Bug 2023777 (CVE-2021-42114) - CVE-2021-42114 hw: dram: new non-uniform circumvent TRR to induce bit flips via Rowhammer
Summary: CVE-2021-42114 hw: dram: new non-uniform circumvent TRR to induce bit flips v...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-42114
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2023634
TreeView+ depends on / blocked
 
Reported: 2021-11-16 14:29 UTC by Alex
Modified: 2021-11-25 19:15 UTC (History)
34 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-11-16 15:00:40 UTC
Embargoed:

Attachments (Terms of Use)

Description Alex 2021-11-16 14:29:24 UTC 
A flaw was found in the way latest DDR4 DRAM chips implement Target Row Refresh (TRR) mitigation to prevent Rowhammer induced bit flips across memory space. An unprivileged system user may leverage this flaw and use Rowhammer attack variants to induce bit corruptions across memory space, potentially resulting in DoS OR privileges escalation scenarios.
This type of attack is different from the previously known (ex. CVE-2020-10255) by non-uniform patterns of memory access: means some patterns of memory access possibly allows to bypass current TRR defense of modern DDR4 chips.
Comment 1 Product Security DevOps Team 2021-11-16 15:00:37 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-42114
Note You need to log in before you can comment on or make changes to this bug.