A new and advanced Rowhammer-based attack on DDR4 memory

Share this post:

A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments.

Vulnerability exploitation on IBM Power processor architectures, IBM Z-based architectures, IBM Cloud and IBM storage products would be difficult. No customer actions are currently required.

IBM Power and Z server designs include protections against this type of attack within their implementation of advanced ECC (error-correcting code) memory, memory interleaving, virtualization and multi-level caching. IBM Cloud’s x86-based offerings also include protections against this type of attack through virtualization and use of standard ECC memory. Storage products contain pre-loaded code and protections against an attacker downloading or executing unauthorized code, which would be required to take advantage of this vulnerability.

We are not aware of any reports of malicious use of this variant of the Rowhammer attack.

More Uncategorized stories

Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-11022, CVE-2020-11023).

Sep 17, 2021 8:01 pm EDT | Medium Severity

IBM Aspera Webapps are vulnerable to cross-site scripting. See vulnerability details for more information. ...read more


Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU – Apr 2021 + Oracle Apr 2021; Jul 2021 + Oracle 2021 CPU

Sep 17, 2021 8:01 pm EDT | Medium Severity

This Security Bulletin provides steps for updating Java for Db2 Query Management Facility QMF Workstation and QMF Vision. ...read more


Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Sep 17, 2021 8:01 pm EDT | High Severity

Aspera Web Applications (Shares, Console) have addressed the following OpenSSL Vulnerabilities. ...read more