Share this post:
A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments.
Vulnerability exploitation on IBM Power processor architectures, IBM Z-based architectures, IBM Cloud and IBM storage products would be difficult. No customer actions are currently required.
IBM Power and Z server designs include protections against this type of attack within their implementation of advanced ECC (error-correcting code) memory, memory interleaving, virtualization and multi-level caching. IBM Cloud’s x86-based offerings also include protections against this type of attack through virtualization and use of standard ECC memory. Storage products contain pre-loaded code and protections against an attacker downloading or executing unauthorized code, which would be required to take advantage of this vulnerability.
We are not aware of any reports of malicious use of this variant of the Rowhammer attack.