CVE-2017-5927 Information

Description

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations it is possible to leak data and code pointers from JavaScript breaking ASLR.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf http://www.securityfocus.com/bid/96459 https://www.vusec.net/projects/anc

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5