Intel Discloses 40 More Security Advisories - PLATYPUS Is An Interesting One

Written by Michael Larabel in Intel on 10 November 2020 at 01:34 PM EST. 20 Comments
INTEL
As part of Intel's monthly security disclosures the company is today releasing forty new security advisories today.

With these 40 security advisories for November 2020 they are addressing 95 vulnerabilities. There are security advisories relating to the Converged Security and Management Engine (CSME) as well as the Intel Wireless Bluetooth support -- including a "critical" vulnerability that could lead to escalation of privileges via the LAN.

Also being disclosed today is "PLATYPUS" stemming from information leakage with the Intel Running Average Power Limit (RAPL) interface.

PLATYPUS could lead to local information disclosure through this power interface on mobile / embedded / desktop / server processors. Intel is releasing updated microcode and RAPL changes for PLATYPUS, some of which work just hit the Linux kernel. This also includes now restricting energy meter access. Previously users could read the exposed CPU energy information but now that is being clocked on the basis of forming a security attack. A real pity as the interface is quite convenient and non-root and useful during our testing purposes for monitoring CPU energy use, etc.


PLATYPUS can be exploited to break Intel SGX Enclaves, thwart Kernel Address Space Layout Randomization (KASLR), attacking AES, etc.

More details on this attack at platypusattack.com. Details on the other advisories at Intel.com.
20 Comments
Related News
Intel oneDNN 3.1 Further Optimizing For Sapphire Rapids, Starts Tuning For Sierra Forest
Intel Data Center & AI Update 2023: Sierra Forest & Granite Rapids On Track
Intel Releases GPGMM v0.1 GPU Memory Management Library
Intel XeSS SDK 1.1 Released
Intel Prepares More Meteor Lake Graphics Code For Linux 6.4
Intel LAM Will Try Again For Linux 6.4
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OBS Studio Lands AV1 & HEVC RTMP Streaming Support
Framework Laptop Launches AMD Ryzen Upgradeable Laptop, Intel Raptor Lake Models Too
Proxmox VE 7.4 Released With Linux 5.15 LTS + Linux 6.2 Support, New Dark Theme
AMD FidelityFX Super Resolution 3 "FSR 3" Will Be Open-Source
NVIDIA 530.41.03 Linux Driver Released With IBT Kernel Support, Vulkan Video
Ubuntu 20.04.6 LTS Released With Restored UEFI Secure Boot Support
MidnightBSD 3.0 Available With Many Software Updates & Fixes
Wine's VKD3D 1.7 Implements More Direct3D 12 Functionality Atop Vulkan