[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cisco Security Advisory: Row Hammer Privilege Escalation Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Row Hammer Privilege Escalation Vulnerability
Advisory ID: cisco-sa-20150309-rowhammer
Last Updated 2015 March 9 22:59 UTC (GMT)
For Public Release 2015 March 9 21:50 UTC (GMT)
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3) synchronous dynamic random-access memory (SDRAM) to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack, the attacker must execute a malicious binary on an affected system.
In addition, the research focused on consumer hardware that did not have a number of mitigations and memory protections that have been integrated into chipsets and memory modules used in Cisco server-class products. Of note in the paper is that the researchers were unable, in their testing, to exploit devices that use Error-Correcting Code (ECC) memory.
Cisco offers a limited number of products that allow an unprivileged user to load and execute binaries.
The research report is at the following link:
This advisory is available at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----