Lucene search

[email protected]CVE-2020-12912

HistoryNov 12, 2020 - 8:15 p.m.

CVE-2020-12912

2020-11-1220:15:15

CWE-749

CWE-203

[email protected]

web.nvd.nist.gov

amd

linux

hwmon

vulnerability

rapl

side channel attacks

privileged access

cve-2020-12912

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

A potential vulnerability in the AMD extension to Linux “hwmon” service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

Affected configurations

NVD

Node

amdenergy_driver_for_linux

CPENameOperatorVersion
amd:energy_driver_for_linuxamd energy driver for linuxeq*

CPE	Name	Operator	Version
amd:energy_driver_for_linux	amd energy driver for linux	eq	*

CNA Affected

[
  {
    "product": "AMD extension to Linux \"hwmon\" for Zen1 platforms",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Each Linux distro determines its own version."
      }
    ]
  }
]