#VU48372 Observable Response Discrepancy in Intel Client/Desktop applications


Published: 2020-11-11

Vulnerability identifier: #VU48372

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-8695

CWE-ID: CWE-204

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
8th Generation Intel Core Processors
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Xeon Processor E Family
Hardware solutions / Firmware
Intel Pentium Processor Silver Series
Hardware solutions / Firmware
Intel Celeron Processor J Series
Hardware solutions / Firmware
Intel Celeron Processor N Series
Hardware solutions / Firmware
7th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Core X-series Processors
Hardware solutions / Firmware
Intel Xeon Processor E3 v6 Family
Hardware solutions / Firmware
6th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Xeon Processor E3 v5 Family
Hardware solutions / Firmware
9th Generation Intel Core Processors
Client/Desktop applications / Web browsers

Vendor: Intel

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to observable discrepancy in the Running Average Power Limit (RAPL) Interface. A local administrator can gain access to sensitive information on the target system.

Affected products:

Product Collection

Vertical Segment

CPUID

8th Generation Intel® Core™ Processor Family

Mobile

806E9

10th Generation Intel® Core™ Processor Family

Mobile

806EC

8th Generation Intel® Core™ Processor Family

Mobile

906EA

9th Generation Intel® Core™ Processor Family

Mobile

906EC

8th Generation Intel® Core™ Processor Family

Desktop

906EA

9th Generation Intel® Core™ Processor Family

Desktop

906EC

Intel® Xeon® Processor E Family

Server Workstation AMT Server

906EA

8th Generation Intel® Core™ Processor Family

Mobile

806EA

8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series

Desktop

906EB

Intel® Xeon® Processor E Family

Server Workstation AMT Server

906EA

8th Generation Intel® Core™ Processor Family

Desktop

906EA

9th Generation Intel® Core™ Processor Family

Desktop

906ED

9th Generation Intel® Core™ Processor Family

Desktop

906ED

10th Generation Intel® Core™ Processor Family

Mobile

A0660

10th Generation Intel® Core™ Processor Family

Mobile

A0661

10th Generation Intel® Core™ Processor Family

Mobile

806EC

10th Generation Intel® Core™ Processor Family

Desktop

A0653

10th Generation Intel® Core™ Processor Family

Mobile

A0655

10th Generation Intel® Core™ Processor Family

Mobile

A0652

Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series

Desktop Mobile Embedded

706A1

Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series

Desktop Mobile Embedded

706A8

10th Generation Intel® Core™ Processor Family

Mobile

706E5

8th Generation Intel® Core™ Processor Family

Mobile

906E9

7th Generation Intel® Core™ Processor Family

Mobile Embedded

906E9

8th Generation Intel® Core™  Processor Family

Mobile

806EA

7th Generation Intel® Core™ Processor Family

Desktop Embedded

906E9

7th Generation Intel® Core™ Processor Family

Mobile

806E9

7th Generation Intel® Core™

Processor Family

Mobile

806E9

Intel® Core™ X-series Processors

Desktop

906E9

Intel® Xeon® Processor E3 v6 Family

Server Workstation AMT Server

906E9

7th Generation Intel® Core™ Processor Family

Mobile

806E9

6th Generation Intel® Core™ Processor Family

Mobile

506E3

6th Generation Intel® Core™ Processor Family

Desktop Embedded

506E3

6th Generation Intel® Core™ Processors

Mobile

406E3

6th Generation Intel® Core™ Processor Family

Mobile

406E3

Intel® Xeon® Processor E3 v5 Family

Server Workstation AMT Server

506E3

6th Generation Intel® Core™ Processor Family

Mobile

406E3

8th Generation Intel® Core™ Processors

Mobile

806EB

8th Generation Intel® Core™ Processors

Mobile

806EC

Mitigation
Install updates from vendor's website.

Vulnerable software versions

8th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

Intel Xeon Processor E Family: All versions

Intel Pentium Processor Silver Series: All versions

Intel Celeron Processor J Series: All versions

Intel Celeron Processor N Series: All versions

7th Generation Intel Core Processors: All versions

Intel Core X-series Processors: All versions

Intel Xeon Processor E3 v6 Family: All versions

6th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v5 Family: All versions


CPE

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability