CVE-2020-12912

Опубликовано: 12 нояб. 2020

Источник: redhat

CVSS3: 5.5

Описание

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

A flaw was found in the Linux kernel’s implementation of RAPL for AMD CPUs. This flaw allows a user with a local account to use the RAPL interface to gain information on the CPU execution state, resulting in an information leak of sensitive data across security boundaries. The highest threat from this vulnerability is to confidentiality.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-266->CWE-276

https://bugzilla.redhat.com/show_bug.cgi?id=1897402kernel: unprivileged access to RAPL allows for side channel attacks

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-12912

CVSS3: 5.5

ubuntu

около 5 лет назад

CVE-2020-12912

CVSS3: 5.5

nvd

около 5 лет назад

CVE-2020-12912

CVSS3: 5.5

debian

около 5 лет назад

A potential vulnerability in the AMD extension to Linux "hwmon" servic ...

GHSA-329v-cj6c-rhmq

github

больше 3 лет назад

SUSE-SU-2023:4936-1

suse-cvrf

около 2 лет назад

Security update for docker, rootlesskit

5.5 Medium

CVSS3