SUSE releases fixes for new PLATYPUS attack

Today security researchers from TU Graz have published a new side-channel information leak attack using power metering in modern Intel CPUs.

With this side-channel attack on power consumption fluctuations it is possible to extract secret information on the same CPU, like for instance key material from SGX enclaves or the Linux kernel, or KASLR information to help other attacks.

As the attacks have a low bandwidth of information extraction, attacks likely only succeed against unloaded systems and under laboratory conditions.

SUSE is applying mitigations for the Linux Kernel, where user access to the power consumption registers is restricted to the system administrator, and publishing Linux kernel and Intel CPU microcode updates.

References:

• PLATYPUS Attack Website
• SUSE TID 19778
• SUSE CVE-2020-8694 page
• SUSE CVE-2020-8695 page

The PLATYPUS attack, while potentially serious to unpatched systems, poses little danger to those who keep their SUSE product patched and up to date. We are releasing fixes and updates to all affected versions, eliminating the potential for disruption.

If you have any questions or concerns, please reach out to your SUSE contact. Security and reliability continue to be top priorities for SUSE because they are top priorities for our customers and partners. And as always, customers and partners come first.