Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.107834
Category:Huawei
Title:Huawei Data Communication: CPU Side Channel Vulnerability L1TF (huawei-sa-20180815-01-cpu)
Summary:Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646).
Description:Summary:
Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646).

Vulnerability Insight:
Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646). Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations. These vulnerabilities are named by researchers as 'Foreshadow' and 'Foreshadow-NG'. They are also known as L1 Terminal Fault (L1TF) in the industry. (Vulnerability ID: HWPSIRT-2018-08118, HWPSIRT-2018-08119 and HWPSIRT-2018-08120)Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references.

Vulnerability Impact:
Local attackers may exploit these vulnerabilities to cause information leak on the affected system.

Affected Software/OS:
1288H V5 versions Versions earlier than V100R005C00SPC117 (BIOS V081)

2288H V5 versions Versions earlier than V100R005C00SPC117 (BIOS V081)

2488 V5 versions Versions earlier than V100R005C00SPC500 (BIOS V095)

2488H V5 versions Versions earlier than V100R005C00SPC203 (BIOS V095)

5288 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

5288 V5 versions Versions earlier than V100R005C00SPC101 (BIOS V081)

BH622 V2 versions V100R002C00 Versions earlier than V100R002C00SPC308 (BIOS V519)

BH640 V2 versions Versions earlier than V100R002C00SPC306 (BIOS V519)

CH121 versions V100R001C00SPC305

CH121 V3 versions Versions earlier than V100R001C00SPC261 (BIOS V399)

CH121 V5 versions Versions earlier than V100R001C00SPC131 (BIOS V081)

CH121H V3 versions Versions earlier than V100R001C00SPC121 (BIOS V399)

CH121L V3 versions Versions earlier than V100R001C00SPC161 (BIOS V399)

CH121L V5 versions Versions earlier than V100R001C00SPC131 (BIOS V081)

CH140 V3 versions Versions earlier than V100R001C00SPC181 (BIOS V399)

CH140L V3 versions Versions earlier than V100R001C00SPC161 (BIOS V399)

CH220 V3 versions Versions earlier than V100R001C00SPC261 (BIOS V399)

CH222 V3 versions Versions earlier than V100R001C00SPC261 (BIOS V399)

CH225 V3 versions Versions earlier than V100R001C00SPC161 (BIOS V399)

CH226 V3 versions Versions earlier than V100R001C00SPC181 (BIOS V399)

CH242 V3 versions Versions earlier than V100R001C00SPC331 (BIOS V358)

CH242 V3 DDR4 versions Versions earlier than V100R001C00SPC331 (BIOS V817)

CH242 V5 versions Versions earlier than V100R001C00SPC121 (BIOS V095)

EulerOS versions V200R007C00

FusionSphere OpenStack versions V100R006C00RC3B036 V100R006C10SPC112

HUAWEI MateBook (HZ-W09/ HZ-W19/ HZ-W29) versions Versions earlier than BIOS 1.52

HUAWEI MateBook B200/ MateBook D (PL-W09/ PL-W19/ PL-W29) versions Versions earlier than BIOS 1.21

HUAWEI MateBook D (MRC-W10/ MRC-W50/ MRC-W60) versions Versions earlier than BIOS 1.19

HUAWEI MateBook X Pro (MACH-W19/ MACH-W29) versions Versions earlier than BIOS 1.12

Honor MagicBook (VLT-W50/ VLT-W60) versions Versions earlier than BIOS 1.12

RH1288 V2 versions Versions earlier than V100R002C00SPC615 (BIOS V519)

RH1288 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

RH1288A V2 versions Versions earlier than V100R002C00SPC708 (BIOS V519)

RH2265 V2 versions Versions earlier than V100R002C00SPC510 (BIOS V519)

RH2268 V2 versions Versions earlier than V100R002C00SPC609 (BIOS V519)

RH2285 V2 versions Versions earlier than V100R002C00SPC510 (BIOS V519)

RH2285H V2 versions Versions earlier than V100R002C00SPC510 (BIOS V519)

RH2288 V2 versions V100R002C00 Versions earlier than V100R002C00SPC609 (BIOS V519)

RH2288 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

RH2288A V2 versions Versions earlier than V100R002C00SPC708 (BIOS V519)

RH2288E V2 versions Versions earlier than V100R002C00SPC302 (BIOS V519)

RH2288H V2 versions Versions earlier than V100R002C00SPC619 (BIOS V519)

RH2288H V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

RH2485 V2 versions Versions earlier than V100R002C00SPC712 (BIOS V519)

RH5885 V2 4S versions Versions earlier than V100R001C02SPC306 (BIOS V038)

