{"id":"CVE-2020-28368","details":"Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a \"Platypus\" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.","modified":"2026-03-13T00:39:18.968444Z","published":"2020-11-10T19:15:11.473Z","related":["SUSE-SU-2020:14557-1","SUSE-SU-2020:3412-1","SUSE-SU-2020:3413-1","SUSE-SU-2020:3414-1","SUSE-SU-2020:3415-1","SUSE-SU-2020:3416-1","SUSE-SU-2020:3611-1","SUSE-SU-2020:3612-1","SUSE-SU-2020:3615-1","SUSE-SU-2020:3627-1","SUSE-SU-2020:3631-1","SUSE-SU-2020:3653-1","SUSE-SU-2020:3713-1","SUSE-SU-2020:3742-1","SUSE-SU-2021:1023-1","SUSE-SU-2021:1460-1","openSUSE-SU-2020:2017-1","openSUSE-SU-2020:2030-1","openSUSE-SU-2020:2162-1","openSUSE-SU-2020:2192-1","openSUSE-SU-2024:11520-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/11/26/1"},{"type":"ADVISORY","url":"http://xenbits.xen.org/xsa/advisory-351.html"},{"type":"ADVISORY","url":"https://platypusattack.com"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4804"},{"type":"ADVISORY","url":"https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/"},{"type":"FIX","url":"https://xenbits.xen.org/xsa/advisory-351.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28368.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}