Multiple vulnerabilities in Intel RAPL Interface



Published: 2020-11-11
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-8694
CVE-2020-8695
CWE-ID CWE-284
CWE-204
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
8th Generation Intel Core Processors
Hardware solutions / Firmware

10th Generation Intel Core Processors
Hardware solutions / Firmware

Intel Xeon Processor E Family
Hardware solutions / Firmware

Intel Pentium Processor Silver Series
Hardware solutions / Firmware

Intel Celeron Processor J Series
Hardware solutions / Firmware

Intel Celeron Processor N Series
Hardware solutions / Firmware

7th Generation Intel Core Processors
Hardware solutions / Firmware

Intel Core X-series Processors
Hardware solutions / Firmware

Intel Xeon Processor E3 v6 Family
Hardware solutions / Firmware

6th Generation Intel Core Processors
Hardware solutions / Firmware

Intel Xeon Processor E3 v5 Family
Hardware solutions / Firmware

9th Generation Intel Core Processors
Client/Desktop applications / Web browsers

Vendor Intel

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU48371

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-8694

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the Linux kernel driver. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.

Affected products:

Product Collection

Vertical Segment

CPUID

8th Generation Intel® Core™ Processor Family

Mobile

806E9

10th Generation Intel® Core™ Processor Family

Mobile

806EC

8th Generation Intel® Core™ Processor Family

Mobile

906EA

9th Generation Intel® Core™ Processor Family

Mobile

906EC

8th Generation Intel® Core™ Processor Family

Desktop

906EA

9th Generation Intel® Core™ Processor Family

Desktop

906EC

Intel® Xeon® Processor E Family

Server Workstation AMT Server

906EA

8th Generation Intel® Core™ Processor Family

Mobile

806EA

8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series

Desktop

906EB

Intel® Xeon® Processor E Family

Server Workstation AMT Server

906EA

8th Generation Intel® Core™ Processor Family

Desktop

906EA

9th Generation Intel® Core™ Processor Family

Desktop

906ED

9th Generation Intel® Core™ Processor Family

Desktop

906ED

10th Generation Intel® Core™ Processor Family

Mobile

A0660

10th Generation Intel® Core™ Processor Family

Mobile

A0661

10th Generation Intel® Core™ Processor Family

Mobile

806EC

10th Generation Intel® Core™ Processor Family

Desktop

A0653

10th Generation Intel® Core™ Processor Family

Mobile

A0655

10th Generation Intel® Core™ Processor Family

Mobile

A0652

Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series

Desktop Mobile Embedded

706A1

Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series

Desktop Mobile Embedded

706A8

10th Generation Intel® Core™ Processor Family

Mobile

706E5

8th Generation Intel® Core™ Processor Family

Mobile

906E9

7th Generation Intel® Core™ Processor Family

Mobile Embedded

906E9

8th Generation Intel® Core™  Processor Family

Mobile

806EA

7th Generation Intel® Core™ Processor Family

Desktop Embedded

906E9

7th Generation Intel® Core™ Processor Family

Mobile

806E9

7th Generation Intel® Core™

Processor Family

Mobile

806E9

Intel® Core™ X-series Processors

Desktop

906E9

Intel® Xeon® Processor E3 v6 Family

Server Workstation AMT Server

906E9

7th Generation Intel® Core™ Processor Family

Mobile

806E9

6th Generation Intel® Core™ Processor Family

Mobile

506E3

6th Generation Intel® Core™ Processor Family

Desktop Embedded

506E3

6th Generation Intel® Core™ Processors

Mobile

406E3

6th Generation Intel® Core™ Processor Family

Mobile

406E3

Intel® Xeon® Processor E3 v5 Family

Server Workstation AMT Server

506E3

6th Generation Intel® Core™ Processor Family

Mobile

406E3

8th Generation Intel® Core™ Processors

Mobile

806EB

8th Generation Intel® Core™ Processors

Mobile

806EC

Mitigation

Install updates from vendor's website.

