Ampere Computing Logo
Contact Sales
Ampere Computing Logo
Hero Image

Platypus

Bulletin ID: AMP_SB_0003

Potential Impact: Loss of confidential information

Severity: Medium (CVSS 5.3)

Summary

Who is Impacted

Multi-tenant operating environment running on Ampere® Altra®/Ampere® Altra® Max.

Potential Impact

Potential Impact: Loss of confidential information

Severity

Medium (CVSS 5.3) This CVSS string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem Statement and Impact

Telemetry information made available through the Linux OS HWMon subsystem, which is used by the Ampere® Altra® HWmon driver, allows unprivileged SW access to telemetry. ​

The Linux kernel driver allows an authenticated user to obtain power telemetry information on Ampere® Altra® Family CPUs via HWmon, which can then potentially be exploited to reverse engineer confidential data of another tenant on the same system.​

Fixed in

  • SRP 1.08b or later for Ampere® Altra® Ampere SRP 1.08b.20211015 Binary Package
  • SRP 2.05 or later for Ampere® Altra® Max Ampere SRP aco2 r2.05.20211217 Binary Package

Affected Products

Ampere® Altra® and Ampere® Altra® Max.

Recommendations

  • SRP 1.08b or later for Ampere® Altra

  • SRP 2.05 or later for Ampere® Altra® Max.

Created At : December 26th 2022, 6:40:49 am
Last Updated At : December 29th 2022, 9:01:03 am
Ampere Logo

Ampere Computing

4655 Great America Parkway

Suite 601 Santa Clara, CA 95054

image
image
 |  |  |  |  |  | 
© 2022 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.
This site is running on Ampere Altra Processors.