Platypus

Bulletin ID: AMP_SB_0003
Potential Impact: Loss of confidential information
Severity: Medium (CVSS 5.3)

Summary

Who is Impacted

Multi-tenant operating environment running on Ampere® Altra®/Ampere® Altra® Max.
 

Potential Impact

Potential Impact: Loss of confidential information
 

Severity

Medium (CVSS 5.3)
This CVSS string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

 

Problem Statement and Impact

Telemetry information made available through the Linux OS HWMon subsystem, which is used by the Ampere® Altra® HWmon driver, allows unprivileged SW access to telemetry. ​


The Linux kernel driver allows an authenticated user to obtain power telemetry information on Ampere® Altra® Family CPUs via HWmon, which can then potentially be exploited to reverse engineer confidential data of another tenant on the same system.​

 

Fixed in

 

Affected Products

Ampere® Altra® and Ampere® Altra® Max​

Recommendations

  • SRP 1.08b or later for Ampere® Altra®
  • SRP 2.05 or later for Ampere® Altra® Max​