National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2020-10255 Detail

Current Description

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: 9.0 CRITICAL
Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://download.vusec.net/papers/trrespass_sp20.pdf Third Party Advisory
https://github.com/vusec/trrespass Product
https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html Third Party Advisory
https://twitter.com/antumbral/status/1237425959407513600 Third Party Advisory
https://twitter.com/vu5ec/status/1237399112590467072 Third Party Advisory
https://www.vusec.net/projects/trrespass/ Third Party Advisory

Weakness Enumeration

CWE-ID CWE Name Source
CWE-20 Improper Input Validation NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:h:micron:ddr4_sdram:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:micron:lpddr4:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:samsung:ddr4:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:samsung:lpddr4:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:skhynix:ddr4_sdram:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:skhynix:lpddr4:-:*:*:*:*:*:*:*
     Show Matching CPE(s)


Change History

4 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2020-10255
NVD Published Date:
03/10/2020
NVD Last Modified:
03/16/2020