Bug 1812088 (CVE-2020-10255, TRRespass)

Summary: CVE-2020-10255 hw: dram: circumvent TRR to induce bit flips via Rowhammer
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acaringi, airlied, bhu, brdeoliv, bskeggs, dhoward, dvlasenk, fhrbata, hdegoede, hkrzesin, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, john.j5live, jonathan, josef, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, linville, masami256, mchehab, mjg59, nmurray, rvrbovsk, security-response-team, steved
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
A Rowhammer flaw was found in latest DDR4 DRAM hardware chips. These chips implement Target Row Refresh (TRR) mitigation to prevent a Rowhammer flaw-induced bit corruption across memory space. An unprivileged system user may leverage this flaw and use Rowhammer attack variants to induce bit corruptions across memory space, potentially resulting in a denial of service or privileges escalation scenarios. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-10 16:32:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1802937    

Description Prasad Pandit 2020-03-10 14:02:21 UTC 
A flaw was found in the way latest DDR4 DRAM chips implement Target Row Refresh (TRR) mitigation to prevent Rowhammer induced bit flips across memory space. An unprivileged system user may leverage this flaw and use Rowhammer attack variants to induce bit corruptions across memory space, potentially resulting in DoS OR privileges escalation scenarios.
Comment 2 Prasad Pandit 2020-03-10 14:02:28 UTC 
External References:

https://access.redhat.com/articles/1377393
https://www.vusec.net/projects/trrespass
https://download.vusec.net/papers/trrespass_sp20.pdf
Comment 3 Product Security DevOps Team 2020-03-10 16:32:03 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-10255
Comment 4 Prasad Pandit 2020-03-11 07:22:58 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 5 Eric Christensen 2020-03-12 13:17:49 UTC 
Statement:

This hardware issue cannot be fixed via usual software updates. For additional information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/articles/1377393.