CVE-2020-28368 — Missing Authorization in XEN

CWE-862 — Missing Authorization CWE-1300 — Improper Protection of Physical Side Channels CWE-203 — Observable Discrepancy CWE-385 — Covert Timing Channel CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 79.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedNov 10

Latest updateMay 24

Description

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/xen< xen 4.14.0+80-gd101b417b7-1 (bookworm)

▶Debianxen/xen< 4.14.0+80-gd101b417b7-1+3

▶NVDxen/xen4.14.0

Also affects: Debian Linux 10.0, Fedora 32

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-hg2f-7x6w-x2hx: Xen through 4↗2022-05-24

▶

OSV

CVE-2020-28368: Xen through 4↗2020-11-10

▶

📋Vendor Advisories

Red Hat

xen: information leak via power sidechannel↗2020-11-10

▶

Debian

CVE-2020-28368: xen - Xen through 4.14.x allows guest OS administrators to obtain sensitive informatio...↗2020

▶

📐Framework References

CWE

Improper Protection of Physical Side Channels↗

▶