cvelistv5 - cve-2017-5925

CVE-2017-5925 (GCVE-0-2017-5925)

Vulnerability from cvelistv5 – Published: 2017-02-27 07:25 – Updated: 2024-08-05 15:18

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/96452	vdb-entryx_refsource_BID
	http://www.cs.vu.nl/~herbertb/download/papers/anc…	x_refsource_MISC
	https://www.vusec.net/projects/anc	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:18:48.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96452",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96452"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vusec.net/projects/anc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-01T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "96452",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96452"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vusec.net/projects/anc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5925",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96452",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96452"
            },
            {
              "name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
              "refsource": "MISC",
              "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
            },
            {
              "name": "https://www.vusec.net/projects/anc",
              "refsource": "MISC",
              "url": "https://www.vusec.net/projects/anc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5925",
    "datePublished": "2017-02-27T07:25:00",
    "dateReserved": "2017-02-07T00:00:00",
    "dateUpdated": "2024-08-05T15:18:48.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E8167A6-98BE-45D9-A333-A4DB8EE9BE43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4355B92A-F9A4-4DA0-9875-B0D8BD5541AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF28E516-87C3-48BF-ADCB-E89C41DB3E4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53A9CAF2-DABC-4DD0-87B3-552C469835CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AC0369B-FB5E-48DF-B1E5-72BAD0A0CDEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8519A289-6ADE-415A-AE6A-33FD68AFBDCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B51CAD25-267C-4BF2-B738-25B213FCDFD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59CD7DDA-6DDA-47CF-9A75-AFA75B02A56F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E92B12C0-E86A-44A0-B302-3CE721237726\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A3B3752-79A3-45A8-8416-6DC1EA4A9E81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09B0D125-332D-416D-A379-F0D7C1F9DA27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"677C66EF-E9B9-430F-A19D-2D87AD83DBDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAFC55E4-D84D-4588-976D-1E2637B1BF0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF0E91E0-F4B0-495A-80BA-B6B05E6F1760\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E0227B-8F2B-48B3-97BC-73BA1BACEED8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"661C05F6-8659-4C06-8AC5-7A25FFA52C2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C57EA6EC-A6B2-4A6A-A13C-EA86154DCA0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA4020D9-99C1-4366-8377-8DD1A983381A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36182055-4545-405C-8B39-CF5B87C014C7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.\"}, {\"lang\": \"es\", \"value\": \"Los paseos de la tabla de p\\u00e1ginas llevados a cabo por la MMU durante la traducci\\u00f3n de la direcci\\u00f3n virtual a f\\u00edsica dejan un rastro en la cach\\u00e9 de \\u00faltimo nivel de los procesadores Intel modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de c\\u00f3digo de JavaScript, rompiendo la ASLR.\"}]",
      "id": "CVE-2017-5925",
      "lastModified": "2024-11-21T03:28:40.700",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-02-27T07:59:00.143",
      "references": "[{\"url\": \"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/96452\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.vusec.net/projects/anc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/96452\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.vusec.net/projects/anc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5925\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-02-27T07:59:00.143\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.\"},{\"lang\":\"es\",\"value\":\"Los paseos de la tabla de p\u00e1ginas llevados a cabo por la MMU durante la traducci\u00f3n de la direcci\u00f3n virtual a f\u00edsica dejan un rastro en la cach\u00e9 de \u00faltimo nivel de los procesadores Intel modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de c\u00f3digo de JavaScript, rompiendo la ASLR.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8167A6-98BE-45D9-A333-A4DB8EE9BE43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4355B92A-F9A4-4DA0-9875-B0D8BD5541AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF28E516-87C3-48BF-ADCB-E89C41DB3E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53A9CAF2-DABC-4DD0-87B3-552C469835CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AC0369B-FB5E-48DF-B1E5-72BAD0A0CDEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8519A289-6ADE-415A-AE6A-33FD68AFBDCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B51CAD25-267C-4BF2-B738-25B213FCDFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59CD7DDA-6DDA-47CF-9A75-AFA75B02A56F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E92B12C0-E86A-44A0-B302-3CE721237726\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A3B3752-79A3-45A8-8416-6DC1EA4A9E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09B0D125-332D-416D-A379-F0D7C1F9DA27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"677C66EF-E9B9-430F-A19D-2D87AD83DBDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAFC55E4-D84D-4588-976D-1E2637B1BF0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0E91E0-F4B0-495A-80BA-B6B05E6F1760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E0227B-8F2B-48B3-97BC-73BA1BACEED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"661C05F6-8659-4C06-8AC5-7A25FFA52C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C57EA6EC-A6B2-4A6A-A13C-EA86154DCA0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA4020D9-99C1-4366-8377-8DD1A983381A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36182055-4545-405C-8B39-CF5B87C014C7\"}]}]}],\"references\":[{\"url\":\"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96452\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.vusec.net/projects/anc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vusec.net/projects/anc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}

