CVE-2017-5925
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
Affected (20)
Products: Allwinner: A64 · Amd: Athlon Ii 640 X4, E 350, Fx 8120 8 Core, Fx 8320 8 Core, Fx 8350 8 Core, Phenom 9550 4 Core · Intel: Atom C2750, Celeron N2840, Core I5 M480, Core I7 2620qm, Core I7 3632qm, Core I7 4500u, Core I7 6700k, Core I7 920, Xeon E3 1240 V5, Xeon E5 2658 V2 · +2 more
Show all products
Allwinner: A64 · Amd: Athlon Ii 640 X4, E 350, Fx 8120 8 Core, Fx 8320 8 Core, Fx 8350 8 Core, Phenom 9550 4 Core · Intel: Atom C2750, Celeron N2840, Core I5 M480, Core I7 2620qm, Core I7 3632qm, Core I7 4500u, Core I7 6700k, Core I7 920, Xeon E3 1240 V5, Xeon E5 2658 V2 · Nvidia: Tegra K1 Cd570m A1, Tegra K1 Cd580m A1 · Samsung: Exynos 5800
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
References (6)
Source: cve@mitre.org
ExploitTechnical DescriptionThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
ExploitTechnical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party Advisory
Timeline
No history available yet.