A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem. This creates a 'power analysis' side channel, where the attacker can use the RAPL values exported to the operating system as a method to analyse the side channel without physical access.
Acknowledgments: Name: Intel
External References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html https://en.wikipedia.org/wiki/Power_analysis
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5085 https://access.redhat.com/errata/RHSA-2020:5085
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5083 https://access.redhat.com/errata/RHSA-2020:5083
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8695
Mitigation: Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace. The command: ~~~ sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj ~~~ Will do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:5183 https://access.redhat.com/errata/RHSA-2020:5183
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:5182 https://access.redhat.com/errata/RHSA-2020:5182
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5186 https://access.redhat.com/errata/RHSA-2020:5186
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:5181 https://access.redhat.com/errata/RHSA-2020:5181
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5185 https://access.redhat.com/errata/RHSA-2020:5185
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:5188 https://access.redhat.com/errata/RHSA-2020:5188
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:5190 https://access.redhat.com/errata/RHSA-2020:5190
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5369 https://access.redhat.com/errata/RHSA-2020:5369
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3027 https://access.redhat.com/errata/RHSA-2021:3027
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3028 https://access.redhat.com/errata/RHSA-2021:3028
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:3029 https://access.redhat.com/errata/RHSA-2021:3029
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3176 https://access.redhat.com/errata/RHSA-2021:3176
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:3255 https://access.redhat.com/errata/RHSA-2021:3255
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2021:3323 https://access.redhat.com/errata/RHSA-2021:3323
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2021:3322 https://access.redhat.com/errata/RHSA-2021:3322
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:3317 https://access.redhat.com/errata/RHSA-2021:3317
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3364 https://access.redhat.com/errata/RHSA-2021:3364