Lucene search

K
lenovoLenovoLENOVO:INTEL-RAPL-INTERFACE-ADVISORY-NOSID
HistoryNov 04, 2020 - 3:35 p.m.

Intel RAPL Interface Advisory - Lenovo Support US

2020-11-0415:35:53
support.lenovo.com
42

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

**Lenovo Security Advisory:**LEN-41208

**Potential Impact:**Information disclosure

**Severity:**Medium

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2020-8694, CVE-2020-8695

Summary Description:

Intel reported potential security vulnerabilities in the Intel® Running Average Power Limit (RAPL) Interface that may allow information disclosure.

Mitigation Strategy for Customers (what you should do to protect yourself):

Intel is releasing a Linux driver and microcode update to mitigate these potential vulnerabilities.

Intel recommends updating to the firmware version indicated for your model in the Product Impact section in LEN-49266.

Intel recommends updating to the version for your model in the Product Impact section below.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N