9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
54.7%
A Rowhammer flaw was found in the latest DDR4 DRAM hardware chips. This flaw is different from the previously known attack (CVE-2020-10255) by non-uniform patterns of memory access. These DDR4 DRAM hardware chips implement a Target Row Refresh (TRR) mitigation to prevent a Rowhammer flaw-induced bit corruption across memory space. This flaw allows an unprivileged system user to use Rowhammer attack variants to induce bit corruptions across memory space, potentially resulting in a denial of service or privileges escalation scenarios. With the currently known attack scenarios, the highest threat from this vulnerability is to system availability.
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. One way of possible (but non practical) mitigation is to check if hardware vulnerable with existing reproducer blacksmith and if yes, then use some software (currently only prototype available) to prevent attacks: like ARMOR or ANVIL. The other possible mitigation is to prevent high CPU (or high memory or high network) usage, because the currently known fuzzer requires some very high-speed memory access for some reasonable time period.
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
54.7%