CVE-2020-8694 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
An information disclosure flaw was found in the Linux kernel's Intel Running Average Power Limit (RAPL) implementation. A local non-privileged attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data.
Group Package Affected Fixed Severity Status Ticket
AVG-1275 linux-lts 5.4.76-1 5.4.77-1 Medium Fixed
AVG-1274 linux 5.9.7.arch1-1 5.9.8.arch1-1 Medium Fixed
AVG-1273 linux-zen 5.9.7.zen1-1 5.9.8.zen1-1 Medium Fixed
AVG-1269 linux-hardened 5.9.7.a-1 5.9.8.a-1 Medium Fixed
Date Advisory Group Package Severity Description
10 Nov 2020 ASA-202011-10 AVG-1269 linux-hardened Medium multiple issues
References
https://platypusattack.com/
https://www.openwall.com/lists/oss-security/2020/11/10/5
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
https://github.com/anthraxx/linux-hardened/commit/b72aaa9506b38e68f3476a642d0e42b3071f82bb
Notes
A temporary measure would be to remove the ability for non-root users to read the current RAPL energy reporting metrics.
This can be done with the command:

# sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj

This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.