Vulnerable software versions

8th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

Intel Xeon Processor E Family: All versions

Intel Pentium Processor Silver Series: All versions

Intel Celeron Processor J Series: All versions

Intel Celeron Processor N Series: All versions

7th Generation Intel Core Processors: All versions

Intel Core X-series Processors: All versions

Intel Xeon Processor E3 v6 Family: All versions

6th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v5 Family: All versions


CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Observable Response Discrepancy

EUVDB-ID: #VU48372

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-8695

CWE-ID: CWE-204 - Observable Response Discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to observable discrepancy in the Running Average Power Limit (RAPL) Interface. A local administrator can gain access to sensitive information on the target system.

Affected products:

Product Collection

Vertical Segment

CPUID

8th Generation Intel® Core™ Processor Family

Mobile

806E9

10th Generation Intel® Core™ Processor Family

Mobile

806EC

8th Generation Intel® Core™ Processor Family

Mobile

906EA

9th Generation Intel® Core™ Processor Family

Mobile

906EC

8th Generation Intel® Core™ Processor Family

Desktop

906EA

9th Generation Intel® Core™ Processor Family

Desktop

906EC

Intel® Xeon® Processor E Family

Server Workstation AMT Server

906EA

8th Generation Intel® Core™ Processor Family

Mobile

806EA

8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series

Desktop

906EB

Intel® Xeon® Processor E Family

Server Workstation AMT Server

906EA

8th Generation Intel® Core™ Processor Family

Desktop

906EA

9th Generation Intel® Core™ Processor Family

Desktop

906ED

9th Generation Intel® Core™ Processor Family

Desktop

906ED

10th Generation Intel® Core™ Processor Family

Mobile

A0660

10th Generation Intel® Core™ Processor Family

Mobile

A0661

10th Generation Intel® Core™ Processor Family

Mobile

806EC

10th Generation Intel® Core™ Processor Family

Desktop

A0653

10th Generation Intel® Core™ Processor Family

Mobile

A0655

10th Generation Intel® Core™ Processor Family

Mobile

A0652

Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series

Desktop Mobile Embedded

706A1

Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series

Desktop Mobile Embedded

706A8

10th Generation Intel® Core™ Processor Family

Mobile

706E5

8th Generation Intel® Core™ Processor Family

Mobile

906E9

7th Generation Intel® Core™ Processor Family

Mobile Embedded

906E9

8th Generation Intel® Core™  Processor Family

Mobile

806EA

7th Generation Intel® Core™ Processor Family

Desktop Embedded

906E9

7th Generation Intel® Core™ Processor Family

Mobile

806E9

7th Generation Intel® Core™

Processor Family

Mobile

806E9

Intel® Core™ X-series Processors

Desktop

906E9

Intel® Xeon® Processor E3 v6 Family

Server Workstation AMT Server

906E9

7th Generation Intel® Core™ Processor Family

Mobile

806E9

6th Generation Intel® Core™ Processor Family

Mobile

506E3

6th Generation Intel® Core™ Processor Family

Desktop Embedded

506E3

6th Generation Intel® Core™ Processors

Mobile

406E3

6th Generation Intel® Core™ Processor Family

Mobile

406E3

Intel® Xeon® Processor E3 v5 Family

Server Workstation AMT Server

506E3

6th Generation Intel® Core™ Processor Family

Mobile

406E3

8th Generation Intel® Core™ Processors

Mobile

806EB

8th Generation Intel® Core™ Processors

Mobile

806EC

Mitigation

Install updates from vendor's website.

Vulnerable software versions

8th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

Intel Xeon Processor E Family: All versions

Intel Pentium Processor Silver Series: All versions

Intel Celeron Processor J Series: All versions

Intel Celeron Processor N Series: All versions

7th Generation Intel Core Processors: All versions

Intel Core X-series Processors: All versions

Intel Xeon Processor E3 v6 Family: All versions

6th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v5 Family: All versions


CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###