Vulnerabilities > CVE-2020-28368 - Missing Authorization vulnerability in multiple products

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
xen
fedoraproject
debian
CWE-862

Summary

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Vulnerable Configurations

Part Description Count
OS
Xen
320
OS
Fedoraproject
1
OS
Debian
1

Common Weakness Enumeration (CWE)