#VU48372 Observable Response Discrepancy in Intel Client/Desktop applications
Vulnerability identifier: #VU48372
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-204
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
8th Generation Intel Core Processors
Hardware solutions /
Firmware
10th Generation Intel Core Processors
Hardware solutions /
Firmware
Intel Xeon Processor E Family
Hardware solutions /
Firmware
Intel Pentium Processor Silver Series
Hardware solutions /
Firmware
Intel Celeron Processor J Series
Hardware solutions /
Firmware
Intel Celeron Processor N Series
Hardware solutions /
Firmware
7th Generation Intel Core Processors
Hardware solutions /
Firmware
Intel Core X-series Processors
Hardware solutions /
Firmware
Intel Xeon Processor E3 v6 Family
Hardware solutions /
Firmware
6th Generation Intel Core Processors
Hardware solutions /
Firmware
Intel Xeon Processor E3 v5 Family
Hardware solutions /
Firmware
9th Generation Intel Core Processors
Client/Desktop applications /
Web browsers
Vendor: Intel
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to observable discrepancy in the Running Average Power Limit (RAPL) Interface. A local administrator can gain access to sensitive information on the target system.
Affected products:
|
Product Collection |
Vertical Segment |
CPUID |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Mobile |
906EC |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906EC |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series |
Desktop |
906EB |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0660 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0661 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
10th Generation Intel® Core™ Processor Family |
Desktop |
A0653 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0655 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0652 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A1 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A8 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
706E5 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile Embedded |
906E9 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
7th Generation Intel® Core™ Processor Family |
Desktop Embedded |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
Intel® Core™ X-series Processors |
Desktop |
906E9 |
|
Intel® Xeon® Processor E3 v6 Family |
Server Workstation AMT Server |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Desktop Embedded |
506E3 |
|
6th Generation Intel® Core™ Processors |
Mobile |
406E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
Intel® Xeon® Processor E3 v5 Family |
Server Workstation AMT Server |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EB |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EC |
Mitigation
Install updates from vendor's website.
Vulnerable software versions
8th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Pentium Processor Silver Series: All versions
Intel Celeron Processor J Series: All versions
Intel Celeron Processor N Series: All versions
7th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Xeon Processor E3 v6 Family: All versions
6th Generation Intel Core Processors: All versions
Intel Xeon Processor E3 v5 Family: All versions
CPE
External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
