Publish Time: 2018-08-15 17:00:49 UTC+8
Last Updated: 2020-02-17 09:12:56 UTC+8
Abstract
The L1 Terminal Fault (L1TF) vulnerability, a.k.a. Foreshadow attack, allows local users or guest OS users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) that are equipped with Intel CPU or Virtual Machine Manager.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
DSM 6.2[1] | Moderate | Upgrade to 6.2.2-24922 or above. |
DSM 6.1[2] | Moderate | Upgrade to 6.2.2-24922 or above. |
DSM 5.2[3] | Moderate | Upgrade to 6.2.2-24922 or above. |
SkyNAS | Moderate | Will not fix |
Virtual Machine Manager | Moderate | Upgrade to 6.2.2-24922 or above. |
[1] DS218+, DS418play, DS718+, DS918+, DS415+, DS1515+, DS1517+, DS1815+, DS1817+, DS2415+, RS815+, RS815RP+, RS818+, RS818RP+, RS2416+, RS2416RP+, RS1219+, DS216+, DS216+II, DS416play, DS716+, DS716+II, DS916+, RS3617xs, RS3617RPxs, FS2017, RS3617xs+, RS3618xs, RS4017xs+, RS18017xs+, FS1018, DS3617xs, DS3018xs, DS1618+, RS2418RP+, RS2818RP+, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs, Virtual DSM
[2] DS218+, DS418play, DS718+, DS918+, DS415+, DS1515+, DS1517+, DS1815+, DS1817+, DS2415+, RS815+, RS815RP+, RS818+, RS818RP+, RS2416+, RS2416RP+, DS216+, DS216+II, DS416play, DS716+, DS716+II, DS916+, RS3617xs, RS3617RPxs, FS2017, RS3617xs+, RS3618xs, RS4017xs+, RS18017xs+, FS1018, DS3617xs, DS3018xs, DS1618+, RS2418RP+, RS2818RP+, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3617xs, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs, Virtual DSM
[3] DS415+, DS1515+, DS1815+, DS2415+, RS815+, RS815RP+, RS2416+, RS2416RP+, DS216+, DS716+, DS3617xs, FS3017, DS3611xs, DS3612xs, RS3411RPxs, RS3411xs, RS10613xs+, RS3614xs+, RC18015xs+, RS18016xs+, RS3614RPxs, RS3614xs, DS3615xs, RS3413xs+, RS3412xs, RS3412RPxs
Mitigation
None
Detail
CVE-2018-3615
CVE-2018-3620
CVE-2018-3646
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2018-08-15 | Initial public release. |
2 | 2020-02-17 | Update for DSM 6.2 and Virtual Machine Manager are now available in Affected Products. |