Vulnerability Name:

CVE-2017-5926 (CCN-123608)

Assigned:2017-02-27
Published:2017-02-27
Updated:2017-03-02
Summary:Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.3 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2017-5926

Source: CCN
Type: AMD Web site
Welcome to AMD | AMD

Source: MISC
Type: Exploit, Technical Description, Third Party Advisory
http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf

Source: BID
Type: UNKNOWN
96457

Source: CCN
Type: BID-96457
Multiple AMD Processor CVE-2017-5926 Local Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
amd-cpu-cve20175926-info-disc(123608)

Source: MISC
Type: Exploit, Technical Description, Third Party Advisory
https://www.vusec.net/projects/anc

Source: CCN
Type: VUSec Web site
Address Space Layout Randomization

Vulnerable Configuration:Configuration 1:
  • cpe:/h:allwinner:a64:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:e-350:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:atom_c2750:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:celeron_n2840:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:core_i5_m480:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:core_i7-4500u:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:core_i7-6700k:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:core_i7_920:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*
  • OR cpe:/h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:exynos_5800:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    allwinner a64 -
    amd athlon ii 640 x4 -
    amd e-350 -
    amd fx-8120 8-core -
    amd fx-8320 8-core -
    amd fx-8350 8-core -
    amd phenom 9550 4-core -
    intel atom c2750 -
    intel celeron n2840 -
    intel core i5 m480 -
    intel core i7-2620qm -
    intel core i7-3632qm -
    intel core i7-4500u -
    intel core i7-6700k -
    intel core i7 920 -
    intel xeon e3-1240 v5 -
    intel xeon e5-2658 v2 -
    nvidia tegra k1 cd570m-a1 -
    nvidia tegra k1 cd580m-a1 -
    samsung exynos 5800 -