Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-5925

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Published

2017-02-27T07:59:00.143

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware allwinner a64 - Yes
Hardware amd athlon_ii_640_x4 - Yes
Hardware amd e-350 - Yes
Hardware amd fx-8120_8-core - Yes
Hardware amd fx-8320_8-core - Yes
Hardware amd fx-8350_8-core - Yes
Hardware amd phenom_9550_4-core - Yes
Hardware intel atom_c2750 - Yes
Hardware intel celeron_n2840 - Yes
Hardware intel core_i5_m480 - Yes
Hardware intel core_i7-2620qm - Yes
Hardware intel core_i7-3632qm - Yes
Hardware intel core_i7-4500u - Yes
Hardware intel core_i7-6700k - Yes
Hardware intel core_i7_920 - Yes
Hardware intel xeon_e3-1240_v5 - Yes
Hardware intel xeon_e5-2658_v2 - Yes
Hardware nvidia tegra_k1_cd570m-a1 - Yes
Hardware nvidia tegra_k1_cd580m-a1 - Yes
Hardware samsung exynos_5800 - Yes
References