Lucene search

K

Veracode Vulnerability DatabaseVERACODE:28049

HistoryDec 04, 2020 - 4:12 p.m.

Information Disclosure

2020-12-0416:12:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

xen

information disclosure

platypus attack

EPSS

0.001

Percentile

18.0%

xen is vulnerable to information disclosure. The vulnerability exists as xen allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a “Platypus” attack.

References

www.openwall.com/lists/oss-security/2020/11/26/1

xenbits.xen.org/xsa/advisory-351.html

lists.fedoraproject.org/archives/list/[email protected]/message/5J66QUUHXH2RR4CNCKQRGVXVSOUFRPDA/

lists.fedoraproject.org/archives/list/[email protected]/message/XV23EZIMNLJN4YXRRXLQV2ALW6ZEALXV/

platypusattack.com

secdb.alpinelinux.org/v3.10/main.yaml

secdb.alpinelinux.org/v3.11/main.yaml

secdb.alpinelinux.org/v3.12/main.yaml

www.debian.org/security/2020/dsa-4804

www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/

xenbits.xen.org/xsa/advisory-351.html

EPSS

0.001

Percentile

18.0%

Related for VERACODE:28049

nessus23 cvelist1 openvas17 fedora2 nvd1 ubuntucve1 suse4 xen1 prion1 osv3 redhatcve1 cve1 debiancve1 citrix1 debian1