Platypus

Bulletin ID: AMP_SB_0003

Potential Impact: Loss of confidential information

Severity: Medium (CVSS 5.3)

Summary

Who is Impacted

Multi-tenant operating environment running on Ampere^® Altra^®/Ampere^® Altra^® Max.

Potential Impact

Potential Impact: Loss of confidential information

Severity

Medium (CVSS 5.3) This CVSS string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem Statement and Impact

Telemetry information made available through the Linux OS HWMon subsystem, which is used by the Ampere^® Altra^® HWmon driver, allows unprivileged SW access to telemetry. ​

The Linux kernel driver allows an authenticated user to obtain power telemetry information on Ampere^® Altra^® Family CPUs via HWmon, which can then potentially be exploited to reverse engineer confidential data of another tenant on the same system.​

Fixed in

• SRP 1.08b or later for Ampere^® Altra^® Ampere SRP 1.08b.20211015 Binary Package
• SRP 2.05 or later for Ampere^® Altra^® Max Ampere SRP aco2 r2.05.20211217 Binary Package

Affected Products

Ampere^® Altra^® and Ampere^® Altra^® Max.

Recommendations

• SRP 1.08b or later for Ampere^® Altra

• SRP 2.05 or later for Ampere^® Altra^® Max.