{
  "threat_severity" : "Moderate",
  "public_date" : "2020-11-10T00:00:00Z",
  "bugzilla" : {
    "description" : "hw: Information disclosure issue in Intel SGX via RAPL interface",
    "id" : "1828583",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", "A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem." ],
  "acknowledgement" : "Red Hat would like to thank Intel for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-11-11T00:00:00Z",
    "advisory" : "RHSA-2020:5083",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-73.2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-08-09T00:00:00Z",
    "advisory" : "RHSA-2021:3028",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-73.11.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5188",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "microcode_ctl-2:2.1-12.34.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3323",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "microcode_ctl-2:2.1-12.39.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5183",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "microcode_ctl-2:2.1-16.37.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3322",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "microcode_ctl-2:2.1-16.42.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5183",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.3",
    "package" : "microcode_ctl-2:2.1-16.37.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5183",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.3",
    "package" : "microcode_ctl-2:2.1-16.37.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5182",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "microcode_ctl-2:2.1-22.36.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5182",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "microcode_ctl-2:2.1-22.36.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5182",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "microcode_ctl-2:2.1-22.36.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5181",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "microcode_ctl-2:2.1-47.18.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5190",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "microcode_ctl-2:2.1-53.13.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3029",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "microcode_ctl-2:2.1-53.18.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-11T00:00:00Z",
    "advisory" : "RHSA-2020:5085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20200609-2.20201027.1.el8_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-09T00:00:00Z",
    "advisory" : "RHSA-2021:3027",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20210216-1.20210608.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5186",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.0",
    "package" : "microcode_ctl-4:20180807a-2.20201112.1.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2020-12-08T00:00:00Z",
    "advisory" : "RHSA-2020:5369",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "microcode_ctl-4:20190618-1.20201112.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-08-17T00:00:00Z",
    "advisory" : "RHSA-2021:3176",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "microcode_ctl-4:20190618-1.20210608.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5185",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20201112.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3364",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20210608.1.el8_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-8695\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8695\nhttps://en.wikipedia.org/wiki/Power_analysis\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html" ],
  "name" : "CVE-2020-8695",
  "mitigation" : {
    "value" : "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
    "lang" : "en:us"
  },
  "csaw" : false
}