Side-Channel Data Leakage in AMD Processors Affecting JavaScript Execution
CVE-2017-5926

7.5HIGH

Key Information:

Vendor
Intel
Status
Core I7-2620qm
Core I7-6700k
Core I5 M480
Fx-8120 8-core
Vendor
CVE Published:
27 February 2017

Summary

A security vulnerability in certain AMD processors allows for a side-channel attack through page table walks executed by the Memory Management Unit (MMU). This process unintentionally retains traces in the last level cache, which can be exploited to leak sensitive data and code pointers during JavaScript execution. This breach undermines Address Space Layout Randomization (ASLR), exposing systems to potential exploitation by malicious actors.

References

http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
x_refsource_MISC
http://www.securityfocus.com/bid/96457
vdb-entryx_refsource_BID
https://www.vusec.net/projects/anc
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.