RH5885 V2 8S versions Versions earlier than V100R001C02SPC306 (BIOS V062)

RH5885 V3 (E7V2) versions Versions earlier than V100R003C01SPC127 (BIOS V358)

RH5885 V3 (E7V3&E7V4) versions Versions earlier than V100R003C10SPC121 (BIOS V817)

RH5885H V3 (E7V2) versions Versions earlier than V100R003C00SPC218 (BIOS V358)

RH5885H V3 (E7V3) versions Versions earlier than V100R003C00SPC218 (BIOS V660)

RH5885H V3 (E7V4) versions Versions earlier than V100R003C10SPC120 (BIOS V817)

RH8100 V3 (E7V2&E7V3) versions Versions earlier than V100R003C00SPC229 (BIOS V698)

RH8100 V3 (E7V4) versions Versions earlier than V100R003C00SPC229 (BIOS V817)

SMC2.0 versions V500R002C00

UC Audio Recorder versions V100R001C01 V100R001C02

VP9630 versions V600R006C10

VP9660 versions V600R006C10

XH310 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

XH321 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

XH321 V5 versions Versions earlier than V100R005C00SPC501 (BIOS V095)

XH620 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

XH622 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

XH628 V3 versions Versions earlier than V100R003C00SPC706 (BIOS V399)

eSpace U2980 versions V100R001C01 V100R001C02 V100R001C10 V200R003C00

eSpace UMS versions V200R002C00

iManager NetEco versions V600R007C00 V600R007C10 V600R007C11 V600R007C12 V600R007C20 V600R007C30 V600R007C40 V600R007C50 V600R007C60 V600R008C00 V600R008C10 V600R008C20 V600R008C30

iManager NetEco 6000 versions V600R007C40 V600R007C60 V600R007C80 V600R007C90 V600R008C00

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.4

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-3615
BugTraq ID: 105080
http://www.securityfocus.com/bid/105080
CERT/CC vulnerability note: VU#982149
https://www.kb.cert.org/vuls/id/982149
Cisco Security Advisory: 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
https://foreshadowattack.eu/
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
http://www.securitytracker.com/id/1041451
Common Vulnerability Exposure (CVE) ID: CVE-2018-3620
http://support.lenovo.com/us/en/solutions/LEN-24163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
http://www.vmware.com/security/advisories/VMSA-2018-0021.html
http://xenbits.xen.org/xsa/advisory-273.html
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009
https://security.netapp.com/advisory/ntap-20180815-0001/
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://support.f5.com/csp/article/K95275140
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://www.synology.com/support/security/Synology_SA_18_45
Debian Security Information: DSA-4274 (Google Search)
https://www.debian.org/security/2018/dsa-4274
Debian Security Information: DSA-4279 (Google Search)
https://www.debian.org/security/2018/dsa-4279
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
FreeBSD Security Advisory: FreeBSD-SA-18:09
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://security.gentoo.org/glsa/201810-06
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
RedHat Security Advisories: RHSA-2018:2384
https://access.redhat.com/errata/RHSA-2018:2384
RedHat Security Advisories: RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2387
RedHat Security Advisories: RHSA-2018:2388
https://access.redhat.com/errata/RHSA-2018:2388
RedHat Security Advisories: RHSA-2018:2389
https://access.redhat.com/errata/RHSA-2018:2389
RedHat Security Advisories: RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2391
RedHat Security Advisories: RHSA-2018:2392
https://access.redhat.com/errata/RHSA-2018:2392
RedHat Security Advisories: RHSA-2018:2393
https://access.redhat.com/errata/RHSA-2018:2393
RedHat Security Advisories: RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2394
RedHat Security Advisories: RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2395
RedHat Security Advisories: RHSA-2018:2396
https://access.redhat.com/errata/RHSA-2018:2396
RedHat Security Advisories: RHSA-2018:2402
https://access.redhat.com/errata/RHSA-2018:2402
RedHat Security Advisories: RHSA-2018:2403
https://access.redhat.com/errata/RHSA-2018:2403
RedHat Security Advisories: RHSA-2018:2404
https://access.redhat.com/errata/RHSA-2018:2404
RedHat Security Advisories: RHSA-2018:2602
https://access.redhat.com/errata/RHSA-2018:2602
RedHat Security Advisories: RHSA-2018:2603
https://access.redhat.com/errata/RHSA-2018:2603
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3823-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-3646
http://www.vmware.com/security/advisories/VMSA-2018-0020.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
https://support.f5.com/csp/article/K31300402
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
http://www.securitytracker.com/id/1042004
https://usn.ubuntu.com/3756-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.