Multiple vulnerabilities in Intel RAPL Interface
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-8694 CVE-2020-8695 |
| CWE-ID | CWE-284 CWE-204 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
8th Generation Intel Core Processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware Intel Xeon Processor E Family Hardware solutions / Firmware Intel Pentium Processor Silver Series Hardware solutions / Firmware Intel Celeron Processor J Series Hardware solutions / Firmware Intel Celeron Processor N Series Hardware solutions / Firmware 7th Generation Intel Core Processors Hardware solutions / Firmware Intel Core X-series Processors Hardware solutions / Firmware Intel Xeon Processor E3 v6 Family Hardware solutions / Firmware 6th Generation Intel Core Processors Hardware solutions / Firmware Intel Xeon Processor E3 v5 Family Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU48371
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-8694
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the Linux kernel driver. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.
Affected products:
|
Product Collection |
Vertical Segment |
CPUID |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Mobile |
906EC |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906EC |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series |
Desktop |
906EB |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0660 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0661 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
10th Generation Intel® Core™ Processor Family |
Desktop |
A0653 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0655 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0652 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A1 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A8 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
706E5 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile Embedded |
906E9 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
7th Generation Intel® Core™ Processor Family |
Desktop Embedded |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
Intel® Core™ X-series Processors |
Desktop |
906E9 |
|
Intel® Xeon® Processor E3 v6 Family |
Server Workstation AMT Server |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Desktop Embedded |
506E3 |
|
6th Generation Intel® Core™ Processors |
Mobile |
406E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
Intel® Xeon® Processor E3 v5 Family |
Server Workstation AMT Server |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EB |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EC |
Install updates from vendor's website.
Vulnerable software versions8th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Pentium Processor Silver Series: All versions
Intel Celeron Processor J Series: All versions
Intel Celeron Processor N Series: All versions
7th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Xeon Processor E3 v6 Family: All versions
6th Generation Intel Core Processors: All versions
Intel Xeon Processor E3 v5 Family: All versions
CPE2.3 External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Observable Response Discrepancy
EUVDB-ID: #VU48372
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-8695
CWE-ID:
CWE-204 - Observable Response Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to observable discrepancy in the Running Average Power Limit (RAPL) Interface. A local administrator can gain access to sensitive information on the target system.
Affected products:
|
Product Collection |
Vertical Segment |
CPUID |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Mobile |
906EC |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906EC |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series |
Desktop |
906EB |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0660 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0661 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
10th Generation Intel® Core™ Processor Family |
Desktop |
A0653 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0655 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0652 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A1 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A8 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
706E5 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile Embedded |
906E9 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
7th Generation Intel® Core™ Processor Family |
Desktop Embedded |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
Intel® Core™ X-series Processors |
Desktop |
906E9 |
|
Intel® Xeon® Processor E3 v6 Family |
Server Workstation AMT Server |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Desktop Embedded |
506E3 |
|
6th Generation Intel® Core™ Processors |
Mobile |
406E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
Intel® Xeon® Processor E3 v5 Family |
Server Workstation AMT Server |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EB |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EC |
Install updates from vendor's website.
Vulnerable software versions8th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Pentium Processor Silver Series: All versions
Intel Celeron Processor J Series: All versions
Intel Celeron Processor N Series: All versions
7th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Xeon Processor E3 v6 Family: All versions
6th Generation Intel Core Processors: All versions
Intel Xeon Processor E3 v5 Family: All versions
CPE2.3 External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
