Side-Channel Attack Vulnerability in Intel Processors
CVE-2017-5925

7.5HIGH

Key Information:

Vendor

Intel
Status
Core I7-2620qm
Core I7-6700k
Core I5 M480
Fx-8120 8-core
Vendor
CVE Published:
27 February 2017

What is CVE-2017-5925?

This vulnerability arises from the behavior of the Memory Management Unit (MMU) during virtual to physical address translation, which can leave trace data in the last level cache of modern Intel processors. An attacker can exploit this information through a side-channel attack to leak sensitive data and code pointers from JavaScript, effectively circumventing Address Space Layout Randomization (ASLR) protections. This compromise showcases the potential of cache analysis techniques to undermine confidentiality and integrity within affected systems.

References

http://www.securityfocus.com/bid/96452
vdb-entryx_refsource_BID
http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
x_refsource_MISC
https://www.vusec.net/projects/anc
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.