CVE-2020-28368

MEDIUM Year: 2020
CVSS v3 Score
4.4
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-862
View all →

Vulnerability Description

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Related Vulnerabilities

CVE-2019-15030

MEDIUM
CVSS:4.4(Medium)

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local ...

CWE-8622019

CVE-2020-0135

MEDIUM
CVSS:4.4(Medium)

In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privil...

CWE-8622020

CVE-2020-10697

MEDIUM
CVSS:4.4(Medium)

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial...

CWE-8622020

CVE-2020-27053

MEDIUM
CVSS:4.4(Medium)

In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi ...

CWE-8622020

CVE-2021-0403

MEDIUM
CVSS:4.4(Medium)

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is n...

CWE-8622021

CVE-2022-20098

MEDIUM
CVSS:4.4(Medium)

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction i...

CWE-8622022