Side-Channel Vulnerability in ARM Processors Affecting JavaScript Execution
CVE-2017-5927

7.5HIGH

Key Information:

Vendor

Intel
Status
Core I7-2620qm
Core I7-6700k
Core I5 M480
Fx-8120 8-core
Vendor
CVE Published:
27 February 2017

What is CVE-2017-5927?

Modern ARM processors are susceptible to a side-channel attack that exploits the page table walks conducted by the Memory Management Unit (MMU) during virtual to physical address translation. This vulnerability allows an attacker to leak sensitive data and code pointers from JavaScript applications by analyzing the traces left in the last level cache. Such an attack can potentially compromise Address Space Layout Randomization (ASLR) techniques, undermining the security of affected systems and applications.

References

http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
x_refsource_MISC
https://www.vusec.net/projects/anc
x_refsource_MISC
http://www.securityfocus.com/bid/96459
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.