Synology-SA-18:45 L1 Terminal Fault

Publish Time: 2018-08-15 17:00:49 UTC+8

Last Updated: 2020-02-17 09:12:56 UTC+8

Severity
Moderate
Status
Resolved

Abstract

The L1 Terminal Fault (L1TF) vulnerability, a.k.a. Foreshadow attack, allows local users or guest OS users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) that are equipped with Intel CPU or Virtual Machine Manager.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2[1] Moderate Upgrade to 6.2.2-24922 or above.
DSM 6.1[2] Moderate Upgrade to 6.2.2-24922 or above.
DSM 5.2[3] Moderate Upgrade to 6.2.2-24922 or above.
SkyNAS Moderate Will not fix
Virtual Machine Manager Moderate Upgrade to 6.2.2-24922 or above.

[1] DS218+, DS418play, DS718+, DS918+, DS415+, DS1515+, DS1517+, DS1815+, DS1817+, DS2415+, RS815+, RS815RP+, RS818+, RS818RP+, RS2416+, RS2416RP+, RS1219+, DS216+, DS216+II, DS416play, DS716+, DS716+II, DS916+, RS3617xs, RS3617RPxs, FS2017, RS3617xs+, RS3618xs, RS4017xs+, RS18017xs+, FS1018, DS3617xs, DS3018xs, DS1618+, RS2418RP+, RS2818RP+, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs, Virtual DSM

[2] DS218+, DS418play, DS718+, DS918+, DS415+, DS1515+, DS1517+, DS1815+, DS1817+, DS2415+, RS815+, RS815RP+, RS818+, RS818RP+, RS2416+, RS2416RP+, DS216+, DS216+II, DS416play, DS716+, DS716+II, DS916+, RS3617xs, RS3617RPxs, FS2017, RS3617xs+, RS3618xs, RS4017xs+, RS18017xs+, FS1018, DS3617xs, DS3018xs, DS1618+, RS2418RP+, RS2818RP+, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs, Virtual DSM

[3] DS415+, DS1515+, DS1815+, DS2415+, RS815+, RS815RP+, RS2416+, RS2416RP+, DS216+, DS716+, DS3617xs, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs

Mitigation

None

Detail

  • CVE-2018-3615

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
  • CVE-2018-3620

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
  • CVE-2018-3646

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
    • Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Reference

Revision

Revision Date Description
1 2018-08-15 Initial public release.
2 2020-02-17 Update for DSM 6.2 and Virtual Machine Manager are now available in Affected Products.