CVE-2020-8695Observable Discrepancy in Intel-microcode

CWE-203Observable DiscrepancyCWE-1256Improper Restriction of Software Interfaces to Hardware FeaturesCWE-200Sensitive Information Exposure19 documents10 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 64.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Github.com Containerd ContainerdGithub.com Docker DockerDebian Intel-microcode+2 more
Timeline
PublishedNov 12
Latest updateDec 19

Description

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/intel-microcode< intel-microcode 3.20201110.1 (bookworm)
Gogithub.com/docker_docker24.0.024.0.7+2
Gogithub.com/containerd_containerd1.7.01.7.11+1

Also affects: Debian Linux 9.0, Fedora 31, 32, 33

🔴Vulnerability Details

9
OSV
containerd allows RAPL to be accessible to a container2023-12-19
GHSA
containerd allows RAPL to be accessible to a container2023-12-19
GHSA
/sys/devices/virtual/powercap accessible by default to containers2023-10-30
OSV
/sys/devices/virtual/powercap accessible by default to containers2023-10-30
GHSA
GHSA-55fx-92rr-h42r: Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via2022-05-24

📋Vendor Advisories

5
Ubuntu
Intel Microcode vulnerabilities2021-05-17
Ubuntu
Intel Microcode regression2020-11-12
Ubuntu
Intel Microcode vulnerabilities2020-11-11
Red Hat
hw: Information disclosure issue in Intel SGX via RAPL interface2020-11-10
Debian
CVE-2020-8695: intel-microcode - Observable discrepancy in the RAPL interface for some Intel(R) Processors may al...2020

📐Framework References

2
CWE
Improper Restriction of Software Interfaces to Hardware Features
CWE
Observable Discrepancy

📄Research Papers

1
arXiv
DeepTheft: Stealing DNN Model Architectures through Power Side Channel2023-09-21

💬Community

1
Bugzilla
CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface2020-04-27