CVE-2021-42114

Published on: 11/16/2021 12:00:00 AM UTC

Last Modified on: 11/29/2021 06:45:00 PM UTC

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Certain versions of Ddr4 Sdram from Micron contain the following vulnerability:

Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication.

  • CVE-2021-42114 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
Vulnerability Patch/Work Around
  • Using ECC DRAM substantially increases the difficulty of carrying out Rowhammer attacks on systems, although previous work [1] showed that it does not provide complete protection. [1] L. Cojocar, K. Razavi, C. Giuffrida, and H. Bos, “Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks,” San Francisco, CA, USA, May 2019, pp. 55–71. DOI: 10.1109/SP.2019.00089.

CVSS3 Score: 8.3 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
ADJACENT_NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED HIGH HIGH HIGH

CVSS2 Score: 7.9 - HIGH

Access
Vector
Access
Complexity
Authentication
ADJACENT_NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
GitHub - comsec-group/blacksmith: Next-gen Rowhammer fuzzer that uses non-uniform, frequency-based patterns. github.com
text/html
URL Logo MISC github.com/comsec-group/blacksmith
Blacksmith – Computer Security Group comsec.ethz.ch
text/html
URL Logo MISC comsec.ethz.ch/research/dram/blacksmith/
comsec.ethz.ch
application/pdf
URL Logo CONFIRM comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
Page not found – Computer Security Group comsec.ethz.ch
text/html
Inactive LinkNot Archived
URL Logo CONFIRM comsec.ethz.ch/wp-content/files/blacksmith_sec22.pdf

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareMicronDdr4 Sdram-AllAllAll
Operating
System
MicronDdr4 Sdram Firmware-AllAllAll
HardwareMicronLddr4-AllAllAll
Operating
System
MicronLddr4 Firmware-AllAllAll
HardwareSamsungDdr4 Sdram-AllAllAll
Operating
System
SamsungDdr4 Sdram Firmware-AllAllAll
HardwareSamsungLddr4-AllAllAll
Operating
System
SamsungLddr4 Firmware-AllAllAll
HardwareSkhynixDdr4 Sdram-AllAllAll
Operating
System
SkhynixDdr4 Sdram Firmware-AllAllAll
HardwareSkhynixLddr4-AllAllAll
Operating
System
SkhynixLddr4 Firmware-AllAllAll
  • cpe:2.3:h:micron:ddr4_sdram:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:micron:ddr4_sdram_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:micron:lddr4:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:micron:lddr4_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:samsung:ddr4_sdram:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:samsung:ddr4_sdram_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:samsung:lddr4:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:samsung:lddr4_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:skhynix:ddr4_sdram:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:skhynix:ddr4_sdram_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:skhynix:lddr4:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:skhynix:lddr4_firmware:-:*:*:*:*:*:*:*:

Discovery Credit

Kaveh Razavi, Patrick Jattke, Stijn Gunter; Eidgenössische Technische Hochschule (ETH) Zürich

Victor van der Veen; Qualcomm Technologies Inc.

Pietro Frigo; VU Amsterdam

Social Mentions

Source Title Posted (UTC)
Twitter Icon @SwissHttp CVE-2021-42114 "Blacksmith": A new Rowhammer mitigation bypass Q "Are there any DIMMs that are safe?" A "We did no… twitter.com/i/web/status/1… 2021-11-15 23:19:23
Twitter Icon @CVEreport CVE-2021-42114 : Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Ro… twitter.com/i/web/status/1… 2021-11-16 11:52:48
Twitter Icon @TheHackersNews Researchers demonstrate a new #Rowhammer exploit — dubbed "Blacksmith" (CVE-2021-42114, CVSS score: 9.0) — that aff… twitter.com/i/web/status/1… 2021-11-16 16:53:05
Twitter Icon @trip_elix "Researchers demonstrate a new #Rowhammer exploit — dubbed "Blacksmith" (CVE-2021-42114, CVSS score: 9.0) — that af… twitter.com/i/web/status/1… 2021-11-16 16:57:07
Twitter Icon @Webimprints #Cibersegruidad #infosec #seguridad #hacking CVE-2021-42114: Vulnerabilidad crítica afecta a dispositivos DRAM… twitter.com/i/web/status/1… 2021-11-16 18:28:20
Twitter Icon @Webimprints #infosec #cybersecurity #hacking #security CVE-2021-42114: Critical vulnerability affects DRAM devices… twitter.com/i/web/status/1… 2021-11-16 18:29:05
Twitter Icon @CalabrLuigi cibertip.com/vulnerabilidad… 2021-11-16 18:52:53
Twitter Icon @SlGNS_WONDERS coooooool cool cool cool guess I'm putting a drillbit thru all my computers and going to disappear into the woods 2021-11-16 21:14:40
Twitter Icon @YourAnonRiots Researchers demonstrate a new #Rowhammer exploit — dubbed "#Blacksmith" (CVE-2021-42114, CVSS score: 9.0) — that af… twitter.com/i/web/status/1… 2021-11-16 22:31:41
Twitter Icon @Mawg0ud CVE-2021-42114, CVSS score: 9.0 — known as "#Blacksmith" is meant to stimulate bit acrobatics on goal recharge freq… twitter.com/i/web/status/1… 2021-11-17 07:04:06
Twitter Icon @Har_sia CVE-2021-42114 har-sia.info/CVE-2021-42114… #HarsiaInfo 2021-11-17 15:01:04
Twitter Icon @saas_priv CVE-2021-42114、 所詮はrowhammerの亜種だし、せいぜいクラッシュさせるくらいしかできないと思うが。一応警戒しておくか。 gigazine.net/news/20211116-… 2021-11-17 15:51:32
Twitter Icon @trip_elix "RT @TheHackersNews: Researchers demonstrate a new #Rowhammer exploit — dubbed "Blacksmith" (CVE-2021-42114, CVSS s… twitter.com/i/web/status/1… 2021-11-17 17:57:38
Reddit Logo Icon /r/blueteamsec CVE-2021-42114: Modern DRAM devices (PC-DDR4) affected by RowHammer 2021-11-17 15:59:16
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report