CVE-2020-12912
Publication date 12 November 2020
Last updated 25 August 2025
Ubuntu priority
Description
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.
From the Ubuntu Security Team
It was discovered that the AMD Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux-hwe | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored replaced by linux-hwe-5.4 | |
| linux-azure-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-azure-5.3 | |
| linux-gke-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-oracle-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-raspi-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| linux-aws | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| linux-azure | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Ignored superseded by linux-azure-5.3 | |
| linux-kvm | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| linux-riscv | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| linux-gke-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-gcp | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Ignored superseded by linux-gcp-5.3 | |
| linux-aws-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-aws-5.3 | |
| linux-aws-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-aws-5.4 | |
| linux-aws-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-aws-hwe | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| linux-azure-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-azure-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-azure-5.4 | |
| linux-azure-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-gcp-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-gcp-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-gcp-5.4 | |
| linux-gcp-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-oracle | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| linux-gcp-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-gcp-5.3 | |
| linux-gke-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-gke-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-gkeop-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-hwe-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-hwe-5.8 | ||
| 20.04 LTS focal |
Fixed 5.8.0-34.37~20.04.2
|
|
| 18.04 LTS bionic | Not in release | |
| linux-hwe-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-hwe-5.4 | |
| linux-lts-trusty | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| linux-lts-xenial | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| linux-oem | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-oem-5.6 | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| linux-oem-osp1 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support, was needs-triage | |
| linux-oracle-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-oracle-5.3 | |
| linux-oracle-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored superseded by linux-oracle-5.4 | |
| linux-raspi | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| linux-raspi2 | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| linux-raspi2-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| linux-snapdragon | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-4678-1
- Linux kernel vulnerabilities
- 6 January 2021
Other references
- https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b44948107b0@roeck-us.net/T/#ma48754bff34127867149bf466fc2f9c2deea3960
- https://bugzilla.redhat.com/show_bug.cgi?id=1897402
- https://support.lenovo.com/lu/uk/product_security/LEN-50481
- https://www.amd.com/en/corporate/product-security
- https://www.cve.org/CVERecord?id=CVE-2020-12912