var-201702-0603
Vulnerability from variot
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple AMD Processor are prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. AMD Phenom 9550 4-Core and so on are the processor products of American AMD Company. The following products are affected: AMD Phenom 9550 4-Core; AMD E-350; AMD Athlon II 640 X4; AMD FX-8120 8-Core; AMD FX-8320 8-Core; AMD FX-8350 8-Core
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0603",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "core i7 920",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "celeron n2840",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "fx-8350 8-core",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "core i7-3632qm",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "e-350",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "core i7-4500u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7-2620qm",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "exynos 5800",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "fx-8320 8-core",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "core i5 m480",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7-6700k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "tegra k1 cd580m-a1",
"scope": "eq",
"trust": 1.0,
"vendor": "nvidia",
"version": null
},
{
"model": "athlon ii 640 x4",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "xeon e5-2658 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c2750",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "tegra k1 cd570m-a1",
"scope": "eq",
"trust": 1.0,
"vendor": "nvidia",
"version": null
},
{
"model": "fx-8120 8-core",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "phenom 9550 4-core",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "xeon e3-1240 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "a64",
"scope": "eq",
"trust": 1.0,
"vendor": "allwinner",
"version": null
},
{
"model": "athlon ii 640 x4",
"scope": null,
"trust": 0.8,
"vendor": "advanced micro devices amd",
"version": null
},
{
"model": "e-350",
"scope": null,
"trust": 0.8,
"vendor": "advanced micro devices amd",
"version": null
},
{
"model": "fx-8120 8-core",
"scope": null,
"trust": 0.8,
"vendor": "advanced micro devices amd",
"version": null
},
{
"model": "fx-8320 8-core",
"scope": null,
"trust": 0.8,
"vendor": "advanced micro devices amd",
"version": null
},
{
"model": "fx-8350 8-core",
"scope": null,
"trust": 0.8,
"vendor": "advanced micro devices amd",
"version": null
},
{
"model": "phenom 9550 4-core",
"scope": null,
"trust": 0.8,
"vendor": "advanced micro devices amd",
"version": null
},
{
"model": "a64",
"scope": null,
"trust": 0.8,
"vendor": "allwinner",
"version": null
},
{
"model": "tegra k1 cd570m-a1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "tegra k1 cd580m-a1",
"scope": null,
"trust": 0.8,
"vendor": "nvidia",
"version": null
},
{
"model": "atom c2750",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "celeron n2840",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i5 m480",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i7 920",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i7-2620qm",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i7-3632qm",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i7-4500u",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i7-6700k",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3-1240 v5",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5-2658 v2",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "exynos 5800",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-925"
},
{
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:amd:athlon_ii_640_x4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:amd:e-350",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:amd:fx-8120_8-core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:amd:fx-8320_8-core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:amd:fx-8350_8-core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:amd:phenom_9550_4-core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:allwinner:a64",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nvidia:tegra_k1_cd570m-a1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nvidia:tegra_k1_cd580m-a1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:atom_c2750",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:celeron_n2840",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i5_m480",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i7_920",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i7-2620qm",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i7-3632qm",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i7-4500u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i7-6700k",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:xeon_e3-1240_v5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:xeon_e5-2658_v2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:exynos_5800",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "B. Gras, K. Razavi, E. Bosman, H. Bos, C. Giuffrida,",
"sources": [
{
"db": "BID",
"id": "96457"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5926",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5926",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114129",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5926",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5926",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5926",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-925",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114129",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-925"
},
{
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple AMD Processor are prone to local security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. AMD Phenom 9550 4-Core and so on are the processor products of American AMD Company. The following products are affected: AMD Phenom 9550 4-Core; AMD E-350; AMD Athlon II 640 X4; AMD FX-8120 8-Core; AMD FX-8320 8-Core; AMD FX-8350 8-Core",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5926"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"db": "BID",
"id": "96457"
},
{
"db": "VULHUB",
"id": "VHN-114129"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5926",
"trust": 2.8
},
{
"db": "BID",
"id": "96457",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001749",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-925",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114129",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114129"
},
{
"db": "BID",
"id": "96457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-925"
},
{
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"id": "VAR-201702-0603",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114129"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:02:31.472000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/96457"
},
{
"trust": 1.7,
"url": "https://www.vusec.net/projects/anc"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5926"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5926"
},
{
"trust": 0.8,
"url": "https://www.vusec.net/projects/anc/"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114129"
},
{
"db": "BID",
"id": "96457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-925"
},
{
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114129"
},
{
"db": "BID",
"id": "96457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-925"
},
{
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-114129"
},
{
"date": "2017-02-27T00:00:00",
"db": "BID",
"id": "96457"
},
{
"date": "2017-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-925"
},
{
"date": "2017-02-27T07:59:00.207000",
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-114129"
},
{
"date": "2017-03-07T01:08:00",
"db": "BID",
"id": "96457"
},
{
"date": "2017-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001749"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-925"
},
{
"date": "2024-11-21T03:28:40.857000",
"db": "NVD",
"id": "CVE-2017-5926"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-925"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AMD Vulnerabilities that allow side-channel attacks in processors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001749"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-925"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.