	3.98%	3.88%	-0.10%
3	2026-04-21	—	3.98%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-05-30

3.88%

2.53%

-1.35%

2026-04-26

3.98%

3.88%

-0.10%

2026-04-21

—

3.98%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.6	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	1.1	4.0	134c704f-9b21-4f2e-91b3-4a467353bcc0
5.6	3.0	MEDIUM	`CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	1.1	4.0	[email protected]
4.7	2.0	MEDIUM	`AV:L/AC:M/Au:N/C:C/I:N/A:N` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	3.4	6.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.6

3.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

1.1

4.0

134c704f-9b21-4f2e-91b3-4a467353bcc0

5.6

3.0

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

1.1

4.0

[email protected]

4.7

2.0

MEDIUM

AV:L/AC:M/Au:N/C:C/I:N/A:N Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

3.4

6.9

[email protected]

OS Trackers for CVE-2018-3646

vendor	priority	summary	link
`alpine`	medium	CVE-2018-3646: 1 source package rows (xen); 10 state rows across 10 repos (3.10-main, 3.11-main, 3.12-main, 3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 10, open 0.	https://security.alpinelinux.org/vuln/CVE-2018-3646
`debian`	not yet assigned	CVE-2018-3646 not yet assigned priority: Debian including 3 source packages (intel-microcode, linux, xen), 15 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 15.	https://security-tracker.debian.org/tracker/CVE-2018-3646
`gentoo`	normal	CVE-2018-3646: 1 GLSA(s) (201810-06), 2 atom(s) (app-emulation/xen, app-emulation/xen-tools); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2018-3646
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2018-3646
`suse`	high	CVE-2018-3646 severity important: SUSE including 744 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1353 product×package rows across 120 product lines (SUSE CaaS Platform 3.0, SUSE CaaS Platform 4.0, … (120 product lines)): Fixed 912, Known Not Affected 284, Known Affected 157.	https://www.suse.com/security/cve/CVE-2018-3646/
`ubuntu`	high	CVE-2018-3646 high priority: Ubuntu including 79 source packages (intel-microcode, linux, …), 640 status rows across 10 suites (bionic, cosmic, disco, focal, jammy, noble, oracular, trusty, upstream, xenial): DNE 398, not-affected 138, released 92, ignored 11, needed 1.	https://ubuntu.com/security/CVE-2018-3646

