Cisco Security Advisory 20150309-rowhammer

Cisco Security Advisory – On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3) synchronous dynamic random-access memory (SDRAM) to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack, the attacker must execute a malicious binary on an affected system. In addition, the research focused on consumer hardware that did not have a number of mitigations and memory protections that have been integrated into chipsets and memory modules used in Cisco server-class products. Of note in the paper is that the researchers were unable, in their testing, to exploit devices that use Error-Correcting Code (ECC) memory. Cisco offers a limited number of products that allow an unprivileged user to load and execute binaries.

Leave a Reply