CVE-2021-42114

Exploit

EPSS 0.85%
Published 16.11.2021 12:15:06
Last modified 21.11.2024 06:27:17
Source vulnerability@ncsc.ch
Teams watchlist Login
Open Login

Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Ddr4 Sdram Firmware Version-

Samsung ≫ Ddr4 Sdram Version-

Samsung ≫ Lddr4 Firmware Version-

Samsung ≫ Lddr4 Version-

Micron ≫ Lddr4 Firmware Version-

Micron ≫ Lddr4 Version-

Micron ≫ Ddr4 Sdram Firmware Version-

Micron ≫ Ddr4 Sdram Version-

Skhynix ≫ Ddr4 Sdram Firmware Version-

Skhynix ≫ Ddr4 Sdram Version-

Skhynix ≫ Lddr4 Firmware Version-

Skhynix ≫ Lddr4 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.85%	0.74

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.3	1.6	6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.9	5.5	10	AV:A/AC:M/Au:N/C:C/I:C/A:C
vulnerability@ncsc.ch	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://comsec.ethz.ch/research/dram/blacksmith/

Third Party Advisory

Exploit

https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf

Third Party Advisory

Exploit

https://github.com/comsec-group/blacksmith

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-42114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42114

EUVD