CVE-2020-8694 - log back

CVE-2020-8694 edited at 10 Nov 2020 22:43:20
Notes
A temporary measure would be to remove the ability for non-root users to read the current RAPL energy reporting metrics.
This can be done with the command:
- # sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
+ # sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.
CVE-2020-8694 edited at 10 Nov 2020 22:38:52
Notes
A temporary measure would be to remove the ability for non-root users to read the current RAPL energy reporting metrics.
-
This can be done with the command:
- # sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
+ # sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.
CVE-2020-8694 edited at 10 Nov 2020 22:38:13
Description
- An information disclosure issue has been found in Linux before 5.9.8, where non-privileged users have read access to power data and can use this data to form a security attack.
+ An information disclosure flaw was found in the Linux kernel's Intel Running Average Power Limit (RAPL) implementation. A local non-privileged attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data.
Notes
+ A temporary measure would be to remove the ability for non-root users to read the current RAPL energy reporting metrics.
+
+ This can be done with the command:
+
+ # sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
+
+ This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.
CVE-2020-8694 edited at 10 Nov 2020 22:11:21
References
+ https://platypusattack.com/
https://www.openwall.com/lists/oss-security/2020/11/10/5
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
https://github.com/anthraxx/linux-hardened/commit/b72aaa9506b38e68f3476a642d0e42b3071f82bb
CVE-2020-8694 edited at 10 Nov 2020 22:07:32
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ An information disclosure issue has been found in Linux before 5.9.8, where non-privileged users have read access to power data and can use this data to form a security attack.
References
+ https://www.openwall.com/lists/oss-security/2020/11/10/5
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
+ https://github.com/anthraxx/linux-hardened/commit/b72aaa9506b38e68f3476a642d0e42b3071f82bb
Notes
CVE-2020-8694 created at 10 Nov 2020 22:05:06