Synology-SA-18:45 L1 Terminal Fault
Publish Time: 2018-08-15 17:00:49 UTC+8
Last Updated: 2020-02-17 09:12:56 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
The L1 Terminal Fault (L1TF) vulnerability, a.k.a. Foreshadow attack, allows local users or guest OS users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) that are equipped with Intel CPU or Virtual Machine Manager.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2[1] | Moderate | Upgrade to 6.2.2-24922 or above. |
| DSM 6.1[2] | Moderate | Upgrade to 6.2.2-24922 or above. |
| DSM 5.2[3] | Moderate | Upgrade to 6.2.2-24922 or above. |
| SkyNAS | Moderate | Will not fix |
| Virtual Machine Manager | Moderate | Upgrade to 6.2.2-24922 or above. |
[1] DS218+, DS418play, DS718+, DS918+, DS415+, DS1515+, DS1517+, DS1815+, DS1817+, DS2415+, RS815+, RS815RP+, RS818+, RS818RP+, RS2416+, RS2416RP+, RS1219+, DS216+, DS216+II, DS416play, DS716+, DS716+II, DS916+, RS3617xs, RS3617RPxs, FS2017, RS3617xs+, RS3618xs, RS4017xs+, RS18017xs+, FS1018, DS3617xs, DS3018xs, DS1618+, RS2418RP+, RS2818RP+, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs, Virtual DSM
[2] DS218+, DS418play, DS718+, DS918+, DS415+, DS1515+, DS1517+, DS1815+, DS1817+, DS2415+, RS815+, RS815RP+, RS818+, RS818RP+, RS2416+, RS2416RP+, DS216+, DS216+II, DS416play, DS716+, DS716+II, DS916+, RS3617xs, RS3617RPxs, FS2017, RS3617xs+, RS3618xs, RS4017xs+, RS18017xs+, FS1018, DS3617xs, DS3018xs, DS1618+, RS2418RP+, RS2818RP+, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs, Virtual DSM
[3] DS415+, DS1515+, DS1815+, DS2415+, RS815+, RS815RP+, RS2416+, RS2416RP+, DS216+, DS716+, DS3617xs, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs
Mitigation
None
Detail
CVE-2018-3615
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
CVE-2018-3620
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
- Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
CVE-2018-3646
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
- Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Reference
- INTEL-SA-00161
- Intel Side-Channel L1TF Vulnerability
- CVE - CVE-2018-3620
- CVE - CVE-2018-3646
- CVE - CVE-2018-3615
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-08-15 | Initial public release. |
| 2 | 2020-02-17 | Update for DSM 6.2 and Virtual Machine Manager are now available in Affected Products. |