Lucene search

[email protected]CVE-2020-12912

HistoryNov 12, 2020 - 8:15 p.m.

CVE-2020-12912

2020-11-1220:15:15

CWE-749

CWE-203

[email protected]

web.nvd.nist.gov

amd

linux

hwmon

vulnerability

rapl

side channel attacks

privileged access

cve-2020-12912

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

12.6%

JSON

A potential vulnerability in the AMD extension to Linux “hwmon” service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

Affected configurations

NVD

Node

amdenergy_driver_for_linux

VendorProductVersionCPE
amdenergy_driver_for_linuxcpe:/a:amd:energy_driver_for_linux::::

Vendor	Product	Version	CPE
amd	energy_driver_for_linux		cpe:/a:amd:energy_driver_for_linux::::

CNA Affected

[
  {
    "product": "AMD extension to Linux \"hwmon\" for Zen1 platforms",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Each Linux distro determines its own version."
      }
    ]
  }
]