A new and advanced Rowhammer-based attack on DDR4 memory

Share this post:

A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments.

Vulnerability exploitation on IBM Power processor architectures, IBM Z-based architectures, IBM Cloud and IBM storage products would be difficult. No customer actions are currently required.

IBM Power and Z server designs include protections against this type of attack within their implementation of advanced ECC (error-correcting code) memory, memory interleaving, virtualization and multi-level caching. IBM Cloud’s x86-based offerings also include protections against this type of attack through virtualization and use of standard ECC memory. Storage products contain pre-loaded code and protections against an attacker downloading or executing unauthorized code, which would be required to take advantage of this vulnerability.

We are not aware of any reports of malicious use of this variant of the Rowhammer attack.

More Uncategorized stories

IBM Product Security Incident Response

Acknowledgement

September 20, 2022

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2022 Credit to Akshay Shelke (LinkedIn, Secureise, Twitter) Love Yadav (email, LinkedIn) Digant Prajapati (email, LinkedIn) Yoel Indra (email, LinkedIn) Severus of VietSunshine Security ...read more