interesting – although exploiting this vuln would still mean the system management of the target was a bit sloppy especially if it is a security/safety critical system. Even if it is only monthly/quarterly someone should be checking the temp management system works well; it is a trade off between electricity consumption and system reliability. Electronics that is running way too hot will sooner or later go badly defective – in somewhere like heavy industry, healthcare or nuclear power has wider safety implications.
Unless the entire kernel is hacked to suppress the messages that temp sensors, ventilator fans and power management in chipsets send to the kernel (which can normally be picked out via dmesg or /var/log/messages on most Linux systems) this should be noticed as “odd behaviour” which could equally be caused by faulty components and the offending server taken out of service for maintenance.
If the organisation lacks the resources to do that (not just the spare hardware but engineers who know what to look for). it that becomes a security risk in its own right.
TBH I’ve noticed a common trend in all these embedded system/hardware related vulns (and also wider stuff like the “Hacking team” malwares) they work when the targets are well resourced but relatively “dumb” in terms of basic scientific knowledge – when it comes to security.
if the system is genuinely air gapped (i.e with real air and sufficient space) it wouldn’t need particularly sophisticated fan speed control and temp monitoring in the first place; and also can (and should) be kept well clear of anything else that is not authorised to be in the same area….
