Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8695

Опубликовано: 10 нояб. 2020
Источник: redhat
CVSS3: 5.1
EPSS Низкий

Описание

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.

Меры по смягчению последствий

Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.
The command:

sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj

Will do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5microcode_ctlNot affected
Red Hat Enterprise Linux 6microcode_ctlNot affected
Red Hat Enterprise Linux 7microcode_ctlFixedRHSA-2020:508311.11.2020
Red Hat Enterprise Linux 7microcode_ctlFixedRHSA-2021:302809.08.2021
Red Hat Enterprise Linux 7.2 Advanced Update Supportmicrocode_ctlFixedRHSA-2020:518823.11.2020
Red Hat Enterprise Linux 7.2 Advanced Update Supportmicrocode_ctlFixedRHSA-2021:332331.08.2021
Red Hat Enterprise Linux 7.3 Advanced Update Supportmicrocode_ctlFixedRHSA-2020:518323.11.2020
Red Hat Enterprise Linux 7.3 Advanced Update Supportmicrocode_ctlFixedRHSA-2021:332231.08.2021
Red Hat Enterprise Linux 7.3 Telco Extended Update Supportmicrocode_ctlFixedRHSA-2020:518323.11.2020
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutionsmicrocode_ctlFixedRHSA-2020:518323.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1828583hw: Information disclosure issue in Intel SGX via RAPL interface

EPSS

Процентиль: 36%
0.00144
Низкий

5.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8695

CVSS3: 5.5
ubuntu
больше 4 лет назад

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

nvd логотип

CVE-2020-8695

CVSS3: 5.5
nvd
больше 4 лет назад

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

debian логотип

CVE-2020-8695

CVSS3: 5.5
debian
больше 4 лет назад

Observable discrepancy in the RAPL interface for some Intel(R) Process ...

github логотип

GHSA-55fx-92rr-h42r

github
около 3 лет назад

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

fstec логотип

BDU:2020-05482

fstec
около 5 лет назад

Уязвимость интерфейса RAPL процессоров Intel, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 36%
0.00144
Низкий

5.1 Medium

CVSS3