Company
Products
Solutions
Developers
Support
News & Events
Careers
EN
EN
EnglishChinese
Ampere Computing Logo
Ampere Computing Logo
Solutions
Solutions Home
Systems
Solutions
Performance Overview
Reference Architecture Overview
Tuning Guides for Cloud Native Processing
Tutorials
Workload Briefs Overview
Where to Try
Ampere Systems
Ampere Altra
Azure
Equinix
Google Cloud
Hewlett Packard Enterprise
Oracle
Tencent Cloud
Ampere AIDownloadsHow It WorksFAQs
Frameworks
Arm NativeSoftware PartnersArm Native Use CasesFAQs
Arm Native Solution Regressions
Big DataArchitectureComponentsFrameworksFAQs
Big Data Solution Regressions
Cloud Native
Storage SolutionsTested SolutionsFAQs
Video ServicesArchitecture
Video Solution Regressions
Web ServicesArchitectureApplicationsFAQs
Web Services Regressions
Developers
Developer CenterDesigning Cloud ApplicationsBuilding Cloud ApplicationsDeploying Cloud ApplicationsUsing Your DataWorking with Open SourceAmpere Ready SoftwareCommunity Forum
Support
Customer Connect HomeProductsHelp
EN
EN
EnglishChinese
Hero Image

Platypus

Bulletin ID: AMP_SB_0003

Potential Impact: Loss of confidential information

Severity: Medium (CVSS 5.3)

Summary

Who is Impacted

Multi-tenant operating environment running on Ampere® Altra®/Ampere® Altra® Max.

Potential Impact

Potential Impact: Loss of confidential information

Severity

Medium (CVSS 5.3) This CVSS string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem Statement and Impact

Telemetry information made available through the Linux OS HWMon subsystem, which is used by the Ampere® Altra® HWmon driver, allows unprivileged SW access to telemetry. ​

The Linux kernel driver allows an authenticated user to obtain power telemetry information on Ampere® Altra® Family CPUs via HWmon, which can then potentially be exploited to reverse engineer confidential data of another tenant on the same system.​

Fixed in

  • SRP 1.08b or later for Ampere® Altra® Ampere SRP 1.08b.20211015 Binary Package
  • SRP 2.05 or later for Ampere® Altra® Max Ampere SRP aco2 r2.05.20211217 Binary Package

Affected Products

Ampere® Altra® and Ampere® Altra® Max.

Recommendations

  • SRP 1.08b or later for Ampere® Altra

  • SRP 2.05 or later for Ampere® Altra® Max.

Created At : December 26th 2022, 6:22:59 am
Last Updated At : December 29th 2022, 9:00:42 am
Ampere Logo

Ampere Computing

4655 Great America Parkway

Suite 601 Santa Clara, CA 95054

Tel: +1-669-770-3700

info[at]amperecomputing.com

About
Contact Us
Privacy Policy
Cookie Use Policy
CCPA Policy Notice
Sitemap
image
image
image
image
© 2023 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.