PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5925 Intel CVE debrief

CVE-2017-5925 is a hardware side-channel issue in page-table walks performed by the MMU during virtual-to-physical address translation. According to the official NVD record and linked technical references, an attacker running JavaScript can observe cache effects from MMU activity and use that leakage to recover data and code pointers, which can break or weaken ASLR. This is a confidentiality issue with no direct integrity or availability impact in the CVSS vector, but it can materially reduce the effectiveness of other defenses.

Vendor
Intel
Product
CVE-2017-5925
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-27
Original CVE updated
2026-05-13
Advisory published
2017-02-27
Advisory updated
2026-05-13

Who should care

Security teams and platform owners responsible for systems using affected processors, browser and runtime maintainers, and defenders who rely on ASLR as a key mitigation. Cloud, virtualization, and fleet operators should also care because the issue is rooted in processor behavior rather than a single application bug.

Technical summary

NVD classifies the weakness as CWE-200 and gives CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The published description says page-table walks leave traces in the last-level cache, and a side-channel attack on MMU operations can leak data and code pointers from JavaScript. The NVD entry lists multiple affected CPU CPEs across Intel, AMD, NVIDIA Tegra, and Samsung Exynos products, indicating a processor-level issue rather than a software-only flaw. The core security consequence is information disclosure that can undermine ASLR and support follow-on exploitation.

Defensive priority

High. The issue is remote-reachable in the sense captured by the CVSS vector and can undermine a foundational mitigation (ASLR). Even without direct code execution, pointer leakage can materially reduce the cost of later attacks.

Recommended defensive actions

  • Review the official NVD and linked VUSec/NDSS references to identify whether your specific processor models are listed as affected.
  • Prioritize browser hardening, site isolation, and other mitigations that reduce the impact of JavaScript-based side channels.
  • Treat ASLR as helpful but not sufficient on affected platforms; layer additional mitigations such as sandboxing and least privilege.
  • Inventory affected hardware across endpoints, VDI, and cloud fleets, especially where the listed Intel, AMD, NVIDIA Tegra, or Samsung Exynos models are deployed.
  • Apply vendor guidance or firmware/microcode updates where available for the specific platforms in use.
  • Monitor browser and platform security advisories for mitigations that reduce cache-based side-channel exposure.
  • For high-risk environments, limit untrusted JavaScript exposure and isolate sensitive workloads from shared hardware when practical.

Evidence notes

Primary evidence comes from the official NVD CVE record and its references. The NVD description states that MMU page-table walks leave traces in the last-level cache and that a side-channel attack can leak data and code pointers from JavaScript, breaking ASLR. NVD assigns CWE-200 and CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The NVD reference list includes the VUSec ANC project page, an NDSS 2017 paper PDF, and SecurityFocus BID 96452. The supplied timeline indicates the CVE was published on 2017-02-27 and later modified on 2026-05-13; those dates are used only as disclosure and record-maintenance context.

Official resources

Publicly disclosed in the CVE/NVD record on 2017-02-27. The supplied NVD metadata shows the record was last modified on 2026-05-13; that is a record update date, not the vulnerability date. References cited in the NVD entry include an NDSS