CVE-2020-28368

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-28368
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28368.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-28368
Downstream
Related
Published
2020-11-10T19:15:11.473Z
Modified
2026-02-14T00:47:24.777156Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

References

Affected packages

Git / github.com/sleuthkit/sleuthkit

Affected ranges

Type
GIT
Repo
https://github.com/sleuthkit/sleuthkit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c6efd66293546b9c95637be703c7c7823e950629

Affected versions

Other
VisualStudio_2010
ct-3.*
ct-3.10.0
ct-3.11.0
ct-3.12.0
ct-3.13.0
ct-3.5.0
ct-3.6.0
ct-3.8.0
ct-3.9.0
sleuthkit-4.*
sleuthkit-4.0.0
sleuthkit-4.0.0b1
sleuthkit-4.0.1
sleuthkit-4.0.2
sleuthkit-4.1.0
sleuthkit-4.1.1
sleuthkit-4.1.2
sleuthkit-4.1.3
sleuthkit-4.10.0
sleuthkit-4.10.1
sleuthkit-4.10.2
sleuthkit-4.11.0
sleuthkit-4.11.1
sleuthkit-4.12.0
sleuthkit-4.12.1
sleuthkit-4.14.0
sleuthkit-4.2.0
sleuthkit-4.3.1
sleuthkit-4.4.0
sleuthkit-4.4.1
sleuthkit-4.4.2
sleuthkit-4.5.0
sleuthkit-4.6.0
sleuthkit-4.6.1
sleuthkit-4.6.2
sleuthkit-4.6.3
sleuthkit-4.6.4
sleuthkit-4.6.5
sleuthkit-4.6.6
sleuthkit-4.6.7
sleuthkit-4.7.0
sleuthkit-4.8.0
sleuthkit-4.8.0-fixed
sleuthkit-4.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28368.json"