Potential security vulnerabilities in the Intel® Running Average Power Limit (RAPL) Interface may allow information disclosure.** **Intel is releasing microcode and Linux driver updates to mitigate these potential vulnerabilities.
CVEID: CVE-2020-8694
Description: Insufficient access control in the Linux kernel driver for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.6 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVEID: CVE-2020-8695
Description: Observable discrepancy in the RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Product Collection
|
Vertical Segment
|
CPUID
—|—|—
8th Generation Intel® Core™ Processor Family
|
Mobile
|
806E9
10th Generation Intel® Core™ Processor Family
|
Mobile
|
806EC
8th Generation Intel® Core™ Processor Family
|
Mobile
|
906EA
9th Generation Intel® Core™ Processor Family
|
Mobile
|
906EC
8th Generation Intel® Core™ Processor Family
|
Desktop
|
906EA
9th Generation Intel® Core™ Processor Family
|
Desktop
|
906EC
Intel® Xeon® Processor E Family
|
Server Workstation AMT Server
|
906EA
8th Generation Intel® Core™ Processor Family
|
Mobile
|
806EA
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series
|
Desktop
|
906EB
Intel® Xeon® Processor E Family
|
Server Workstation AMT Server
|
906EA
8th Generation Intel® Core™ Processor Family
|
Desktop
|
906EA
9th Generation Intel® Core™ Processor Family
|
Desktop
|
906ED
9th Generation Intel® Core™ Processor Family
|
Desktop
|
906ED
10th Generation Intel® Core™ Processor Family
|
Mobile
|
A0660
10th Generation Intel® Core™ Processor Family
|
Mobile
|
A0661
10th Generation Intel® Core™ Processor Family
|
Mobile
|
806EC
10th Generation Intel® Core™ Processor Family
|
Desktop
|
A0653
10th Generation Intel® Core™ Processor Family
|
Mobile
|
A0655
10th Generation Intel® Core™ Processor Family
|
Mobile
|
A0652
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series
|
Desktop Mobile Embedded
|
706A1
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series
|
Desktop Mobile Embedded
|
706A8
10th Generation Intel® Core™ Processor Family
|
Mobile
|
706E5
8th Generation Intel® Core™ Processor Family
|
Mobile
|
906E9
7th Generation Intel® Core™ Processor Family
|
Mobile Embedded
|
906E9
8th Generation Intel® Core™ Processor Family
|
Mobile
|
806EA
7th Generation Intel® Core™ Processor Family
|
Desktop Embedded
|
906E9
7th Generation Intel® Core™ Processor Family
|
Mobile
|
806E9
7th Generation Intel® Core™
Processor Family
|
Mobile
|
806E9
Intel® Core™ X-series Processors
|
Desktop
|
906E9
Intel® Xeon® Processor E3 v6 Family
|
Server Workstation AMT Server
|
906E9
7th Generation Intel® Core™ Processor Family
|
Mobile
|
806E9
6th Generation Intel® Core™ Processor Family
|
Mobile
|
506E3
6th Generation Intel® Core™ Processor Family
|
Desktop Embedded
|
506E3
6th Generation Intel® Core™ Processors
|
Mobile
|
406E3
6th Generation Intel® Core™ Processor Family
|
Mobile
|
406E3
Intel® Xeon® Processor E3 v5 Family
|
Server Workstation AMT Server
|
506E3
6th Generation Intel® Core™ Processor Family
|
Mobile
|
406E3
8th Generation Intel® Core™ Processors
|
Mobile
|
806EB
8th Generation Intel® Core™ Processors
|
Mobile
|
806EC
Intel recommends that users of affected Intel® Processors update to the latest firmware version provided by the system manufacturer that addresses this issue.
Intel recommends that users of affected Intel® Processors install the updates provided by their software vendors. In Linux, for the change to be effective it will require a reboot. If a reboot is not possible, Intel recommends changing the permissions of the affected sysfs attributes so that only privileged users can access them.
To address this issue, an SGX TCB recovery was performed in Q4 2020. Refer to Intel® SGX Attestation Technical Details for more information on the SGX TCB recovery process.
Additional Advisory Guidance on CVE-2020-8694, CVE-2020-8695 available here.
CVE-2020-8694 and CVE-2020-8695 were found externally, Intel would like to thank:
Graz University of Technology: Moritz Lipp, Andreas Kogler, Daniel Gruss
CISPA Helmholtz Center for Information Security: Michael Schwarz
University of Birmingham: David Oswald.
CVE-2020-8695 was found internally by Intel employees. Intel would like to thank Chen Liu, Terry Wang, Neer Roggel, Ben Gras, Monodeep Kar, Bilgiday Yuce.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.