Affected software / configurations for CVE-2018-3646

Vendor	Product	Version	Raw CPE
intel	core_i3	330e	cpe:2.3:h:intel:core_i3:330e:::::::*
intel	core_i3	330m	cpe:2.3:h:intel:core_i3:330m:::::::*
intel	core_i3	330um	cpe:2.3:h:intel:core_i3:330um:::::::*
intel	core_i3	350m	cpe:2.3:h:intel:core_i3:350m:::::::*
intel	core_i3	370m	cpe:2.3:h:intel:core_i3:370m:::::::*
intel	core_i3	380m	cpe:2.3:h:intel:core_i3:380m:::::::*
intel	core_i3	380um	cpe:2.3:h:intel:core_i3:380um:::::::*
intel	core_i3	390m	cpe:2.3:h:intel:core_i3:390m:::::::*
intel	core_i3	530	cpe:2.3:h:intel:core_i3:530:::::::*
intel	core_i3	540	cpe:2.3:h:intel:core_i3:540:::::::*
intel	core_i3	550	cpe:2.3:h:intel:core_i3:550:::::::*
intel	core_i3	560	cpe:2.3:h:intel:core_i3:560:::::::*
intel	core_i3	2100	cpe:2.3:h:intel:core_i3:2100:::::::*
intel	core_i3	2100t	cpe:2.3:h:intel:core_i3:2100t:::::::*
intel	core_i3	2102	cpe:2.3:h:intel:core_i3:2102:::::::*
intel	core_i3	2105	cpe:2.3:h:intel:core_i3:2105:::::::*
intel	core_i3	2115c	cpe:2.3:h:intel:core_i3:2115c:::::::*
intel	core_i3	2120	cpe:2.3:h:intel:core_i3:2120:::::::*
intel	core_i3	2120t	cpe:2.3:h:intel:core_i3:2120t:::::::*
intel	core_i3	2125	cpe:2.3:h:intel:core_i3:2125:::::::*
intel	core_i3	2130	cpe:2.3:h:intel:core_i3:2130:::::::*
intel	core_i3	2310e	cpe:2.3:h:intel:core_i3:2310e:::::::*
intel	core_i3	2310m	cpe:2.3:h:intel:core_i3:2310m:::::::*
intel	core_i3	2312m	cpe:2.3:h:intel:core_i3:2312m:::::::*
intel	core_i3	2328m	cpe:2.3:h:intel:core_i3:2328m:::::::*
intel	core_i3	2330e	cpe:2.3:h:intel:core_i3:2330e:::::::*
intel	core_i3	2330m	cpe:2.3:h:intel:core_i3:2330m:::::::*
intel	core_i3	2340ue	cpe:2.3:h:intel:core_i3:2340ue:::::::*
intel	core_i3	2348m	cpe:2.3:h:intel:core_i3:2348m:::::::*
intel	core_i3	2350m	cpe:2.3:h:intel:core_i3:2350m:::::::*
intel	core_i3	2357m	cpe:2.3:h:intel:core_i3:2357m:::::::*
intel	core_i3	2365m	cpe:2.3:h:intel:core_i3:2365m:::::::*
intel	core_i3	2367m	cpe:2.3:h:intel:core_i3:2367m:::::::*
intel	core_i3	2370m	cpe:2.3:h:intel:core_i3:2370m:::::::*
intel	core_i3	2375m	cpe:2.3:h:intel:core_i3:2375m:::::::*
intel	core_i3	2377m	cpe:2.3:h:intel:core_i3:2377m:::::::*
intel	core_i3	3110m	cpe:2.3:h:intel:core_i3:3110m:::::::*
intel	core_i3	3115c	cpe:2.3:h:intel:core_i3:3115c:::::::*
intel	core_i3	3120m	cpe:2.3:h:intel:core_i3:3120m:::::::*
intel	core_i3	3120me	cpe:2.3:h:intel:core_i3:3120me:::::::*
intel	core_i3	3130m	cpe:2.3:h:intel:core_i3:3130m:::::::*
intel	core_i3	3210	cpe:2.3:h:intel:core_i3:3210:::::::*
intel	core_i3	3217u	cpe:2.3:h:intel:core_i3:3217u:::::::*
intel	core_i3	3217ue	cpe:2.3:h:intel:core_i3:3217ue:::::::*
intel	core_i3	3220	cpe:2.3:h:intel:core_i3:3220:::::::*
intel	core_i3	3220t	cpe:2.3:h:intel:core_i3:3220t:::::::*
intel	core_i3	3225	cpe:2.3:h:intel:core_i3:3225:::::::*
intel	core_i3	3227u	cpe:2.3:h:intel:core_i3:3227u:::::::*
intel	core_i3	3229y	cpe:2.3:h:intel:core_i3:3229y:::::::*
intel	core_i3	3240	cpe:2.3:h:intel:core_i3:3240:::::::*
intel	core_i3	3240t	cpe:2.3:h:intel:core_i3:3240t:::::::*
intel	core_i3	3245	cpe:2.3:h:intel:core_i3:3245:::::::*
intel	core_i3	3250	cpe:2.3:h:intel:core_i3:3250:::::::*
intel	core_i3	3250t	cpe:2.3:h:intel:core_i3:3250t:::::::*
intel	core_i3	4000m	cpe:2.3:h:intel:core_i3:4000m:::::::*
intel	core_i3	4005u	cpe:2.3:h:intel:core_i3:4005u:::::::*
intel	core_i3	4010u	cpe:2.3:h:intel:core_i3:4010u:::::::*
intel	core_i3	4010y	cpe:2.3:h:intel:core_i3:4010y:::::::*
intel	core_i3	4012y	cpe:2.3:h:intel:core_i3:4012y:::::::*
intel	core_i3	4020y	cpe:2.3:h:intel:core_i3:4020y:::::::*
intel	core_i3	4025u	cpe:2.3:h:intel:core_i3:4025u:::::::*
intel	core_i3	4030u	cpe:2.3:h:intel:core_i3:4030u:::::::*
intel	core_i3	4030y	cpe:2.3:h:intel:core_i3:4030y:::::::*
intel	core_i3	4100e	cpe:2.3:h:intel:core_i3:4100e:::::::*
intel	core_i3	4100m	cpe:2.3:h:intel:core_i3:4100m:::::::*
intel	core_i3	4100u	cpe:2.3:h:intel:core_i3:4100u:::::::*
intel	core_i3	4102e	cpe:2.3:h:intel:core_i3:4102e:::::::*
intel	core_i3	4110e	cpe:2.3:h:intel:core_i3:4110e:::::::*
intel	core_i3	4110m	cpe:2.3:h:intel:core_i3:4110m:::::::*
intel	core_i3	4112e	cpe:2.3:h:intel:core_i3:4112e:::::::*
intel	core_i3	4120u	cpe:2.3:h:intel:core_i3:4120u:::::::*
intel	core_i3	4130	cpe:2.3:h:intel:core_i3:4130:::::::*
intel	core_i3	4130t	cpe:2.3:h:intel:core_i3:4130t:::::::*
intel	core_i3	4150	cpe:2.3:h:intel:core_i3:4150:::::::*
intel	core_i3	4150t	cpe:2.3:h:intel:core_i3:4150t:::::::*
intel	core_i3	4158u	cpe:2.3:h:intel:core_i3:4158u:::::::*
intel	core_i3	4160	cpe:2.3:h:intel:core_i3:4160:::::::*
intel	core_i3	4160t	cpe:2.3:h:intel:core_i3:4160t:::::::*
intel	core_i3	4170	cpe:2.3:h:intel:core_i3:4170:::::::*
intel	core_i3	4170t	cpe:2.3:h:intel:core_i3:4170t:::::::*

