CVE-2018-3665 [Medium] | Information Disclosure in Core I3

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-02	1.26%	1.83%	+0.57%
2	2025-12-28	1.61%	1.26%	-0.35%
3	2025-12-27	—	1.61%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-02

1.26%

1.83%

+0.57%

2025-12-28

1.61%

1.26%

-0.35%

2025-12-27

—

1.61%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.6	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	1.1	4.0	[email protected]
4.7	2.0	MEDIUM	`AV:L/AC:M/Au:N/C:C/I:N/A:N` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	3.4	6.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.6

3.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

1.1

4.0

[email protected]

4.7

2.0

MEDIUM

AV:L/AC:M/Au:N/C:C/I:N/A:N Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

3.4

6.9

[email protected]

OS Trackers for CVE-2018-3665

vendor	priority	summary	link
`alpine`	medium	CVE-2018-3665: 1 source package rows (xen); 10 state rows across 10 repos (3.10-main, 3.11-main, 3.12-main, 3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 10, open 0.	https://security.alpinelinux.org/vuln/CVE-2018-3665
`debian`	not yet assigned	CVE-2018-3665 not yet assigned priority: Debian including 2 source packages (linux, xen), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.	https://security-tracker.debian.org/tracker/CVE-2018-3665
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2018-3665
`suse`	medium	CVE-2018-3665 severity moderate: SUSE including 612 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 977 product×package rows across 79 product lines (SUSE Enterprise Storage 4, SUSE Enterprise Storage 7.1, … (79 product lines)): Fixed 669, Known Affected 157, Known Not Affected 151.	https://www.suse.com/security/cve/CVE-2018-3665/
`ubuntu`	medium	CVE-2018-3665 medium priority: Ubuntu including 94 source packages (linux, linux-aws, …), 819 status rows across 11 suites (artful, bionic, cosmic, focal, jammy, noble, oracular, plucky, trusty, upstream, xenial): DNE 551, not-affected 152, released 101, ignored 15.	https://ubuntu.com/security/CVE-2018-3665

