Sign-up

ID

VAR-201702-0603


CVE

CVE-2017-5926


TITLE

AMD Vulnerabilities that allow side-channel attacks in processors

Trust: 0.8

sources: JVNDB: JVNDB-2017-001749

DESCRIPTION

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple AMD Processor are prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. AMD Phenom 9550 4-Core and so on are the processor products of American AMD Company. The following products are affected: AMD Phenom 9550 4-Core; AMD E-350; AMD Athlon II 640 X4; AMD FX-8120 8-Core; AMD FX-8320 8-Core; AMD FX-8350 8-Core

Trust: 1.98

sources: NVD: CVE-2017-5926 // JVNDB: JVNDB-2017-001749 // BID: 96457 // VULHUB: VHN-114129

AFFECTED PRODUCTS

vendor:intelmodel:core i7 920scope:eqversion: -

Trust: 1.6

vendor:intelmodel:celeron n2840scope:eqversion: -

Trust: 1.0

vendor:amdmodel:fx-8350 8-corescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-3632qmscope:eqversion: -

Trust: 1.0

vendor:amdmodel:e-350scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-4500uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-2620qmscope:eqversion: -

Trust: 1.0

vendor:samsungmodel:exynos 5800scope:eqversion: -

Trust: 1.0

vendor:amdmodel:fx-8320 8-corescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5 m480scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-6700kscope:eqversion: -

Trust: 1.0

vendor:nvidiamodel:tegra k1 cd580m-a1scope:eqversion: -

Trust: 1.0

vendor:amdmodel:athlon ii 640 x4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon e5-2658 v2scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c2750scope:eqversion: -

Trust: 1.0

vendor:nvidiamodel:tegra k1 cd570m-a1scope:eqversion: -

Trust: 1.0

vendor:amdmodel:fx-8120 8-corescope:eqversion: -

Trust: 1.0

vendor:amdmodel:phenom 9550 4-corescope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon e3-1240 v5scope:eqversion: -

Trust: 1.0

vendor:allwinnermodel:a64scope:eqversion: -

Trust: 1.0

vendor:advanced micro devices amdmodel:athlon ii 640 x4scope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:e-350scope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:fx-8120 8-corescope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:fx-8320 8-corescope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:fx-8350 8-corescope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:phenom 9550 4-corescope: - version: -

Trust: 0.8

vendor:allwinnermodel:a64scope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegra k1 cd570m-a1scope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegra k1 cd580m-a1scope: - version: -

Trust: 0.8

vendor:intelmodel:atom c2750scope: - version: -

Trust: 0.8

vendor:intelmodel:celeron n2840scope: - version: -

Trust: 0.8

vendor:intelmodel:core i5 m480scope: - version: -

Trust: 0.8

vendor:intelmodel:core i7 920scope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-2620qmscope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-3632qmscope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-4500uscope: - version: -

Trust: 0.8

vendor:intelmodel:core i7-6700kscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon e3-1240 v5scope: - version: -

Trust: 0.8

vendor:intelmodel:xeon e5-2658 v2scope: - version: -

Trust: 0.8

vendor:samsungmodel:exynos 5800scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-001749 // CNNVD: CNNVD-201702-925 // NVD: CVE-2017-5926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5926
value: HIGH

Trust: 1.0

NVD: CVE-2017-5926
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-925
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114129
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5926
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114129
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5926
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114129 // JVNDB: JVNDB-2017-001749 // CNNVD: CNNVD-201702-925 // NVD: CVE-2017-5926

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114129 // JVNDB: JVNDB-2017-001749 // NVD: CVE-2017-5926

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-925

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-925

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001749

EXTERNAL IDS
db:NVDid:CVE-2017-5926
Trust: 2.8
db:BIDid:96457
Trust: 2.2
db:JVNDBid:JVNDB-2017-001749
Trust: 0.8
db:CNNVDid:CNNVD-201702-925
Trust: 0.6
db:VULHUBid:VHN-114129
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114129 // 
            
            
            
            BID: 96457 // 
            
            
            
            JVNDB: JVNDB-2017-001749 // 
            
            
            
            CNNVD: CNNVD-201702-925 // 
            
            
            
            NVD: CVE-2017-5926

REFERENCES
url:http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
Trust: 2.5
url:http://www.securityfocus.com/bid/96457
Trust: 1.9
url:https://www.vusec.net/projects/anc
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5926
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5926
Trust: 0.8
url:https://www.vusec.net/projects/anc/
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114129 // 
            
            
            
            BID: 96457 // 
            
            
            
            JVNDB: JVNDB-2017-001749 // 
            
            
            
            CNNVD: CNNVD-201702-925 // 
            
            
            
            NVD: CVE-2017-5926

CREDITS
B. Gras, K. Razavi, E. Bosman, H. Bos, C. Giuffrida,
Trust: 0.3
sources:
            
            
            BID: 96457

SOURCES
db:VULHUBid:VHN-114129
db:BIDid:96457
db:JVNDBid:JVNDB-2017-001749
db:CNNVDid:CNNVD-201702-925
db:NVDid:CVE-2017-5926

LAST UPDATE DATE
2024-11-23T23:02:31.472000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114129date:2017-03-02T00:00:00
db:BIDid:96457date:2017-03-07T01:08:00
db:JVNDBid:JVNDB-2017-001749date:2017-03-16T00:00:00
db:CNNVDid:CNNVD-201702-925date:2017-02-28T00:00:00
db:NVDid:CVE-2017-5926date:2024-11-21T03:28:40.857

SOURCES RELEASE DATE
db:VULHUBid:VHN-114129date:2017-02-27T00:00:00
db:BIDid:96457date:2017-02-27T00:00:00
db:JVNDBid:JVNDB-2017-001749date:2017-03-16T00:00:00
db:CNNVDid:CNNVD-201702-925date:2017-02-28T00:00:00
db:NVDid:CVE-2017-5926date:2017-02-27T07:59:00.207