Vulnerabilities > CVE-2020-12912 - Information Exposure Through Discrepancy vulnerability in AMD Energy Driver for Linux

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

amd

CWE-203

NVD

Published: 2020-11-12

Updated: 2020-12-03

Summary

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

Vulnerable Configurations

Part	Description	Count
Application	Amd AMD Energy Driver FOR Linux *	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.amd.com/en/corporate/product-security