Sign-up

ID

VAR-201702-0602


CVE

CVE-2017-5925


TITLE

Intel processor side channel attack vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001748

DESCRIPTION

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple Intel Processor is prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Intel Core i7 920 and so on are the CPU processors of Intel Corporation of the United States. The following products are affected: Intel Core i7 920; Intel Core i5 M480; Intel Core i7-2620QM; Intel Core i7-3632QM; Intel Core i7-4500U; Intel Atom C2750; Intel Xeon E5-2658 v2; i7-6700K; Intel Xeon E3-1240 v5

Trust: 1.98

sources: NVD: CVE-2017-5925 // JVNDB: JVNDB-2017-001748 // BID: 96452 // VULHUB: VHN-114128

AFFECTED PRODUCTS

vendor:intelmodel:core i5 m480scope:eqversion: -

Trust: 1.6

vendor:intelmodel:core i7 920scope:eqversion: -

Trust: 1.6

vendor:intelmodel:celeron n2840scope:eqversion: -

Trust: 1.0

vendor:amdmodel:fx-8350 8-corescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-3632qmscope:eqversion: -

Trust: 1.0

vendor:amdmodel:e-350scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-4500uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-2620qmscope:eqversion: -

Trust: 1.0

vendor:samsungmodel:exynos 5800scope:eqversion: -

Trust: 1.0

vendor:amdmodel:fx-8320 8-corescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-6700kscope:eqversion: -

Trust: 1.0

vendor:nvidiamodel:tegra k1 cd580m-a1scope:eqversion: -

Trust: 1.0

vendor:amdmodel:athlon ii 640 x4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon e5-2658 v2scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c2750scope:eqversion: -

Trust: 1.0

vendor:nvidiamodel:tegra k1 cd570m-a1scope:eqversion: -

Trust: 1.0

vendor:amdmodel:fx-8120 8-corescope:eqversion: -

Trust: 1.0

vendor:amdmodel:phenom 9550 4-corescope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon e3-1240 v5scope:eqversion: -

Trust: 1.0

vendor:allwinnermodel:a64scope:eqversion: -

Trust: 1.0

vendor:advanced micro devices amdmodel:athlon ii 640 x4scope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:e-350scope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:fx-8120 8-corescope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:fx-8320 8-corescope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:fx-8350 8-corescope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:phenom 9550 4-corescope: - version: -

Trust: 0.8

vendor:allwinnermodel:a64scope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegra k1 cd570m-a1scope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegra k1 cd580m-a1scope: - version: -

Trust: 0.8

vendor:intelmodel:atom c2750scope: - version: -

Trust: 0.8

vendor:intelmodel:celeron n2840scope: - version: -

Trust: 0.8

vendor:intelmodel:core i5 m480scope: - version: -

Trust: 0.8

vendor:intelmodel:core i7 920scope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-2620qmscope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-3632qmscope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-4500uscope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-6700kscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon e3-1240 v5scope: - version: -

Trust: 0.8

vendor:intelmodel:xeon e5-2658 v2scope: - version: -

Trust: 0.8

vendor:samsungmodel:exynos 5800scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-001748 // CNNVD: CNNVD-201702-926 // NVD: CVE-2017-5925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5925
value: HIGH

Trust: 1.0

NVD: CVE-2017-5925
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-926
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114128
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5925
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114128
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5925
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114128 // JVNDB: JVNDB-2017-001748 // CNNVD: CNNVD-201702-926 // NVD: CVE-2017-5925

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114128 // JVNDB: JVNDB-2017-001748 // NVD: CVE-2017-5925

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-926

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-926

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001748

EXTERNAL IDS
db:NVDid:CVE-2017-5925
Trust: 2.8
db:BIDid:96452
Trust: 2.2
db:JVNDBid:JVNDB-2017-001748
Trust: 0.8
db:CNNVDid:CNNVD-201702-926
Trust: 0.7
db:VULHUBid:VHN-114128
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114128 // 
            
            
            
            BID: 96452 // 
            
            
            
            JVNDB: JVNDB-2017-001748 // 
            
            
            
            CNNVD: CNNVD-201702-926 // 
            
            
            
            NVD: CVE-2017-5925

REFERENCES
url:http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
Trust: 2.5
url:https://www.vusec.net/projects/anc
Trust: 1.7
url:http://www.securityfocus.com/bid/96452
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5925
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5925
Trust: 0.8
url:http://www.securityfocus.com/bid/96452/info
Trust: 0.8
url:https://www.vusec.net/projects/anc/
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114128 // 
            
            
            
            BID: 96452 // 
            
            
            
            JVNDB: JVNDB-2017-001748 // 
            
            
            
            CNNVD: CNNVD-201702-926 // 
            
            
            
            NVD: CVE-2017-5925

CREDITS
B. Gras, K. Razavi, E. Bosman, H. Bos, C. Giuffrida,
Trust: 0.3
sources:
            
            
            BID: 96452

SOURCES
db:VULHUBid:VHN-114128
db:BIDid:96452
db:JVNDBid:JVNDB-2017-001748
db:CNNVDid:CNNVD-201702-926
db:NVDid:CVE-2017-5925

LAST UPDATE DATE
2024-11-23T22:07:38.839000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114128date:2017-03-02T00:00:00
db:BIDid:96452date:2017-03-07T01:08:00
db:JVNDBid:JVNDB-2017-001748date:2017-03-16T00:00:00
db:CNNVDid:CNNVD-201702-926date:2017-02-28T00:00:00
db:NVDid:CVE-2017-5925date:2024-11-21T03:28:40.700

SOURCES RELEASE DATE
db:VULHUBid:VHN-114128date:2017-02-27T00:00:00
db:BIDid:96452date:2017-02-27T00:00:00
db:JVNDBid:JVNDB-2017-001748date:2017-03-16T00:00:00
db:CNNVDid:CNNVD-201702-926date:2017-02-28T00:00:00
db:NVDid:CVE-2017-5925date:2017-02-27T07:59:00.143