GHSA-PM4H-MM7M-WP4J

Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-27T07:59:00Z",
    "severity": "HIGH"
  },
  "details": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",
  "id": "GHSA-pm4h-mm7m-wp4j",
  "modified": "2022-05-17T02:57:10Z",
  "published": "2022-05-17T02:57:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5925"
    },
    {
      "type": "WEB",
      "url": "https://www.vusec.net/projects/anc"
    },
    {
      "type": "WEB",
      "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96452"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-03138

Vulnerability from cnvd - Published: 2017-03-23

Title

多款Intel处理器信息泄露漏洞

Description

Intel Core是美国英特尔（Intel）公司的CPU处理器。多款Intel处理器中存在安全漏洞，攻击者可利用该漏洞获取JavaScript中的数据和代码指针的敏感信息。

Severity

中

Patch Name

多款Intel处理器信息泄露漏洞的补丁

Patch Description

Intel Core是美国英特尔（Intel）公司的CPU处理器。多款Intel处理器中存在安全漏洞，攻击者可利用该漏洞获取JavaScript中的数据和代码指针的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://intel.com/

Reference

http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf http://www.securityfocus.com/bid/96452

Impacted products

Name
Intel Core i7

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96452"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5925"
    }
  },
  "description": "Intel Core\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684CPU\u5904\u7406\u5668\u3002\r\n\r\n\u591a\u6b3eIntel\u5904\u7406\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6JavaScript\u4e2d\u7684\u6570\u636e\u548c\u4ee3\u7801\u6307\u9488\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "B. Gras, K. Razavi, E. Bosman, H. Bos, C. Giuffrida",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://intel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03138",
  "openTime": "2017-03-23",
  "patchDescription": "Intel Core\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684CPU\u5904\u7406\u5668\u3002\r\n\r\n\u591a\u6b3eIntel\u5904\u7406\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6JavaScript\u4e2d\u7684\u6570\u636e\u548c\u4ee3\u7801\u6307\u9488\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eIntel\u5904\u7406\u5668\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Core i7"
  },
  "referenceLink": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf\r\nhttp://www.securityfocus.com/bid/96452",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-06",
  "title": "\u591a\u6b3eIntel\u5904\u7406\u5668\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GSD-2017-5925

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-5925

Aliases

CVE-2017-5925

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5925",
    "description": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",
    "id": "GSD-2017-5925",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-5925.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5925"
      ],
      "details": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",
      "id": "GSD-2017-5925",
      "modified": "2023-12-13T01:21:14.093974Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-5925",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "96452",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96452"
          },
          {
            "name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
            "refsource": "MISC",
            "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
          },
          {
            "name": "https://www.vusec.net/projects/anc",
            "refsource": "MISC",
            "url": "https://www.vusec.net/projects/anc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5925"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vusec.net/projects/anc",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.vusec.net/projects/anc"
            },
            {
              "name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
            },
            {
              "name": "96452",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/96452"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-03-02T02:59Z",
      "publishedDate": "2017-02-27T07:59Z"
    }
  }
}

