Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Intel security advisory

Number: AV18-133
Date: 15 August 2018

Purpose

The purpose of this advisory is to bring attention to a recent public security advisory from Intel.

Assessment

Intel has issued a security advisory that addresses vulnerabilities in a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel Software Guard Extensions (Intel SGX). A successful exploitation of this class of vulnerability may allow unauthorized disclosure of information residing in the L1 data cache.

Affected Products:

  • Intel Core i3 processor (45nm and 32nm)
  • Intel Core i5 processor (45nm and 32nm)
  • Intel Core i7 processor (45nm and 32nm)
  • Intel Core M processor family (45nm and 32nm)
  • 2nd generation Intel Core processors
  • 3rd generation Intel Core processors
  • 4th generation Intel Core processors
  • 5th generation Intel Core processors
  • 6th generation Intel Core processors
  • 7th generation Intel Core processors
  • 8th generation Intel Core processors
  • Intel Core X-series Processor Family for Intel X99 platforms
  • Intel Core X-series Processor Family for Intel X299 platforms
  • Intel Xeon processor 3400 series
  • Intel Xeon processor 3600 series
  • Intel Xeon processor 5500 series
  • Intel Xeon processor 5600 series
  • Intel Xeon processor 6500 series
  • Intel Xeon processor 7500 series
  • Intel Xeon Processor E3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Processor D (1500, 2100)

CVE References: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.            

References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

Date modified: