CVE-2017-5925 - CVE Vulnerability

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. (CVSS:5.0) (Last Update:2017-03-01)

Vulnerability Details : Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Publish Date : 2017-02-27 Last Update Date : 2017-03-01 - CVSS Scores & Vulnerability Types CVSS Score 5.0 Confidentiality Impact Partial(There is considerable informational disclosure.) Integrity Impact None(There is no impact to the integrity of the system) Availability Impact None(There is no impact to the availability of the system.) Access Complexity Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Obtain Information CWE ID 200 - Products Affected By CVE-2017-5925 # Product Type Vendor Product Version Update Edition Language 1 Hardware Allwinner A64 - Version Details Vulnerabilities 2 Hardware AMD Athlon Ii 640 X4 - Version Details Vulnerabilities 3 Hardware AMD E-350 - Version Details Vulnerabilities 4 Hardware AMD Fx-8120 8-core - Version Details Vulnerabilities 5 Hardware AMD Fx-8320 8-core - Version Details Vulnerabilities 6 Hardware AMD Fx-8350 8-core - Version Details Vulnerabilities 7 Hardware AMD Phenom 9550 4-core - Version Details Vulnerabilities 8 Hardware Intel Atom C2750 - Version Details Vulnerabilities 9 Hardware Intel Celeron N2840 - Version Details Vulnerabilities 10 Hardware Intel Core I5 M480 - Version Details Vulnerabilities 11 Hardware Intel Core I7 920 - Version Details Vulnerabilities 12 Hardware Intel Core I7-2620qm - Version Details Vulnerabilities 13 Hardware Intel Core I7-3632qm - Version Details Vulnerabilities 14 Hardware Intel Core I7-4500u - Version Details Vulnerabilities 15 Hardware Intel Core I7-6700k - Version Details Vulnerabilities 16 Hardware Intel Xeon E3-1240 V5 - Version Details Vulnerabilities 17 Hardware Intel Xeon E5-2658 V2 - Version Details Vulnerabilities 18 Hardware Nvidia Tegra K1 Cd570m-a1 - Version Details Vulnerabilities 19 Hardware Nvidia Tegra K1 Cd580m-a1 - Version Details Vulnerabilities 20 Hardware Samsung Exynos 5800 - Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions Allwinner A64 1 AMD Athlon Ii 640 X4 1 AMD E-350 1 AMD Fx-8120 8-core 1 AMD Fx-8320 8-core 1 AMD Fx-8350 8-core 1 AMD Phenom 9550 4-core 1 Intel Atom C2750 1 Intel Celeron N2840 1 Intel Core I5 M480 1 Intel Core I7 920 1 Intel Core I7-2620qm 1 Intel Core I7-3632qm 1 Intel Core I7-4500u 1 Intel Core I7-6700k 1 Intel Xeon E3-1240 V5 1 Intel Xeon E5-2658 V2 1 Nvidia Tegra K1 Cd570m-a1 1 Nvidia Tegra K1 Cd580m-a1 1 Samsung Exynos 5800 1 - References For CVE-2017-5925 http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf https://www.vusec.net/projects/anc

- Metasploit Modules Related To CVE-2017-5925 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)