CVE-2020-8694 in Ubuntu

CVE-2020-8694

Priority

Description

Insufficient access control in the Linux kernel driver for some Intel(R)
Processors may allow an authenticated user to potentially enable
information disclosure via local access.

Ubuntu-Description

Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) driver in the Linux kernel did not properly
restrict access to power data. A local attacker could possibly use this to
expose sensitive information.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
https://platypusattack.com/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus
https://ubuntu.com/security/notices/USN-4626-1
https://ubuntu.com/security/notices/USN-4627-1

Mitigation

Restrict permissions on the affected sysfs entries:

$ sudo find /sys/devices/virtual/powercap/ -name energy_uj -exec chmod 400 {} \;

Notes

sbeattie

fix will be to adjust the access control bits on the RAPL
sysfs files.

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-123.126)
Ubuntu 20.04 LTS:	released (5.4.0-53.59)
Ubuntu 16.04 ESM:	released (4.4.0-194.226)
Ubuntu 14.04 ESM:	released (3.13.0-183.234)

Patches:

Introduced by

2d281d8196e38dd3a4ee9af26621ddde8329f269

Fixed by

949dd0104c496fa7c14991a23c03c62e44637e71|local-CVE-2020-8694

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 20.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 16.04 ESM:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-aws-5.0 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.3 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 16.04 ESM:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 14.04 ESM:	ignored (was needs-triage ESM criteria)

Patches:

Package

Source: linux-azure-4.15 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.3 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	released (5.4.0-1029.31)
Ubuntu 16.04 ESM:	released (4.15.0-1087.100~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-4.15 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1087.100)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.3 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (5.4.0-1029.31~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-4.15 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1073.78)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.0 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (5.0.0-1050.52)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.3 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-1039.42)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	pending (5.4.0-1029.31~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gkeop-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	pending (5.4.0-1004.5)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (5.3.0-69.65)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (4.15.0-123.126~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (5.4.0-53.59~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-5.8 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	pending (5.8.0-28.30~20.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 20.04 LTS:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 16.04 ESM:	not-affected (# CONFIG_POWERCAP is not set)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-194.226~14.04.1)

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1101.112)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-5.6 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	released (5.6.0-1033.35)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-osp1 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (5.0.0-1071.77)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (4.15.0-1058.64)
Ubuntu 20.04 LTS:	released (5.4.0-1029.31)
Ubuntu 16.04 ESM:	released (4.15.0-1058.64~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.0 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.3 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	released (5.4.0-1029.31~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (# CONFIG_INTEL_RAPL is not set)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi-5.4 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_INTEL_RAPL is not set)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_INTEL_RAPL is not set)
Ubuntu 20.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2-5.3 (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_INTEL_RAPL is not set)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-riscv (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (# CONFIG_INTEL_RAPL is not set)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.10~rc4)
Ubuntu 18.04 LTS:	not-affected (# CONFIG_INTEL_RAPL is not set)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 14:23:06 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)