Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-10255

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers.

Published

2020-03-10T16:15:15.990

Last Modified

2024-11-21T04:55:04.710

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	micron	ddr4_sdram	-	Yes
Hardware	micron	lpddr4	-	Yes
Hardware	samsung	ddr4	-	Yes
Hardware	samsung	lpddr4	-	Yes
Hardware	skhynix	ddr4_sdram	-	Yes
Hardware	skhynix	lpddr4	-	Yes

References

https://download.vusec.net/papers/trrespass_sp20.pdf Third Party Advisory ([email protected])
https://github.com/vusec/trrespass Product ([email protected])
https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html Third Party Advisory ([email protected])
https://twitter.com/antumbral/status/1237425959407513600 Third Party Advisory ([email protected])
https://twitter.com/vu5ec/status/1237399112590467072 Third Party Advisory ([email protected])
https://www.vusec.net/projects/trrespass/ Third Party Advisory ([email protected])
https://download.vusec.net/papers/trrespass_sp20.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vusec/trrespass Product (af854a3a-2127-422b-91ae-364da2661108)
https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/antumbral/status/1237425959407513600 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/vu5ec/status/1237399112590467072 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.vusec.net/projects/trrespass/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)