Vulnerability Details CVE-2017-5927
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2017-5927
-
cpe:2.3:h:allwinner:a64:-
-
cpe:2.3:h:amd:athlon_ii_640_x4:-
-
cpe:2.3:h:amd:e-350:-
-
cpe:2.3:h:amd:fx-8120_8-core:-
-
cpe:2.3:h:amd:fx-8320_8-core:-
-
cpe:2.3:h:amd:fx-8350_8-core:-
-
cpe:2.3:h:amd:phenom_9550_4-core:-
-
cpe:2.3:h:intel:atom_c2750:-
-
cpe:2.3:h:intel:celeron_n2840:-
-
cpe:2.3:h:intel:core_i5_m480:-
-
cpe:2.3:h:intel:core_i7-2620qm:-
-
cpe:2.3:h:intel:core_i7-3632qm:-
-
cpe:2.3:h:intel:core_i7-4500u:-
-
cpe:2.3:h:intel:core_i7-6700k:-
-
cpe:2.3:h:intel:core_i7_920:-
-
cpe:2.3:h:intel:xeon_e3-1240_v5:-
-
cpe:2.3:h:intel:xeon_e5-2658_v2:-
-
cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-
-
cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-
-
cpe:2.3:h:samsung:exynos_5800:-