References for CVE-2018-3646

URL	Tags
http://support.lenovo.com/us/en/solutions/LEN-24163	Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	Third Party Advisory
http://www.securityfocus.com/bid/105080	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041451	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1042004
http://www.vmware.com/security/advisories/VMSA-2018-0020.html	Third Party Advisory
http://xenbits.xen.org/xsa/advisory-273.html	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2384	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2387	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2388	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2389	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2390	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2391	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2392	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2393	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2394	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2395	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2396	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2402	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2403	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2404	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2602
https://access.redhat.com/errata/RHSA-2018:2603
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://foreshadowattack.eu/	Technical Description Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010	Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc	Third Party Advisory
https://security.gentoo.org/glsa/201810-06
https://security.netapp.com/advisory/ntap-20180815-0001/	Third Party Advisory
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	Mitigation Vendor Advisory
https://support.f5.com/csp/article/K31300402	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	Third Party Advisory
https://usn.ubuntu.com/3740-1/	Third Party Advisory
https://usn.ubuntu.com/3740-2/	Third Party Advisory
https://usn.ubuntu.com/3741-1/	Third Party Advisory
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/	Third Party Advisory
https://usn.ubuntu.com/3742-2/	Third Party Advisory
https://usn.ubuntu.com/3756-1/
https://usn.ubuntu.com/3823-1/
https://www.debian.org/security/2018/dsa-4274
https://www.debian.org/security/2018/dsa-4279
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	Vendor Advisory
https://www.kb.cert.org/vuls/id/982149
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.synology.com/support/security/Synology_SA_18_45	Third Party Advisory

URL

CVE-2018-3646

Exploit prediction scoring system (EPSS) score for CVE-2018-3646

Common vulnerability scoring system (CVSS) metrics for CVE-2018-3646

Weakness enumeration for CVE-2018-3646

GitHub Security Advisory for CVE-2018-3646

OS Trackers for CVE-2018-3646

Affected software / configurations for CVE-2018-3646

References for CVE-2018-3646