CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
18.0%
Researchers have demonstrated using software power/energy monitoring interfaces to create covert channels, and infer the operations/data used by other contexts within the system.
Access to these interfaces should be restricted to privileged software, but it was found that Xen doesn’t restrict access suitably, and the interfaces are accessible to all guests.
For more information, see: <a href=“https://platypusattack.com”>https://platypusattack.com</a> <a href=“https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html”>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html</a>
An unprivileged guest administrator can sample platform power/energy data. This may be used to infer the operations/data used by other contexts within the system.
The research demonstrates using this sidechannel to leak the AES keys used elsewhere in the system.
Power/energy monitoring interfaces are platform and architecture specific. Consult your hardware vendor to ascertain what power feedback interfaces are available.
For ARM systems, all versions of Xen are vulnerable. The fix restricts access to the AMU (Activity Monitors Unit) interface, introduced in Armv8.4.
For x86 systems, Xen 4.14 and earlier are vulnerable - master is not vulnerable, as these issues have been addressed in a more general fashion.
The x86 fixes restrict access to: * Intel RAPL interface, introduced in SandyBridge CPUs. * Intel platform energy interface. * Intel perf_ctl interface, introduced in Pentium 4 CPUs and also implemented by other vendors. * AMD RAPL interface, introduced in Ryzen/EPYC CPUs. * AMD compute unit energy interface, present in Fam15/16 CPUs.
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
18.0%