CVE-2020-12912 Overview
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.
Critical Impact
This side channel vulnerability allows unprivileged local attackers to potentially extract sensitive information by monitoring power consumption patterns through the RAPL interface, enabling cryptographic key extraction and other information disclosure attacks.
Affected Products
- AMD Energy Driver for Linux (all versions prior to security update)
Discovery Timeline
- 2020-11-12 - CVE CVE-2020-12912 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2020-12912
Vulnerability Analysis
This vulnerability falls under two CWE categories: CWE-749 (Exposed Dangerous Method or Function) and CWE-203 (Observable Discrepancy). The RAPL interface in AMD's Linux energy driver exposes power consumption metrics that can be leveraged by attackers to perform side channel attacks. By monitoring fine-grained power consumption data, an attacker can infer sensitive information about concurrent processes, including cryptographic operations.
The attack requires local access to the system but does not require elevated privileges in vulnerable configurations. The vulnerability enables high confidentiality impact as attackers can potentially extract sensitive data such as cryptographic keys through power analysis techniques. The integrity and availability of the system remain unaffected.
Root Cause
The root cause of this vulnerability is the exposure of the RAPL interface to unprivileged users through the Linux hwmon subsystem. The AMD energy driver allowed any local user to read power consumption metrics without requiring elevated privileges. This design flaw enables side channel attacks where an attacker monitors power fluctuations to deduce information about operations being performed by other processes on the system.
Attack Vector
The attack vector is local, requiring the attacker to have user-level access to the target Linux system running the vulnerable AMD energy driver. The attacker exploits the publicly accessible RAPL interface through the /sys/class/hwmon/ filesystem entries to read real-time power consumption data. By correlating these power measurements with the execution of cryptographic algorithms or other sensitive operations, the attacker can perform differential power analysis or similar techniques to extract secrets.
The attack does not require user interaction and can be performed with low complexity once local access is obtained. Research has demonstrated that RAPL-based side channel attacks can successfully recover AES keys and other cryptographic material from SGX enclaves and regular processes.
Detection Methods for CVE-2020-12912
Indicators of Compromise
- Unusual read access patterns to /sys/class/hwmon/ entries by unprivileged processes
- Processes repeatedly sampling power consumption data at high frequency
- Presence of power analysis tools or custom scripts targeting RAPL interfaces
- Suspicious correlation between power monitoring and cryptographic operations timing
Detection Strategies
- Monitor access to hwmon and RAPL-related sysfs entries for abnormal read patterns
- Implement audit rules for /sys/class/hwmon/ and /sys/class/powercap/ directories
- Use system call tracing to identify processes accessing power measurement interfaces
- Deploy endpoint detection solutions that can identify known side channel attack tools
Monitoring Recommendations
- Enable Linux audit framework to log access to power measurement interfaces
- Implement file integrity monitoring on hwmon configuration files
- Review system logs for unusual patterns of sysfs access by non-root users
- Correlate power interface access with concurrent cryptographic operations
How to Mitigate CVE-2020-12912
Immediate Actions Required
- Update the AMD energy driver to the patched version that requires privileged access for RAPL interface
- Restrict access to /sys/class/hwmon/ entries using file permissions or SELinux/AppArmor policies
- Audit local user accounts and remove unnecessary access from untrusted users
- Consider disabling the AMD energy driver on systems where power monitoring is not required
Patch Information
AMD has updated the RAPL interface to require privileged access in coordination with industry partners. System administrators should apply the latest kernel updates and AMD driver updates that implement this security fix. Refer to the AMD Product Security Information page for official patch details and guidance.
Workarounds
- Manually restrict permissions on hwmon sysfs entries to root-only access
- Use mandatory access control (SELinux/AppArmor) to prevent unprivileged access to power monitoring interfaces
- Disable the amd_energy kernel module if power monitoring functionality is not required
- Implement network segmentation and limit local access to sensitive systems
# Configuration example - Restrict access to hwmon entries
# Disable amd_energy module
sudo modprobe -r amd_energy
echo "blacklist amd_energy" | sudo tee /etc/modprobe.d/blacklist-amd-energy.conf
# Or restrict permissions on hwmon entries (temporary, resets on reboot)
sudo chmod 400 /sys/class/hwmon/hwmon*/energy*_input
# Add SELinux/AppArmor policy to restrict access permanently
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
