Synology-SA-18:31 Lazy FP State Restore
Publish Time: 2018-06-14 16:31:41 UTC+8
Last Updated: 2021-04-22 15:39:25 UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
A vulnerability allows local users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM) that are equipped with Intel Core-based CPU.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2[1] | Not affected | N/A |
| DSM 6.1[2] | Not affected | N/A |
| DSM 6.0[3] | Not affected | N/A |
| DSM 5.2[4] | Not affected | N/A |
| SkyNAS | Not affected | N/A |
[1] DS3611xs, DS3612xs, RS3411xs, RS3411RPxs, RS3412xs, RS3412RPxs, RS3614xs, RS3614RPxs, DS3615xs, Virtual DSM
[2] DS3611xs, DS3612xs, RS3411xs, RS3411RPxs, RS3412xs, RS3412RPxs, RS3614xs, RS3614RPxs, DS3615xs, Virtual DSM
[3] DS3611xs, DS3612xs, RS3411xs, RS3411RPxs, RS3412xs, RS3412RPxs, RS3614xs, RS3614RPxs, DS3615xs, Virtual DSM
[4] DS3611xs, DS3612xs, RS3411xs, RS3411RPxs, RS3412xs, RS3412RPxs, RS3614xs, RS3614RPxs, DS3615xs
Mitigation
None
Detail
- CVE-2018-3665
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
- System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-06-14 | Initial public release. |
| 2 | 2019-12-24 | Disclosed vulnerability details. |
| 3 | 2021-04-22 | Updated severity for DSM 6.2, DSM 6.1, DSM 6.0, DSM 5.2 and SkyNAS in Affected Products. |