CVE-2020-10255

{"id": "CVE-2020-10255", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}]}, "published": "2020-03-10T16:15:15.990", "references": [{"url": "https://download.vusec.net/papers/trrespass_sp20.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/vusec/trrespass", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://twitter.com/antumbral/status/1237425959407513600", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://twitter.com/vu5ec/status/1237399112590467072", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.vusec.net/projects/trrespass/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers."}, {"lang": "es", "value": "Los chips DRAM modernos (DDR4 y LPDDR4 despu\u00e9s de 2015) est\u00e1n afectados por una vulnerabilidad en la implementaci\u00f3n de mitigaciones internas contra los ataques de tipo RowHammer conocido como Target Row Refresh (TRR), tambi\u00e9n se conoce como el problema TRRespass. Para explotar esta vulnerabilidad, el atacante requiere crear determinados patrones de acceso para activar cambios de bits sobre los m\u00f3dulos de memoria afectados, tambi\u00e9n se conoce como un ataque de tipo RowHammer de Muchos Flancos. Esto significa que, incluso cuando son usados chips anunciados como RowHammer-free, los atacantes a\u00fan pueden ser capaces de dirigir ataques de escalada de privilegios contra el kernel, conducir ataques de escalada de privilegios contra el binario Sudo y lograr el acceso a m\u00e1quinas virtuales entre inquilinos al corromper claves RSA. El problema afecta a los chips producidos por SK Hynix, Micron y Samsung. NOTA: el seguimiento de los problemas de la cadena de suministro de DRAM no es sencillo porque un solo modelo de producto de un \u00fanico proveedor puede usar chips DRAM de diferentes fabricantes."}], "lastModified": "2020-03-16T15:23:07.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:micron:ddr4_sdram:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61E4ABB-8D8E-4EF0-9FCC-864DCA8862BA"}, {"criteria": "cpe:2.3:h:micron:lpddr4:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4024237B-254C-4A65-8263-12FED692D155"}, {"criteria": "cpe:2.3:h:samsung:ddr4:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9704C77-A81A-4C71-9CD5-43D2C90EF574"}, {"criteria": "cpe:2.3:h:samsung:lpddr4:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51C71653-2974-4151-98A9-831E5C08C5D4"}, {"criteria": "cpe:2.3:h:skhynix:ddr4_sdram:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "582FC9BC-EC95-4002-944C-4453879108F8"}, {"criteria": "cpe:2.3:h:skhynix:lpddr4:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "429192DE-1D08-488F-93A6-3F5F467FC210"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}