VAR-201702-0602

Vulnerability from variot - Updated: 2023-12-18 14:01

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple Intel Processor is prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Intel Core i7 920 and so on are the CPU processors of Intel Corporation of the United States. The following products are affected: Intel Core i7 920; Intel Core i5 M480; Intel Core i7-2620QM; Intel Core i7-3632QM; Intel Core i7-4500U; Intel Atom C2750; Intel Xeon E5-2658 v2; i7-6700K; Intel Xeon E3-1240 v5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0602",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "core i7 920",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i5 m480",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-4500u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "atom c2750",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "fx-8350 8-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "fx-8120 8-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "a64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "allwinner",
        "version": null
      },
      {
        "model": "e-350",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "core i7-2620qm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon e5-2658 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-3632qm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "fx-8320 8-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "xeon e3-1240 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "exynos 5800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "phenom 9550 4-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "tegra k1 cd580m-a1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "tegra k1 cd570m-a1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "core i7-6700k",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "celeron n2840",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "athlon ii 640 x4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "athlon ii 640 x4",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "e-350",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "fx-8120 8-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "fx-8320 8-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "fx-8350 8-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "phenom 9550 4-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "a64",
        "scope": null,
        "trust": 0.8,
        "vendor": "allwinner",
        "version": null
      },
      {
        "model": "tegra k1 cd570m-a1",
        "scope": null,
        "trust": 0.8,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "tegra k1 cd580m-a1",
        "scope": null,
        "trust": 0.8,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "atom c2750",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "celeron n2840",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i5 m480",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7 920",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-2620qm",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-3632qm",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-4500u",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-6700k",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon e3-1240 v5",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon e5-2658 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "exynos 5800",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "B. Gras, K. Razavi, E. Bosman, H. Bos, C. Giuffrida,",
    "sources": [
      {
        "db": "BID",
        "id": "96452"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-5925",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-5925",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-114128",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-5925",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-5925",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-926",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114128",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114128"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple Intel Processor is prone to local security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. Intel Core i7 920 and so on are the CPU processors of Intel Corporation of the United States. The following products are affected: Intel Core i7 920; Intel Core i5 M480; Intel Core i7-2620QM; Intel Core i7-3632QM; Intel Core i7-4500U; Intel Atom C2750; Intel Xeon E5-2658 v2; i7-6700K; Intel Xeon E3-1240 v5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "db": "BID",
        "id": "96452"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114128"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5925",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "96452",
        "trust": 2.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114128",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114128"
      },
      {
        "db": "BID",
        "id": "96452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ]
  },
  "id": "VAR-201702-0602",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114128"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:01:41.116000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114128"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://www.vusec.net/projects/anc"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/96452"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5925"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5925"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/96452/info"
      },
      {
        "trust": 0.8,
        "url": "https://www.vusec.net/projects/anc/"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114128"
      },
      {
        "db": "BID",
        "id": "96452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114128"
      },
      {
        "db": "BID",
        "id": "96452"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114128"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "BID",
        "id": "96452"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "date": "2017-02-27T07:59:00.143000",
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "date": "2017-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114128"
      },
      {
        "date": "2017-03-07T01:08:00",
        "db": "BID",
        "id": "96452"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      },
      {
        "date": "2017-03-02T02:59:02.397000",
        "db": "NVD",
        "id": "CVE-2017-5925"
      },
      {
        "date": "2017-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel processor side channel attack vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001748"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-926"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-5925

Vulnerability from fkie_nvd - Published: 2017-02-27 07:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf	Exploit, Technical Description, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/96452
cve@mitre.org	https://www.vusec.net/projects/anc	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96452
af854a3a-2127-422b-91ae-364da2661108	https://www.vusec.net/projects/anc	Exploit, Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
allwinner	a64	-
amd	athlon_ii_640_x4	-
amd	e-350	-
amd	fx-8120_8-core	-
amd	fx-8320_8-core	-
amd	fx-8350_8-core	-
amd	phenom_9550_4-core	-
intel	atom_c2750	-
intel	celeron_n2840	-
intel	core_i5_m480	-
intel	core_i7-2620qm	-
intel	core_i7-3632qm	-
intel	core_i7-4500u	-
intel	core_i7-6700k	-
intel	core_i7_920	-
intel	xeon_e3-1240_v5	-
intel	xeon_e5-2658_v2	-
nvidia	tegra_k1_cd570m-a1	-
nvidia	tegra_k1_cd580m-a1	-
samsung	exynos_5800	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8167A6-98BE-45D9-A333-A4DB8EE9BE43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4355B92A-F9A4-4DA0-9875-B0D8BD5541AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF28E516-87C3-48BF-ADCB-E89C41DB3E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A9CAF2-DABC-4DD0-87B3-552C469835CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AC0369B-FB5E-48DF-B1E5-72BAD0A0CDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8519A289-6ADE-415A-AE6A-33FD68AFBDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51CAD25-267C-4BF2-B738-25B213FCDFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59CD7DDA-6DDA-47CF-9A75-AFA75B02A56F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E92B12C0-E86A-44A0-B302-3CE721237726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3B3752-79A3-45A8-8416-6DC1EA4A9E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09B0D125-332D-416D-A379-F0D7C1F9DA27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C66EF-E9B9-430F-A19D-2D87AD83DBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAFC55E4-D84D-4588-976D-1E2637B1BF0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF0E91E0-F4B0-495A-80BA-B6B05E6F1760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E0227B-8F2B-48B3-97BC-73BA1BACEED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "661C05F6-8659-4C06-8AC5-7A25FFA52C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57EA6EC-A6B2-4A6A-A13C-EA86154DCA0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4020D9-99C1-4366-8377-8DD1A983381A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36182055-4545-405C-8B39-CF5B87C014C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
    },
    {
      "lang": "es",
      "value": "Los paseos de la tabla de p\u00e1ginas llevados a cabo por la MMU durante la traducci\u00f3n de la direcci\u00f3n virtual a f\u00edsica dejan un rastro en la cach\u00e9 de \u00faltimo nivel de los procesadores Intel modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de c\u00f3digo de JavaScript, rompiendo la ASLR."
    }
  ],
  "id": "CVE-2017-5925",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-27T07:59:00.143",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/96452"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vusec.net/projects/anc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vusec.net/projects/anc"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-5925 (GCVE-0-2017-5925)

GHSA-PM4H-MM7M-WP4J

CNVD-2017-03138

GSD-2017-5925

VAR-201702-0602

FKIE_CVE-2017-5925

Tags

Sightings

Nomenclature