ALPINE-CVE-2018-3646

ALPINE-CVE-2018-3646 PUBLISHED CVSS 5.599999904632568 MEDIUM

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Risk Scores

CVSS v3.0

5.599999904632568

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.14	xen	0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.16	xen	4.2.2-r7, 4.5.1-r3, 4.9.0-r0
Alpine:v3.10	xen	4.3.1-r0, 4.3.1-r1, 4.3.1-r2
Alpine:v3.8	xen	4.2.2-r7, 0, 4.0.1-r0
Alpine:v3.12	xen	0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.17	xen	4.9.1-r3, 4.9.1-r2, 4.9.1-r1
Alpine:v3.19	xen	0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.15	xen	4.3.2-r4, 4.3.3-r0, 4.4.1-r0
Alpine:v3.18	xen	4.2.2-r9, 0, 4.0.1-r0
Alpine:v3.11	xen	4.2.1-r11, 4.9.0-r6, 0
Alpine:v3.13	xen	4.1.2-r12, 4.1.2-r3, 4.3.2-r4
Alpine:v3.6	xen	4.0.1-r2, 4.0.1-r3, 4.1.0-r0
Alpine:v3.23	xen	4.2.2-r2, 0, 4.0.1-r0
Alpine:v3.22	xen	0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.20	xen	4.2.1-r8, 4.9.1-r3, 4.9.1-r2
Alpine:v3.9	xen	4.2.1-r4, 4.2.1-r2, 0
Alpine:v3.21	xen	4.2.2-r2, 4.2.2-r10, 4.2.1-r9

Timeline

Aug 14, 2018 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-3646 advisory

Open in Interactive Console →