CVE-2020-28368

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Information

Published : 2020-11-10 11:15

Updated : 2022-01-01 10:18


NVD link : CVE-2020-28368

Mitre link : CVE-2020-28368


JSON object : View

CWE
CWE-862

Missing Authorization

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

xen

  • xen

fedoraproject

  • fedora