CVE-2020-12912

{"id": "CVE-2020-12912", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-11-12T20:15:15.127", "references": [{"url": "https://www.amd.com/en/corporate/product-security", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-749"}]}], "descriptions": [{"lang": "en", "value": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access."}, {"lang": "es", "value": "Una vulnerabilidad potencial en la extensi\u00f3n de AMD para el servicio \"hwmon\" de Linux puede permitir a un atacante utilizar la interfaz RAPL (Running Average Power Limit) basada en Linux para mostrar varios ataques de canal lateral. De acuerdo con los socios de la industria, AMD ha actualizado la interfaz RAPL para requerir acceso privilegiado"}], "lastModified": "2020-12-03T02:12:21.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amd:energy_driver_for_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06484815-E80E-42E3-9350-BB04B56AC658"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}