// For flags

CVE-2017-5925

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Los paseos de la tabla de páginas llevados a cabo por la MMU durante la traducción de la dirección virtual a física dejan un rastro en la caché de último nivel de los procesadores Intel modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de código de JavaScript, rompiendo la ASLR.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-02-07 CVE Reserved
  • 2017-02-27 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-09-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Allwinner
Search vendor "Allwinner"
A64
Search vendor "Allwinner" for product "A64"
--
Affected
Amd
Search vendor "Amd"
Athlon Ii 640 X4
Search vendor "Amd" for product "Athlon Ii 640 X4"
--
Affected
Amd
Search vendor "Amd"
E-350
Search vendor "Amd" for product "E-350"
--
Affected
Amd
Search vendor "Amd"
Fx-8120 8-core
Search vendor "Amd" for product "Fx-8120 8-core"
--
Affected
Amd
Search vendor "Amd"
Fx-8320 8-core
Search vendor "Amd" for product "Fx-8320 8-core"
--
Affected
Amd
Search vendor "Amd"
Fx-8350 8-core
Search vendor "Amd" for product "Fx-8350 8-core"
--
Affected
Amd
Search vendor "Amd"
Phenom 9550 4-core
Search vendor "Amd" for product "Phenom 9550 4-core"
--
Affected
Intel
Search vendor "Intel"
Atom C2750
Search vendor "Intel" for product "Atom C2750"
--
Affected
Intel
Search vendor "Intel"
Celeron N2840
Search vendor "Intel" for product "Celeron N2840"
--
Affected
Intel
Search vendor "Intel"
Core I5 M480
Search vendor "Intel" for product "Core I5 M480"
--
Affected
Intel
Search vendor "Intel"
Core I7-2620qm
Search vendor "Intel" for product "Core I7-2620qm"
--
Affected
Intel
Search vendor "Intel"
Core I7-3632qm
Search vendor "Intel" for product "Core I7-3632qm"
--
Affected
Intel
Search vendor "Intel"
Core I7-4500u
Search vendor "Intel" for product "Core I7-4500u"
--
Affected
Intel
Search vendor "Intel"
Core I7-6700k
Search vendor "Intel" for product "Core I7-6700k"
--
Affected
Intel
Search vendor "Intel"
Core I7 920
Search vendor "Intel" for product "Core I7 920"
--
Affected
Intel
Search vendor "Intel"
Xeon E3-1240 V5
Search vendor "Intel" for product "Xeon E3-1240 V5"
--
Affected
Intel
Search vendor "Intel"
Xeon E5-2658 V2
Search vendor "Intel" for product "Xeon E5-2658 V2"
--
Affected
Nvidia
Search vendor "Nvidia"
Tegra K1 Cd570m-a1
Search vendor "Nvidia" for product "Tegra K1 Cd570m-a1"
--
Affected
Nvidia
Search vendor "Nvidia"
Tegra K1 Cd580m-a1
Search vendor "Nvidia" for product "Tegra K1 Cd580m-a1"
--
Affected
Samsung
Search vendor "Samsung"
Exynos 5800
Search vendor "Samsung" for product "Exynos 5800"
--
Affected