CVE-2018-10846

CVE Details

Release Date:2018-08-22
Impact:Moderate What is this?

Description


A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of Just in Time Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

See more information about CVE-2018-10846 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 5.6
Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Version: 3.0
Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (gnutls)ELSA-2018-30502018-11-05


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete