Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-8694

An information disclosure flaw was found in the Linux kernel's Intel Running Average Power Limit (RAPL) implementation. A local non-privileged attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data.

Source

Severity Medium

Remote No

Type Information disclosure

Description

An information disclosure flaw was found in the Linux kernel's Intel Running Average Power Limit (RAPL) implementation. A local non-privileged attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data.

AVG-1275 linux-lts 5.4.76-1 5.4.77-1 Medium Fixed

AVG-1274 linux 5.9.7.arch4-1 5.9.8.arch4-1 Medium Fixed

AVG-1273 linux-zen 5.9.7.zen1-1 5.9.8.zen1-1 Medium Fixed

AVG-1269 linux-hardened 5.9.7.a-1 5.9.8.a-1 Medium Fixed

10 Nov 2020 ASA-202011-10 AVG-1269 linux-hardened Medium multiple issues

https://platypusattack.com/
https://www.openwall.com/lists/oss-security/2020/11/10/5
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
https://github.com/anthraxx/linux-hardened/commit/b72aaa9506b38e68f3476a642d0e42b3071f82bb

A temporary measure would be to remove the ability for non-root users to read the current RAPL energy reporting metrics.
This can be done with the command:

# sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj

This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect