Описание
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
A potential vulnerability in some Intel® processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
Меры по смягчению последствий
Currently, there is no mitigation for this flaw. Intel has provided some guidance to developers of Cryptographic software to harden their libraries and applications against Hertzbleed. More information is available in the official Intel and AMD security advisories linked at the bottom of this document. A workload-independent workaround to mitigate Hertzbleed is to disable frequency boost. However, this is not recommended since it will significantly affect performance. Reference: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/frequency-throttling-side-channel-guidance.html
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
Уязвимость реализации технологии динамического масштабирования напряжения и частоты (Dynamic Voltage and Frequency Scaling (DVFS)) микропрограммного обеспечения процессоров Intel, позволяющая нарушителю осуществить атаку по сторонним каналам и раскрыть защищаемую информацию
EPSS
6.3 Medium
CVSS3