Bug 1828583 (CVE-2020-8695)

Summary: CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, bskeggs, esyr, hdegoede, itamar, jarodwilson, jcm, jeremy, jforbes, jglisse, jonathan, josef, jwboyer, kernel-maint, lgoncalv, linville, masami256, mchehab, mjg59, pmatouse, poros, ptalbert, qzhao, security-response-team, skozina, steved, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-11 14:21:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1844292, 1844293, 1893256, 1893257, 1893258, 1893259, 1893260, 1893261, 1893262, 1893263, 1893264, 1893265, 1893266    
Bug Blocks: 1828584    

Comment 1 Wade Mealing 2020-05-21 04:45:40 UTC 
A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.

This creates a 'power analysis' side channel, where the attacker can use the RAPL values exported to the operating system as a method to analyse the side channel without physical access.
Comment 9 Petr Matousek 2020-06-05 12:18:40 UTC 
Acknowledgments:

Name: Intel
Comment 11 Petr Matousek 2020-11-10 19:30:41 UTC 
External References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
https://en.wikipedia.org/wiki/Power_analysis
Comment 14 errata-xmlrpc 2020-11-11 09:46:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5085 https://access.redhat.com/errata/RHSA-2020:5085
Comment 15 errata-xmlrpc 2020-11-11 10:13:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5083 https://access.redhat.com/errata/RHSA-2020:5083
Comment 16 Product Security DevOps Team 2020-11-11 14:21:18 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8695
Comment 17 Doran Moppert 2020-11-12 11:37:42 UTC 
Mitigation:

Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  

The command:
~~~
sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
~~~
Will do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.
Comment 27 errata-xmlrpc 2020-11-23 17:44:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2020:5183 https://access.redhat.com/errata/RHSA-2020:5183
Comment 28 errata-xmlrpc 2020-11-23 17:45:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:5182 https://access.redhat.com/errata/RHSA-2020:5182
Comment 29 errata-xmlrpc 2020-11-23 17:46:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:5186 https://access.redhat.com/errata/RHSA-2020:5186
Comment 30 errata-xmlrpc 2020-11-23 17:55:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:5181 https://access.redhat.com/errata/RHSA-2020:5181
Comment 31 errata-xmlrpc 2020-11-23 17:57:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5185 https://access.redhat.com/errata/RHSA-2020:5185
Comment 32 errata-xmlrpc 2020-11-23 18:56:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2020:5188 https://access.redhat.com/errata/RHSA-2020:5188
Comment 33 errata-xmlrpc 2020-11-23 19:21:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:5190 https://access.redhat.com/errata/RHSA-2020:5190
Comment 40 errata-xmlrpc 2020-12-08 10:34:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:5369 https://access.redhat.com/errata/RHSA-2020:5369
Comment 41 errata-xmlrpc 2021-08-09 09:51:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3027 https://access.redhat.com/errata/RHSA-2021:3027
Comment 42 errata-xmlrpc 2021-08-09 10:09:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3028 https://access.redhat.com/errata/RHSA-2021:3028
Comment 44 errata-xmlrpc 2021-08-10 13:40:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:3029 https://access.redhat.com/errata/RHSA-2021:3029
Comment 45 errata-xmlrpc 2021-08-17 08:30:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3176 https://access.redhat.com/errata/RHSA-2021:3176
Comment 46 errata-xmlrpc 2021-08-24 09:54:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:3255 https://access.redhat.com/errata/RHSA-2021:3255
Comment 47 errata-xmlrpc 2021-08-31 07:56:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2021:3323 https://access.redhat.com/errata/RHSA-2021:3323
Comment 48 errata-xmlrpc 2021-08-31 08:04:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:3322 https://access.redhat.com/errata/RHSA-2021:3322
Comment 49 errata-xmlrpc 2021-08-31 08:24:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:3317 https://access.redhat.com/errata/RHSA-2021:3317
Comment 50 errata-xmlrpc 2021-08-31 09:21:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3364 https://access.redhat.com/errata/RHSA-2021:3364