Platypus

Intel power side-channels CVE-2020-8694 and CVE-2020-8695 (aka Platypus)

Researchers have found that power side-channel attacks are possible by reading sysfs files under Linux. Fixed kernels have been released for Ubuntu, but the issue can be mitigated by changing the file permissions by running the following command:

find /sys/devices/virtual/powercap/ -name energy_uj -exec chmod 400 {} \;

Timeline

* 2020 Nov 10 - Kernels released in USN-4626-1

* 2020 Nov 11 - Intel microcode released in USN-4628-1

* 2020 Nov 12 - Intel microcode regression addressed in USN-4628-2 -- remove the microcode for the Tiger Lake family of processors

Microcode regression

The microcode update has caused some systems to fail to boot. The recovery kernels in the boot configuration should work; if they are missing for whatever reason, please add the dis_ucode_ldr kernel command line parameter as appropriate.

SecurityTeam/KnowledgeBase/Platypus (last edited 2020-11-13 04:23:10 by seth-arnold)