MidnightBSD

Advisories for allwinner

CVE-2016-10225 HIGH

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
allwinner linux-3.4-sunxi -
CVE-2017-5925 MEDIUM

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
intel core_i7-3632qm -
intel atom_c2750 -
samsung exynos_5800 -
intel xeon_e5-2658_v2 -
amd athlon_ii_640_x4 -
amd e-350 -
nvidia tegra_k1_cd570m-a1 -
intel core_i5_m480 -
amd fx-8120_8-core -
intel core_i7-2620qm -
intel core_i7_920 -
intel core_i7-6700k -
nvidia tegra_k1_cd580m-a1 -
intel xeon_e3-1240_v5 -
intel celeron_n2840 -
allwinner a64 -
amd fx-8320_8-core -
intel core_i7-4500u -
amd fx-8350_8-core -
amd phenom_9550_4-core -
CVE-2017-5926 MEDIUM

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
intel core_i7-3632qm -
intel atom_c2750 -
samsung exynos_5800 -
intel xeon_e5-2658_v2 -
amd athlon_ii_640_x4 -
amd e-350 -
nvidia tegra_k1_cd570m-a1 -
intel core_i5_m480 -
amd fx-8120_8-core -
intel core_i7-2620qm -
intel core_i7_920 -
intel core_i7-6700k -
nvidia tegra_k1_cd580m-a1 -
intel xeon_e3-1240_v5 -
intel celeron_n2840 -
allwinner a64 -
amd fx-8320_8-core -
intel core_i7-4500u -
amd fx-8350_8-core -
amd phenom_9550_4-core -
CVE-2017-5927 MEDIUM

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
intel core_i7-3632qm -
intel atom_c2750 -
samsung exynos_5800 -
intel xeon_e5-2658_v2 -
amd athlon_ii_640_x4 -
amd e-350 -
nvidia tegra_k1_cd570m-a1 -
intel core_i5_m480 -
amd fx-8120_8-core -
intel core_i7-2620qm -
intel core_i7_920 -
intel core_i7-6700k -
nvidia tegra_k1_cd580m-a1 -
intel xeon_e3-1240_v5 -
intel celeron_n2840 -
allwinner a64 -
amd fx-8320_8-core -
intel core_i7-4500u -
amd fx-8350_8-core -
amd phenom_9550_4-core -