1828583 – (CVE-2020-8695) CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface

Bug 1828583 (CVE-2020-8695) - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface

Summary: CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-8695
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1844292 1844293 1893256 1893257 1893258 1893259 1893260 1893261 1893262 1893263 1893264 1893265 1893266
Blocks:	1828584
TreeView+	depends on / blocked

Reported:	2020-04-27 20:41 UTC by Pedro Sampaio
Modified:	2021-08-31 09:21 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.
Clone Of:
Environment:
Last Closed:	2020-11-11 14:21:18 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:5083	None	None	None	2020-11-11 10:13:37 UTC
Red Hat Product Errata	RHSA-2020:5085	None	None	None	2020-11-11 09:46:44 UTC
Red Hat Product Errata	RHSA-2020:5181	None	None	None	2020-11-23 17:55:22 UTC
Red Hat Product Errata	RHSA-2020:5182	None	None	None	2020-11-23 17:45:39 UTC
Red Hat Product Errata	RHSA-2020:5183	None	None	None	2020-11-23 17:44:18 UTC
Red Hat Product Errata	RHSA-2020:5185	None	None	None	2020-11-23 17:57:27 UTC
Red Hat Product Errata	RHSA-2020:5186	None	None	None	2020-11-23 17:47:01 UTC
Red Hat Product Errata	RHSA-2020:5188	None	None	None	2020-11-23 18:56:40 UTC
Red Hat Product Errata	RHSA-2020:5190	None	None	None	2020-11-23 19:21:22 UTC
Red Hat Product Errata	RHSA-2020:5369	None	None	None	2020-12-08 10:34:22 UTC
Red Hat Product Errata	RHSA-2021:3027	None	None	None	2021-08-09 09:51:32 UTC
Red Hat Product Errata	RHSA-2021:3028	None	None	None	2021-08-09 10:09:35 UTC
Red Hat Product Errata	RHSA-2021:3029	None	None	None	2021-08-10 13:40:17 UTC
Red Hat Product Errata	RHSA-2021:3176	None	None	None	2021-08-17 08:30:14 UTC
Red Hat Product Errata	RHSA-2021:3255	None	None	None	2021-08-24 09:54:41 UTC
Red Hat Product Errata	RHSA-2021:3317	None	None	None	2021-08-31 08:24:17 UTC
Red Hat Product Errata	RHSA-2021:3322	None	None	None	2021-08-31 08:04:16 UTC
Red Hat Product Errata	RHSA-2021:3323	None	None	None	2021-08-31 07:56:58 UTC
Red Hat Product Errata	RHSA-2021:3364	None	None	None	2021-08-31 09:21:42 UTC

Comment 1 Wade Mealing 2020-05-21 04:45:40 UTC

A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.

This creates a 'power analysis' side channel, where the attacker can use the RAPL values exported to the operating system as a method to analyse the side channel without physical access.

Comment 9 Petr Matousek 2020-06-05 12:18:40 UTC

Acknowledgments:

Name: Intel

Comment 11 Petr Matousek 2020-11-10 19:30:41 UTC

External References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
https://en.wikipedia.org/wiki/Power_analysis

Comment 14 errata-xmlrpc 2020-11-11 09:46:55 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5085 https://access.redhat.com/errata/RHSA-2020:5085

Comment 15 errata-xmlrpc 2020-11-11 10:13:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5083 https://access.redhat.com/errata/RHSA-2020:5083

Comment 16 Product Security DevOps Team 2020-11-11 14:21:18 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8695

Comment 17 Doran Moppert 2020-11-12 11:37:42 UTC

Mitigation:

Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  

The command:
~~~
sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
~~~
Will do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.

Comment 27 errata-xmlrpc 2020-11-23 17:44:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2020:5183 https://access.redhat.com/errata/RHSA-2020:5183

Comment 28 errata-xmlrpc 2020-11-23 17:45:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:5182 https://access.redhat.com/errata/RHSA-2020:5182

Comment 29 errata-xmlrpc 2020-11-23 17:46:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:5186 https://access.redhat.com/errata/RHSA-2020:5186

Comment 30 errata-xmlrpc 2020-11-23 17:55:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:5181 https://access.redhat.com/errata/RHSA-2020:5181

Comment 31 errata-xmlrpc 2020-11-23 17:57:25 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5185 https://access.redhat.com/errata/RHSA-2020:5185

Comment 32 errata-xmlrpc 2020-11-23 18:56:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2020:5188 https://access.redhat.com/errata/RHSA-2020:5188

Comment 33 errata-xmlrpc 2020-11-23 19:21:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:5190 https://access.redhat.com/errata/RHSA-2020:5190

Comment 40 errata-xmlrpc 2020-12-08 10:34:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:5369 https://access.redhat.com/errata/RHSA-2020:5369

Comment 41 errata-xmlrpc 2021-08-09 09:51:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3027 https://access.redhat.com/errata/RHSA-2021:3027

Comment 42 errata-xmlrpc 2021-08-09 10:09:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3028 https://access.redhat.com/errata/RHSA-2021:3028

Comment 44 errata-xmlrpc 2021-08-10 13:40:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:3029 https://access.redhat.com/errata/RHSA-2021:3029

Comment 45 errata-xmlrpc 2021-08-17 08:30:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3176 https://access.redhat.com/errata/RHSA-2021:3176

Comment 46 errata-xmlrpc 2021-08-24 09:54:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:3255 https://access.redhat.com/errata/RHSA-2021:3255

Comment 47 errata-xmlrpc 2021-08-31 07:56:55 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2021:3323 https://access.redhat.com/errata/RHSA-2021:3323

Comment 48 errata-xmlrpc 2021-08-31 08:04:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:3322 https://access.redhat.com/errata/RHSA-2021:3322

Comment 49 errata-xmlrpc 2021-08-31 08:24:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:3317 https://access.redhat.com/errata/RHSA-2021:3317

Comment 50 errata-xmlrpc 2021-08-31 09:21:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3364 https://access.redhat.com/errata/RHSA-2021:3364

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
bskeggs
esyr
hdegoede
itamar
jarodwilson
jcm
jeremy
jforbes
jglisse
jonathan
josef
jwboyer
kernel-maint
lgoncalv
linville
masami256
mchehab
mjg59
pmatouse
poros
ptalbert
qzhao
security-response-team
skozina
steved
wmealing