CVE-2017-5927
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
27/02/2017
Last modified:
20/04/2025
Description
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page