This vulnerability opens the door for an unprivileged user to steal data by reconstructing the information received through the RAPL power monitoring interface. This interface is included in the Intel CVE-2020-8694, CVE-2020-8695 and AMD CVE-2020-12912 processors.
Linux operating systems are more vulnerable to PLATYPUS, as the kernel’s Powercap framework allows users without administrator permissions to access RAPL counters. In this way, CPU and DRAM consumption is exposed to possible tracing. Carrying out this attack on Windows and macOS systems requires additional effort, as the Inter Power Gadget package needs to be installed, which requires privileged access.
Both Intel and AMD, as well as the developers of the Xen hypervisor, have already released patches to prevent their products from being affected by this attack.
More information at this link.
0 Comments