Описание
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
A flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data.
Меры по смягчению последствий
A temporary measure would be to remove the ability for non-root users to read the current RAPL energy reporting metrics. This can be done with the command: $ sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 7 | microcode_ctl | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | microcode_ctl | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient access control in the Linux kernel driver for some Intel( ...
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Уязвимость драйвера для процессоров Intel(R) ядра операционной системы Linux, связанная с недостатками контроля доступа, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5.5 Medium
CVSS3