Affected software / configurations for CVE-2018-3665

Vendor	Product	Version	Raw CPE
intel	core_i3	330e	cpe:2.3:h:intel:core_i3:330e:::::::*
intel	core_i3	330m	cpe:2.3:h:intel:core_i3:330m:::::::*
intel	core_i3	330um	cpe:2.3:h:intel:core_i3:330um:::::::*
intel	core_i3	350m	cpe:2.3:h:intel:core_i3:350m:::::::*
intel	core_i3	370m	cpe:2.3:h:intel:core_i3:370m:::::::*
intel	core_i3	380m	cpe:2.3:h:intel:core_i3:380m:::::::*
intel	core_i3	380um	cpe:2.3:h:intel:core_i3:380um:::::::*
intel	core_i3	390m	cpe:2.3:h:intel:core_i3:390m:::::::*
intel	core_i3	530	cpe:2.3:h:intel:core_i3:530:::::::*
intel	core_i3	540	cpe:2.3:h:intel:core_i3:540:::::::*
intel	core_i3	550	cpe:2.3:h:intel:core_i3:550:::::::*
intel	core_i3	560	cpe:2.3:h:intel:core_i3:560:::::::*
intel	core_i3	2100	cpe:2.3:h:intel:core_i3:2100:::::::*
intel	core_i3	2100t	cpe:2.3:h:intel:core_i3:2100t:::::::*
intel	core_i3	2102	cpe:2.3:h:intel:core_i3:2102:::::::*
intel	core_i3	2105	cpe:2.3:h:intel:core_i3:2105:::::::*
intel	core_i3	2115c	cpe:2.3:h:intel:core_i3:2115c:::::::*
intel	core_i3	2120	cpe:2.3:h:intel:core_i3:2120:::::::*
intel	core_i3	2120t	cpe:2.3:h:intel:core_i3:2120t:::::::*
intel	core_i3	2125	cpe:2.3:h:intel:core_i3:2125:::::::*
intel	core_i3	2130	cpe:2.3:h:intel:core_i3:2130:::::::*
intel	core_i3	2310e	cpe:2.3:h:intel:core_i3:2310e:::::::*
intel	core_i3	2310m	cpe:2.3:h:intel:core_i3:2310m:::::::*
intel	core_i3	2312m	cpe:2.3:h:intel:core_i3:2312m:::::::*
intel	core_i3	2328m	cpe:2.3:h:intel:core_i3:2328m:::::::*
intel	core_i3	2330e	cpe:2.3:h:intel:core_i3:2330e:::::::*
intel	core_i3	2330m	cpe:2.3:h:intel:core_i3:2330m:::::::*
intel	core_i3	2340ue	cpe:2.3:h:intel:core_i3:2340ue:::::::*
intel	core_i3	2348m	cpe:2.3:h:intel:core_i3:2348m:::::::*
intel	core_i3	2350m	cpe:2.3:h:intel:core_i3:2350m:::::::*
intel	core_i3	2357m	cpe:2.3:h:intel:core_i3:2357m:::::::*
intel	core_i3	2365m	cpe:2.3:h:intel:core_i3:2365m:::::::*
intel	core_i3	2367m	cpe:2.3:h:intel:core_i3:2367m:::::::*
intel	core_i3	2370m	cpe:2.3:h:intel:core_i3:2370m:::::::*
intel	core_i3	2375m	cpe:2.3:h:intel:core_i3:2375m:::::::*
intel	core_i3	2377m	cpe:2.3:h:intel:core_i3:2377m:::::::*
intel	core_i3	3110m	cpe:2.3:h:intel:core_i3:3110m:::::::*
intel	core_i3	3115c	cpe:2.3:h:intel:core_i3:3115c:::::::*
intel	core_i3	3120m	cpe:2.3:h:intel:core_i3:3120m:::::::*
intel	core_i3	3120me	cpe:2.3:h:intel:core_i3:3120me:::::::*
intel	core_i3	3130m	cpe:2.3:h:intel:core_i3:3130m:::::::*
intel	core_i3	3210	cpe:2.3:h:intel:core_i3:3210:::::::*
intel	core_i3	3217u	cpe:2.3:h:intel:core_i3:3217u:::::::*
intel	core_i3	3217ue	cpe:2.3:h:intel:core_i3:3217ue:::::::*
intel	core_i3	3220	cpe:2.3:h:intel:core_i3:3220:::::::*
intel	core_i3	3220t	cpe:2.3:h:intel:core_i3:3220t:::::::*
intel	core_i3	3225	cpe:2.3:h:intel:core_i3:3225:::::::*
intel	core_i3	3227u	cpe:2.3:h:intel:core_i3:3227u:::::::*
intel	core_i3	3229y	cpe:2.3:h:intel:core_i3:3229y:::::::*
intel	core_i3	3240	cpe:2.3:h:intel:core_i3:3240:::::::*
intel	core_i3	3240t	cpe:2.3:h:intel:core_i3:3240t:::::::*
intel	core_i3	3245	cpe:2.3:h:intel:core_i3:3245:::::::*
intel	core_i3	3250	cpe:2.3:h:intel:core_i3:3250:::::::*
intel	core_i3	3250t	cpe:2.3:h:intel:core_i3:3250t:::::::*
intel	core_i3	4000m	cpe:2.3:h:intel:core_i3:4000m:::::::*
intel	core_i3	4005u	cpe:2.3:h:intel:core_i3:4005u:::::::*
intel	core_i3	4010u	cpe:2.3:h:intel:core_i3:4010u:::::::*
intel	core_i3	4010y	cpe:2.3:h:intel:core_i3:4010y:::::::*
intel	core_i3	4012y	cpe:2.3:h:intel:core_i3:4012y:::::::*
intel	core_i3	4020y	cpe:2.3:h:intel:core_i3:4020y:::::::*
intel	core_i3	4025u	cpe:2.3:h:intel:core_i3:4025u:::::::*
intel	core_i3	4030u	cpe:2.3:h:intel:core_i3:4030u:::::::*
intel	core_i3	4030y	cpe:2.3:h:intel:core_i3:4030y:::::::*
intel	core_i3	4100e	cpe:2.3:h:intel:core_i3:4100e:::::::*
intel	core_i3	4100m	cpe:2.3:h:intel:core_i3:4100m:::::::*
intel	core_i3	4100u	cpe:2.3:h:intel:core_i3:4100u:::::::*
intel	core_i3	4102e	cpe:2.3:h:intel:core_i3:4102e:::::::*
intel	core_i3	4110e	cpe:2.3:h:intel:core_i3:4110e:::::::*
intel	core_i3	4110m	cpe:2.3:h:intel:core_i3:4110m:::::::*
intel	core_i3	4112e	cpe:2.3:h:intel:core_i3:4112e:::::::*
intel	core_i3	4120u	cpe:2.3:h:intel:core_i3:4120u:::::::*
intel	core_i3	4130	cpe:2.3:h:intel:core_i3:4130:::::::*
intel	core_i3	4130t	cpe:2.3:h:intel:core_i3:4130t:::::::*
intel	core_i3	4150	cpe:2.3:h:intel:core_i3:4150:::::::*
intel	core_i3	4150t	cpe:2.3:h:intel:core_i3:4150t:::::::*
intel	core_i3	4158u	cpe:2.3:h:intel:core_i3:4158u:::::::*
intel	core_i3	4160	cpe:2.3:h:intel:core_i3:4160:::::::*
intel	core_i3	4160t	cpe:2.3:h:intel:core_i3:4160t:::::::*
intel	core_i3	4170	cpe:2.3:h:intel:core_i3:4170:::::::*
intel	core_i3	4170t	cpe:2.3:h:intel:core_i3:4170t:::::::*

References for CVE-2018-3665

URL	Tags
http://www.securityfocus.com/bid/104460	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041124	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041125	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1852	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1944	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2164	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2165	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1190	Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html	Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4787	Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc	Third Party Advisory
https://security.netapp.com/advisory/ntap-20181016-0001/	Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-3665	Third Party Advisory
https://support.citrix.com/article/CTX235745	Third Party Advisory
https://usn.ubuntu.com/3696-1/	Third Party Advisory
https://usn.ubuntu.com/3696-2/	Third Party Advisory
https://usn.ubuntu.com/3698-1/	Third Party Advisory
https://usn.ubuntu.com/3698-2/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4232	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html	Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_31	Third Party Advisory

URL

CVE-2018-3665

Exploit prediction scoring system (EPSS) score for CVE-2018-3665

Common vulnerability scoring system (CVSS) metrics for CVE-2018-3665

Weakness enumeration for CVE-2018-3665

OS Trackers for CVE-2018-3665

Affected software / configurations for CVE-2018-3665

References for CVE-2018-3665