Intel Discloses 40 More Security Advisories - PLATYPUS Is An Interesting One
Written by Michael Larabel in Intel on 10 November 2020 at 01:34 PM EST. 20 Comments
INTEL --
As part of Intel's monthly security disclosures the company is today releasing forty new security advisories today.

With these 40 security advisories for November 2020 they are addressing 95 vulnerabilities. There are security advisories relating to the Converged Security and Management Engine (CSME) as well as the Intel Wireless Bluetooth support -- including a "critical" vulnerability that could lead to escalation of privileges via the LAN.

Also being disclosed today is "PLATYPUS" stemming from information leakage with the Intel Running Average Power Limit (RAPL) interface.

PLATYPUS could lead to local information disclosure through this power interface on mobile / embedded / desktop / server processors. Intel is releasing updated microcode and RAPL changes for PLATYPUS, some of which work just hit the Linux kernel. This also includes now restricting energy meter access. Previously users could read the exposed CPU energy information but now that is being clocked on the basis of forming a security attack. A real pity as the interface is quite convenient and non-root and useful during our testing purposes for monitoring CPU energy use, etc.


PLATYPUS can be exploited to break Intel SGX Enclaves, thwart Kernel Address Space Layout Randomization (KASLR), attacking AES, etc.

More details on this attack at platypusattack.com. Details on the other advisories at Intel.com.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week