A vulnerability named RAMBleed was discovered in contemporary industry wide DRAM memory implementations which potentially allows an unprivileged attacker to read out certain memory belonging to other processes by leveraging the Rowhammer bit-flipping effect. The data read may otherwise be inaccessible, and could include potentially secret information. RAMBleed is a side channel read vulnerability as the Rowhammer-induced bit-flips allow attackers to deduce values of bits in the memory belonging to other processes. Surrounding victim data pages with carefully constructed attacker pages, on which hammering is performed can allow data dependent bit flips to be induced in one of the attacker controlled pages, and allow data to be reconstructed.
Statement: Red Hat Product Security is aware of this issue. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/1377393
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0174