Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-42114

Related Vulnerabilities: CVE-2021-42114  

A Rowhammer flaw was found in the latest DDR4 DRAM hardware chips. This flaw is different from the previously known attack (CVE-2020-10255) by non-uniform patterns of memory access. These DDR4 DRAM hardware chips implement a Target Row Refresh (TRR) mitigation to prevent a Rowhammer flaw-induced bit corruption across memory space. This flaw allows an unprivileged system user to use Rowhammer attack variants to induce bit corruptions across memory space, potentially resulting in a denial of service or privileges escalation scenarios. With the currently known attack scenarios, the highest threat from this vulnerability is to system availability.

Source

Description

A Rowhammer flaw was found in the latest DDR4 DRAM hardware chips. This flaw is different from the previously known attack (CVE-2020-10255) by non-uniform patterns of memory access. These DDR4 DRAM hardware chips implement a Target Row Refresh (TRR) mitigation to prevent a Rowhammer flaw-induced bit corruption across memory space. This flaw allows an unprivileged system user to use Rowhammer attack variants to induce bit corruptions across memory space, potentially resulting in a denial of service or privileges escalation scenarios. With the currently known attack scenarios, the highest threat from this vulnerability is to system availability.

Statement

Red Hat Product Security is aware of this issue. This is a hardware issue. It can not be fixed via usual software updates. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/1377393

Red Hat Product Security is aware of this issue. This is a hardware issue. It can not be fixed via usual software updates.

For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/1377393

Mitigation

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. One way of possible (but non practical) mitigation is to check if hardware vulnerable with existing reproducer blacksmith and if yes, then use some software (currently only prototype available) to prevent attacks: like ARMOR or ANVIL. The other possible mitigation is to prevent high CPU (or high memory or high network) usage, because the currently known fuzzer requires some very high-speed memory access for some reasonable time period.

Additional Information

  • Bugzilla 2023777: CVE-2021-42114 hw: dram: new non-uniform circumvent TRR to induce bit flips via Rowhammer
  • CWE-440: Expected Behavior Violation
  • FAQ: Frequently asked questions about CVE-2021-42114

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started