Company
Solutions
Search
EN
EN
EnglishChinese
Ampere Computing Logo
Solutions
Solutions Home
SolutionsCloud Native SolutionsBriefs OverviewTutorials OverviewTuning Guides OverviewWhere to Try
Developers
Developers CenterDesigning Cloud ApplicationsBuilding Cloud ApplicationsDeploying Cloud ApplicationsUsing Your DataAmpere Ready SoftwareWorking with Open SourceCommunity Forum
Search
Hero Image

Platypus

Bulletin ID: AMP_SB_0003

Potential Impact: Loss of confidential information

Severity: Medium (CVSS 5.3)

Summary

Who is Impacted

Multi-tenant operating environment running on Ampere® Altra®/Ampere® Altra® Max.

Potential Impact

Potential Impact: Loss of confidential information

Severity

Medium (CVSS 5.3) This CVSS string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem Statement and Impact

Telemetry information made available through the Linux OS HWMon subsystem, which is used by the Ampere® Altra® HWmon driver, allows unprivileged SW access to telemetry. ​

The Linux kernel driver allows an authenticated user to obtain power telemetry information on Ampere® Altra® Family CPUs via HWmon, which can then potentially be exploited to reverse engineer confidential data of another tenant on the same system.​

Fixed in

  • SRP 1.08b or later for Ampere® Altra® Ampere SRP 1.08b.20211015 Binary Package
  • SRP 2.05 or later for Ampere® Altra® Max Ampere SRP aco2 r2.05.20211217 Binary Package

Affected Products

Ampere® Altra® and Ampere® Altra® Max.

Recommendations

  • SRP 1.08b or later for Ampere® Altra

  • SRP 2.05 or later for Ampere® Altra® Max.

Created At : December 26th 2022, 6:22:59 am
Last Updated At : May 30th 2023, 11:31:49 pm

Ampere Computing

4655 Great America Parkway

Suite 601 Santa Clara, CA 95054

image
image
image
image
© 2023 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.
This site is running on Ampere Altra Processors.