1. Home
  2. CVE Database
  3. CVE-2017-5925
HIGH · 7.5

CVE-2017-5925

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU op...

Vulnerability Description

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AllwinnerA64-
AmdAthlon Ii 640 X4-
AmdE-350-
AmdFx-8120 8-Core-
AmdFx-8320 8-Core-
AmdFx-8350 8-Core-
AmdPhenom 9550 4-Core-
IntelAtom C2750-
IntelCeleron N2840-
IntelCore I5 M480-
IntelCore I7-2620Qm-
IntelCore I7-3632Qm-
IntelCore I7-4500U-
IntelCore I7-6700K-
IntelCore I7 920-
IntelXeon E3-1240 V5-
IntelXeon E5-2658 V2-
NvidiaTegra K1 Cd570M-A1-
NvidiaTegra K1 Cd580M-A1-
SamsungExynos 5800-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2017-5925?

CVE-2017-5925 is a vulnerability with a CVSS score of 7.5 (HIGH). Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU op...

How severe is CVE-2017-5925?

CVE-2017-5925 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5925?

Check the references section above for vendor advisories and patch information. Affected products include: Allwinner A64, Amd Athlon Ii 640 X4, Amd E-350, Amd Fx-8120 8-Core, Amd Fx-8320 8-Core.