CVE-2020-12912

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2020-12912 MGASA-2021-0030 MGASA-2021-0031 OPENSUSE-SU-2024:13469-1 OPENSUSE-SU-2025:15589-1 SUSE-SU-2023:4625-1

Modified

Published: 12 Nov 2020, 19:08

Last modified:04 Aug 2024, 12:11

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.84% LOW

1% probability +0.16%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Nov 2020, 19:08

Published

Vulnerability first disclosed

04 Aug 2024, 12:11

Last Modified

Vulnerability information updated

Description

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.84%• Percentile: 75%

Techniques & Countermeasures

CWE-203•Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
CWE-749•Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (1)

https://www.amd.com/en/corporate/product-security