This information has been produced in reference to the recent Row HammerPrivilege Escalation Vulnerability, aka "rowhammer" vulnerability that has been made public by the Project Zero team at Google in this report - Exploiting the DRAM rowhammer bug to gain kernel privileges.
The following Cisco content is associated with this Event Response Page:
Row Hammer Privilege Esclation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer
Cisco IntelliShield Alert: Row Hammer Privilege Esclation Vulnerability
https://sec.cloudapps.cisco.com/security/center/viewAlert.x?alertId=37780
Cisco Security Blog Post
http://blogs.cisco.com/security/mitigations-available-for-the-dram-row-hammer-vulnerability
The following table identifies Cisco Security content that is associated with this Event Response Page:
| Cisco Applied Mitigation Bulletin | Cisco IntelliShield Alert | CVE ID |
|---|---|---|
| Not Applicable | Vulnerability Alert: Row Hammer Memory Error Privilege Escalation Vulnerability |
TBD |
The row hammer privilege escalation vulnerability has not been assigned a Common Vulnerabilities and Exposures (CVE) ID at this time.
In 2012, an intrinsic flaw was discovered in the design of DDR3 when utilized in high performance computing applications; specifically, a flaw that existed within general purpose computing devices that were utilized to perform distributed high-speed data processing. The flaw became a prevalent issue due to the die shrinkage (40nm and below) of high density DRAM parts, which enabled the creation of today's large capacity memory modules. This particular error was named "Row Hammer," as the flaw is triggered by the electrical charge of a row of memory cells being leaked into an adjacent row while the leaking row is "hammered" with active commands. When the leak occurs, a number of non-corrected memory errors may be introduced, which could lead to process crashes and possible system hangs; resulting in an error rate that, in some cases could, surpass what Error-Correcting Code (ECC) RAM, commonly used in server platforms, could mitigate and correct.
The impact of this vulnerability varies based on hardware. Assessments are ongoing in relation to potentially affected Cisco products.
The Cisco Product Security Incident Response Team (PSIRT) is currently investigating which Cisco products are affected by this vulnerability. Cisco Security Advisory Row Hammer Prvilege Escalation Vulnerability was published and includes information on vulnerable products and products confirmed not vulnerable. The advisory will be updated as additional information about other products becomes available. Any updates specifically related to Cisco products will be communicated according to the Cisco Security Vulnerability Policy.
The Cisco Computer Security Incident Response Team (CSIRT) is investigating Cisco public-facing infrastructure that could be susceptible to this vulnerability to facilitate its remediation.
Original Project Zero Google Blog Post: Exploiting the DRAM rowhammer bug to gain kernel privileges
Google Patents: Row Hammer Refresh Command
This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.