Skip to content

RVD#2549: Altering live memory DDR4 (RowHammer) #2549

New issue
New issue
Open
Open
RVD#2549: Altering live memory DDR4 (RowHammer)#2549
Labels
robot component: KUKA KR C4KUKA KR C4 controllerrobot: KUKA KR 3 R540KUKA AGILUS KR 3 R540severity: high7.0 - 8.9vendor: KUKAvulnerability
@rvd-bot

Description

@rvd-bot
rvd-bot
opened on Jun 16, 2020
{
    "id": 2549,
    "title": "RVD#2549: Altering live memory DDR4 (RowHammer)",
    "type": "Vulnerability",
    "description": "Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys.",
    "cwe": "CWE-20",
    "cve": "CVE-2020-10255",
    "keywords": [
        "DRAM"
    ],
    "system": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
    "vendor": "KUKA Roboter GmbH",
    "severity": {
        "rvss-score": 8.4,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:Z/S:C/C:H/I:H/A:H/H:H",
        "severity-description": "high",
        "cvss-score": 9.0,
        "cvss-vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
    },
    "links": [
        "http://cwe.mitre.org/data/definitions/20.html, https://nvd.nist.gov/vuln/detail/CVE-2020-10255?cpeVersion=2.2, https://github.com/vusec/trrespass",
        "https://github.com/aliasrobotics/RVD/issues/2549"
    ],
    "flaw": {
        "phase": "runtime-operation",
        "specificity": "general issue",
        "architectural-location": "plataform code",
        "application": "OS",
        "subsystem": "kernel, memory management system",
        "package": "N/A",
        "languages": "None",
        "date-detected": null,
        "detected-by": "Alias Robotics (group, https://aliasrobotics.com)",
        "detected-by-method": "testing dynamic",
        "date-reported": "2020-03-17",
        "reported-by": "Victor Mayoral Vilches (Alias Robotics)",
        "reported-by-relationship": "security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/2549",
        "reproducibility": "Always",
        "trace": "Not disclosed",
        "reproduction": "Not disclosed",
        "reproduction-image": "Not disclosed"
    },
    "exploitation": {
        "description": "Not disclosed",
        "exploitation-image": "Not disclosed",
        "exploitation-vector": "Not disclosed"
    },
    "mitigation": {
        "description": "Not disclosed",
        "pull-request": "Not disclosed",
        "date-mitigation": null
    }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    robot component: KUKA KR C4KUKA KR C4 controllerrobot: KUKA KR 3 R540KUKA AGILUS KR 3 R540severity: high7.0 - 8.9vendor: KUKAvulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions