Platypus
Bulletin ID: AMP_SB_0003
Potential Impact: Loss of confidential information
Severity: Medium (CVSS 5.3)
Summary
Who is Impacted
Multi-tenant operating environment running on Ampere® Altra®/Ampere® Altra® Max.
Potential Impact
Potential Impact: Loss of confidential information
Severity
Medium (CVSS 5.3)
This CVSS string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Problem Statement and Impact
Telemetry information made available through the Linux OS HWMon subsystem, which is used by the Ampere® Altra® HWmon driver, allows unprivileged SW access to telemetry.
The Linux kernel driver allows an authenticated user to obtain power telemetry information on Ampere® Altra® Family CPUs via HWmon, which can then potentially be exploited to reverse engineer confidential data of another tenant on the same system.
Fixed in
- SRP 1.08b or later for Ampere® Altra® Ampere SRP 1.08b.20211015 Binary Package
- SRP 2.05 or later for Ampere® Altra® Max Ampere SRP aco2 r2.05.20211217 Binary Package
Affected Products
Ampere® Altra® and Ampere® Altra® Max
Recommendations
- SRP 1.08b or later for Ampere® Altra®
- SRP 2.05 or later for Ampere® Altra® Max
Who is Impacted
Multi-tenant operating environment running on Ampere® Altra®/Ampere® Altra® Max.Potential Impact
Potential Impact: Loss of confidential informationSeverity
Medium (CVSS 5.3)This CVSS string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Problem Statement and Impact
Telemetry information made available through the Linux OS HWMon subsystem, which is used by the Ampere® Altra® HWmon driver, allows unprivileged SW access to telemetry. The Linux kernel driver allows an authenticated user to obtain power telemetry information on Ampere® Altra® Family CPUs via HWmon, which can then potentially be exploited to reverse engineer confidential data of another tenant on the same system.
Fixed in
- SRP 1.08b or later for Ampere® Altra® Ampere SRP 1.08b.20211015 Binary Package
- SRP 2.05 or later for Ampere® Altra® Max Ampere SRP aco2 r2.05.20211217 Binary Package
Affected Products
Ampere® Altra® and Ampere® Altra® MaxRecommendations
- SRP 1.08b or later for Ampere® Altra®
- SRP 2.05 or later for Ampere® Altra® Max