cvelistv5 - cve-2017-5927

CVE-2017-5927 (GCVE-0-2017-5927)

Vulnerability from cvelistv5

Published

2017-02-27 07:25

Modified

2024-08-05 15:18

Severity ?

CWE

Summary

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201702-0604

Vulnerability from variot

There are security vulnerabilities in many ARM processors. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0604",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "exynos 5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "celeron n2840",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "fx-8350 8-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "core i7-3632qm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "e-350",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "core i7 920",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-4500u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-2620qm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "fx-8320 8-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "core i5 m480",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-6700k",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "tegra k1 cd580m-a1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "athlon ii 640 x4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "xeon e5-2658 v2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "atom c2750",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "tegra k1 cd570m-a1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "fx-8120 8-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "phenom 9550 4-core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "xeon e3-1240 v5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "a64",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "allwinner",
        "version": null
      },
      {
        "model": "athlon ii 640 x4",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "e-350",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "fx-8120 8-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "fx-8320 8-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "fx-8350 8-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "phenom 9550 4-core",
        "scope": null,
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "a64",
        "scope": null,
        "trust": 0.8,
        "vendor": "allwinner",
        "version": null
      },
      {
        "model": "tegra k1 cd570m-a1",
        "scope": null,
        "trust": 0.8,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "tegra k1 cd580m-a1",
        "scope": null,
        "trust": 0.8,
        "vendor": "nvidia",
        "version": null
      },
      {
        "model": "atom c2750",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "celeron n2840",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i5 m480",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7 920",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-2620qm",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-3632qm",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-4500u",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "core i7-6700k",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon e3-1240 v5",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon e5-2658 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "exynos 5800",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "cortex a53",
        "scope": null,
        "trust": 0.6,
        "vendor": "arm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:amd:athlon_ii_640_x4",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:amd:e-350",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:amd:fx-8120_8-core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:amd:fx-8320_8-core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:amd:fx-8350_8-core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:amd:phenom_9550_4-core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:allwinner:a64",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:nvidia:tegra_k1_cd570m-a1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:nvidia:tegra_k1_cd580m-a1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:atom_c2750",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:celeron_n2840",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:core_i5_m480",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:core_i7_920",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:core_i7-2620qm",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:core_i7-3632qm",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:core_i7-4500u",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:core_i7-6700k",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:xeon_e3-1240_v5",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:intel:xeon_e5-2658_v2",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:samsung:exynos_5800",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "B. Gras, K. Razavi, E. Bosman, H. Bos, C. Giuffrida,",
    "sources": [
      {
        "db": "BID",
        "id": "96459"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-5927",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-5927",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-03136",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-114130",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-5927",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-5927",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-5927",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-03136",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-924",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114130",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. ARM Cortex A53 and so on are CPU processors of British ARM company. \n\nThere are security vulnerabilities in many ARM processors. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5927"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "db": "BID",
        "id": "96459"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114130"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5927",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "96459",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114130",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114130"
      },
      {
        "db": "BID",
        "id": "96459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "id": "VAR-201702-0604",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114130"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:45:46.555000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Multiple ARM Processor Information Disclosure Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/90740"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/96459"
      },
      {
        "trust": 1.7,
        "url": "https://www.vusec.net/projects/anc"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5927"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5927"
      },
      {
        "trust": 0.8,
        "url": "https://www.vusec.net/projects/anc/"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114130"
      },
      {
        "db": "BID",
        "id": "96459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114130"
      },
      {
        "db": "BID",
        "id": "96459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114130"
      },
      {
        "date": "2017-02-27T00:00:00",
        "db": "BID",
        "id": "96459"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "date": "2017-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      },
      {
        "date": "2017-02-27T07:59:00.237000",
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03136"
      },
      {
        "date": "2017-03-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114130"
      },
      {
        "date": "2017-03-07T01:08:00",
        "db": "BID",
        "id": "96459"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      },
      {
        "date": "2017-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      },
      {
        "date": "2024-11-21T03:28:41.017000",
        "db": "NVD",
        "id": "CVE-2017-5927"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ARM Vulnerabilities that allow side-channel attacks in processors",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001750"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-924"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2017-5927

