CVE-2020-28368

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28368

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28368.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-28368

Downstream

ALPINE-CVE-2020-28368

DEBIAN-CVE-2020-28368

DSA-4804-1

SUSE-SU-2020:14557-1

SUSE-SU-2020:3412-1

SUSE-SU-2020:3413-1

SUSE-SU-2020:3414-1

SUSE-SU-2020:3415-1

SUSE-SU-2020:3416-1

SUSE-SU-2020:3611-1

SUSE-SU-2020:3612-1

SUSE-SU-2020:3615-1

SUSE-SU-2020:3627-1

SUSE-SU-2020:3631-1

SUSE-SU-2020:3653-1

SUSE-SU-2020:3713-1

SUSE-SU-2020:3742-1

SUSE-SU-2021:1023-1

SUSE-SU-2021:1460-1

UBUNTU-CVE-2020-28368

openSUSE-SU-2020:2017-1

openSUSE-SU-2020:2030-1

openSUSE-SU-2020:2162-1

openSUSE-SU-2020:2192-1

openSUSE-SU-2024:11520-1

Related

Published

2020-11-10T19:15:11Z

Modified

2025-08-09T20:01:27Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

References

Affected packages