Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1897146]
Name: the Xen project
This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in the Extended Life Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
There is no known mitigation for this flaw apart from applying the patch.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):