Vulnerability from fkie_nvd

Published

2017-02-27 07:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf	Exploit, Technical Description, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/96459
cve@mitre.org	https://www.vusec.net/projects/anc	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96459
af854a3a-2127-422b-91ae-364da2661108	https://www.vusec.net/projects/anc	Exploit, Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
allwinner	a64	-
amd	athlon_ii_640_x4	-
amd	e-350	-
amd	fx-8120_8-core	-
amd	fx-8320_8-core	-
amd	fx-8350_8-core	-
amd	phenom_9550_4-core	-
intel	atom_c2750	-
intel	celeron_n2840	-
intel	core_i5_m480	-
intel	core_i7-2620qm	-
intel	core_i7-3632qm	-
intel	core_i7-4500u	-
intel	core_i7-6700k	-
intel	core_i7_920	-
intel	xeon_e3-1240_v5	-
intel	xeon_e5-2658_v2	-
nvidia	tegra_k1_cd570m-a1	-
nvidia	tegra_k1_cd580m-a1	-
samsung	exynos_5800	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8167A6-98BE-45D9-A333-A4DB8EE9BE43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4355B92A-F9A4-4DA0-9875-B0D8BD5541AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF28E516-87C3-48BF-ADCB-E89C41DB3E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A9CAF2-DABC-4DD0-87B3-552C469835CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AC0369B-FB5E-48DF-B1E5-72BAD0A0CDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8519A289-6ADE-415A-AE6A-33FD68AFBDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51CAD25-267C-4BF2-B738-25B213FCDFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59CD7DDA-6DDA-47CF-9A75-AFA75B02A56F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E92B12C0-E86A-44A0-B302-3CE721237726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3B3752-79A3-45A8-8416-6DC1EA4A9E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09B0D125-332D-416D-A379-F0D7C1F9DA27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C66EF-E9B9-430F-A19D-2D87AD83DBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAFC55E4-D84D-4588-976D-1E2637B1BF0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF0E91E0-F4B0-495A-80BA-B6B05E6F1760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E0227B-8F2B-48B3-97BC-73BA1BACEED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "661C05F6-8659-4C06-8AC5-7A25FFA52C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57EA6EC-A6B2-4A6A-A13C-EA86154DCA0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4020D9-99C1-4366-8377-8DD1A983381A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36182055-4545-405C-8B39-CF5B87C014C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
    },
    {
      "lang": "es",
      "value": "Los paseos de la tabla de p\u00e1ginas llevados a cabo por la MMU durante la traducci\u00f3n de la direcci\u00f3n virtual a f\u00edsica dejan un rastro en la cach\u00e9 de \u00faltimo nivel de los procesadores ARM modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de c\u00f3digo de JavaScript, rompiendo la ASLR."
    }
  ],
  "id": "CVE-2017-5927",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-27T07:59:00.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/96459"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vusec.net/projects/anc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vusec.net/projects/anc"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2017-03136

Vulnerability from cnvd

Title

多款ARM处理器信息泄露漏洞

Description

ARM Cortex A53等是英国ARM公司的CPU处理器。多款ARM处理器中存在安全漏洞，攻击者可利用该漏洞获取JavaScript中的数据和代码指针的敏感信息。

Severity

中

Patch Name

多款ARM处理器信息泄露漏洞的补丁

Patch Description

ARM Cortex A53等是英国ARM公司的CPU处理器。多款ARM处理器中存在安全漏洞，攻击者可利用该漏洞获取JavaScript中的数据和代码指针的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.arm.com/

Reference

http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf http://www.securityfocus.com/bid/96459

Impacted products

Name
ARM Cortex A53

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96459"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5927"
    }
  },
  "description": "ARM Cortex A53\u7b49\u662f\u82f1\u56fdARM\u516c\u53f8\u7684CPU\u5904\u7406\u5668\u3002\r\n\r\n\u591a\u6b3eARM\u5904\u7406\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6JavaScript\u4e2d\u7684\u6570\u636e\u548c\u4ee3\u7801\u6307\u9488\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "B. Gras, K. Razavi, E. Bosman, H. Bos, C. Giuffrida",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.arm.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03136",
  "openTime": "2017-03-23",
  "patchDescription": "ARM Cortex A53\u7b49\u662f\u82f1\u56fdARM\u516c\u53f8\u7684CPU\u5904\u7406\u5668\u3002\r\n\r\n\u591a\u6b3eARM\u5904\u7406\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6JavaScript\u4e2d\u7684\u6570\u636e\u548c\u4ee3\u7801\u6307\u9488\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eARM\u5904\u7406\u5668\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ARM Cortex A53"
  },
  "referenceLink": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf\r\nhttp://www.securityfocus.com/bid/96459",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-06",
  "title": "\u591a\u6b3eARM\u5904\u7406\u5668\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

ghsa-q989-rvf8-jgqp

Vulnerability from github

Published

2022-05-17 02:57

Modified

2022-05-17 02:57

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-27T07:59:00Z",
    "severity": "HIGH"
  },
  "details": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",
  "id": "GHSA-q989-rvf8-jgqp",
  "modified": "2022-05-17T02:57:09Z",
  "published": "2022-05-17T02:57:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5927"
    },
    {
      "type": "WEB",
      "url": "https://www.vusec.net/projects/anc"
    },
    {
      "type": "WEB",
      "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96459"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-5927

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-5927

Aliases

CVE-2017-5927

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5927",
    "description": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",
    "id": "GSD-2017-5927",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-5927.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5927"
      ],
      "details": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",
      "id": "GSD-2017-5927",
      "modified": "2023-12-13T01:21:13.622114Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-5927",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
            "refsource": "MISC",
            "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
          },
          {
            "name": "https://www.vusec.net/projects/anc",
            "refsource": "MISC",
            "url": "https://www.vusec.net/projects/anc"
          },
          {
            "name": "96459",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96459"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5927"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vusec.net/projects/anc",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.vusec.net/projects/anc"
            },
            {
              "name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
            },
            {
              "name": "96459",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/96459"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-03-02T02:59Z",
      "publishedDate": "2017-02-27T07:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-5927 (GCVE-0-2017-5927)

Vulnerability from cvelistv5

var-201702-0604

Vulnerability from variot

fkie_cve-2017-5927

Vulnerability from fkie_nvd

cnvd-2017-03136

Vulnerability from cnvd

ghsa-q989-rvf8-jgqp

Vulnerability from github

gsd-2017-5927

Vulnerability from gsd

Tags

Sightings

Nomenclature