Lucene search

[email protected]CVE-2017-5926

HistoryFeb 27, 2017 - 7:59 a.m.

CVE-2017-5926

2017-02-2707:59:00

CWE-200

[email protected]

web.nvd.nist.gov

security

amd

side-channel attack

mmu

javascript

aslr

nvd

cve-2017-5926

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Affected configurations

NVD

Node

allwinnera64Match-

amdathlon_ii_640_x4Match-

amde-350Match-

amdfx-8120_8-coreMatch-

amdfx-8320_8-coreMatch-

amdfx-8350_8-coreMatch-

amdphenom_9550_4-coreMatch-

intelatom_c2750Match-

intelceleron_n2840Match-

intelcore_i5_m480Match-

intelcore_i7-2620qmMatch-

intelcore_i7-3632qmMatch-

intelcore_i7-4500uMatch-

intelcore_i7-6700kMatch-

intelcore_i7_920Match-

intelxeon_e3-1240_v5Match-

intelxeon_e5-2658_v2Match-

nvidiategra_k1_cd570m-a1Match-

nvidiategra_k1_cd580m-a1Match-

samsungexynos_5800Match-

CPENameOperatorVersion
allwinner:a64allwinner a64eq-
amd:athlon_ii_640_x4amd athlon ii 640 x4eq-
amd:e-350amd e-350eq-
amd:fx-8120_8-coreamd fx-8120 8-coreeq-
amd:fx-8320_8-coreamd fx-8320 8-coreeq-
amd:fx-8350_8-coreamd fx-8350 8-coreeq-
amd:phenom_9550_4-coreamd phenom 9550 4-coreeq-
intel:atom_c2750intel atom c2750eq-
intel:celeron_n2840intel celeron n2840eq-
intel:core_i5_m480intel core i5 m480eq-

CPE	Name	Operator	Version
allwinner:a64	allwinner a64	eq	-
amd:athlon_ii_640_x4	amd athlon ii 640 x4	eq	-
amd:e-350	amd e-350	eq	-
amd:fx-8120_8-core	amd fx-8120 8-core	eq	-
amd:fx-8320_8-core	amd fx-8320 8-core	eq	-
amd:fx-8350_8-core	amd fx-8350 8-core	eq	-
amd:phenom_9550_4-core	amd phenom 9550 4-core	eq	-
intel:atom_c2750	intel atom c2750	eq	-
intel:celeron_n2840	intel celeron n2840	eq	-
intel:core_i5_m480	intel core i5 m480	eq	-

Rows per page:

1-10 of 201

References

www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf

www.securityfocus.com/bid/96457

www.vusec.net/projects/anc

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2017-5926

prion1 nvd1 cvelist1 thn1