QID 375724

Date Published: 2021-08-11

QID 375724: Lenovo Rowhammer DDR4 Vulnerability (LEN-31370)

Lenovo DDR4 DRAM has a issue referred to as TRRespass, where researchers demonstrated a method that claims to bypass existing Targeted Row Refresh (TRR) mitigations in non- ECC (Error-Correcting Code) DDR4 DRAM.

Affected Products:
ThinkStation P340 Tiny
ThinkStation P320
ThinkStation P330 Tiny
ThinkStation P320 Tiny
ThinkStation P310
ThinkStation P330
ThinkStation P500
ThinkStation P520/P520c
ThinkStation P700
ThinkStation P900
ThinkStation P920
ThinkPad P50
ThinkPad T470
ThinkPad T480s
QID Detection Logic
: This QID checks if Vulnerable versions of BIOS installed on windows system.

Successful exploitation could compromise confidentiality, integrity and availability

CVSS V3 rated as Critical - 9 severity.

CVSS V2 rated as Critical - 9.3 severity.

Solution

Customers are recommended to update firmware. Refer to LEN-31370 for firmware updates.

Vendor References

LEN-31370 - support.lenovo.com/us/en/product_security/LEN-31370

CVEs related to QID 375724

CVE-2020-10255 |

Software Advisories

Advisory ID	Software	Component	Link
LEN-31370			support.lenovo.com/us/en/product_security/LEN-31370

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].