A 'power analysis' side channel was found in the PowerCap framework. A local authenticated attacker can potentially use the powercap measurements to infer usually private information by measuring the power used by operations on the hidden information.
Mitigation: A temporary measure would be to remove the ability for non-root users to read the current RAPL energy reporting metrics. This can be done with the command: $ sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.
Acknowledgments: Name: Intel
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1896525]
Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c49