CVE-2017-5925
 
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
Los paseos de la tabla de páginas llevados a cabo por la MMU durante la traducción de la dirección virtual a física dejan un rastro en la caché de último nivel de los procesadores Intel modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de código de JavaScript, rompiendo la ASLR.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-02-07 CVE Reserved
- 2017-02-27 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-09-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96452 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf | 2024-08-05 | |
https://www.vusec.net/projects/anc | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Allwinner Search vendor "Allwinner" | A64 Search vendor "Allwinner" for product "A64" | - | - |
Affected
| ||||||
Amd Search vendor "Amd" | Athlon Ii 640 X4 Search vendor "Amd" for product "Athlon Ii 640 X4" | - | - |
Affected
| ||||||
Amd Search vendor "Amd" | E-350 Search vendor "Amd" for product "E-350" | - | - |
Affected
| ||||||
Amd Search vendor "Amd" | Fx-8120 8-core Search vendor "Amd" for product "Fx-8120 8-core" | - | - |
Affected
| ||||||
Amd Search vendor "Amd" | Fx-8320 8-core Search vendor "Amd" for product "Fx-8320 8-core" | - | - |
Affected
| ||||||
Amd Search vendor "Amd" | Fx-8350 8-core Search vendor "Amd" for product "Fx-8350 8-core" | - | - |
Affected
| ||||||
Amd Search vendor "Amd" | Phenom 9550 4-core Search vendor "Amd" for product "Phenom 9550 4-core" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Atom C2750 Search vendor "Intel" for product "Atom C2750" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Celeron N2840 Search vendor "Intel" for product "Celeron N2840" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Core I5 M480 Search vendor "Intel" for product "Core I5 M480" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Core I7-2620qm Search vendor "Intel" for product "Core I7-2620qm" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Core I7-3632qm Search vendor "Intel" for product "Core I7-3632qm" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Core I7-4500u Search vendor "Intel" for product "Core I7-4500u" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Core I7-6700k Search vendor "Intel" for product "Core I7-6700k" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Core I7 920 Search vendor "Intel" for product "Core I7 920" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Xeon E3-1240 V5 Search vendor "Intel" for product "Xeon E3-1240 V5" | - | - |
Affected
| ||||||
Intel Search vendor "Intel" | Xeon E5-2658 V2 Search vendor "Intel" for product "Xeon E5-2658 V2" | - | - |
Affected
| ||||||
Nvidia Search vendor "Nvidia" | Tegra K1 Cd570m-a1 Search vendor "Nvidia" for product "Tegra K1 Cd570m-a1" | - | - |
Affected
| ||||||
Nvidia Search vendor "Nvidia" | Tegra K1 Cd580m-a1 Search vendor "Nvidia" for product "Tegra K1 Cd580m-a1" | - | - |
Affected
| ||||||
Samsung Search vendor "Samsung" | Exynos 5800 Search vendor "Samsung" for product "Exynos 5800" | - | - |
Affected
|