Guest

Cisco Event Response: Row Hammer Privilege Escalation Vulnerability

Threat Summary
Last Updated: March 10, 2015

This information has been produced in reference to the recent Row HammerPrivilege Escalation Vulnerability, aka "rowhammer" vulnerability that has been made public by the Project Zero team at Google in this report - Exploiting the DRAM rowhammer bug to gain kernel privileges.

 

 

 

Event Intelligence

The following Cisco content is associated with this Event Response Page:

Row Hammer Privilege Esclation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer

Cisco IntelliShield Alert: Row Hammer Privilege Esclation Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37780

Cisco Security Blog Post
http://blogs.cisco.com/security/mitigations-available-for-the-dram-row-hammer-vulnerability


The following table identifies Cisco Security content that is associated with this Event Response Page:

Cisco Applied Mitigation Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Not Applicable Vulnerability Alert: Row Hammer Memory Error Privilege Escalation Vulnerability
TBD

Vulnerability Characteristics

The row hammer privilege escalation vulnerability has not been assigned a Common Vulnerabilities and Exposures (CVE) ID at this time.

In 2012, an intrinsic flaw was discovered in the design of DDR3 when utilized in high performance computing applications; specifically, a flaw that existed within general purpose computing devices that were utilized to perform distributed high-speed data processing. The flaw became a prevalent issue due to the die shrinkage (40nm and below) of high density DRAM parts, which enabled the creation of today's large capacity memory modules. This particular error was named "Row Hammer," as the flaw is triggered by the electrical charge of a row of memory cells being leaked into an adjacent row while the leaking row is "hammered" with active commands. When the leak occurs, a number of non-corrected memory errors may be introduced, which could lead to process crashes and possible system hangs; resulting in an error rate that, in some cases could, surpass what Error-Correcting Code (ECC) RAM, commonly used in server platforms, could mitigate and correct.

The impact of this vulnerability varies based on hardware. Assessments are ongoing in relation to potentially affected Cisco products.

Impact on Cisco Products

The Cisco Product Security Incident Response Team (PSIRT) is currently investigating which Cisco products are affected by this vulnerability. Cisco Security Advisory Row Hammer Prvilege Escalation Vulnerability was published and includes information on vulnerable products and products confirmed not vulnerable. The advisory will be updated as additional information about other products becomes available. Any updates specifically related to Cisco products will be communicated according to the Cisco Security Vulnerability Policy.

The Cisco Computer Security Incident Response Team (CSIRT) is investigating Cisco public-facing infrastructure that could be susceptible to this vulnerability to facilitate its remediation.

References

Original Project Zero Google Blog Post: Exploiting the DRAM rowhammer bug to gain kernel privileges

Google Patents: Row Hammer Refresh Command