Published:2020/03/12 Last Updated:2020/04/17
JVNVU#99239584
Rowhammer attacks for TRR equipped DDR4 memory systems
Overview
A research shows that Rowhammer attack is still possible against TRR (Target Row Refresh) equipped DDR4 memory systems.
Products Affected
- TRR (Target Row Refresh) equipped DDR4 memory systems
Description
Recent DDR4 memory systems are equipped with TRR (Target Row Refresh) as a mitigation to Rowhammer attack.
A research group analysed internals of several memory systems and published the findings:
- there are variations for TRR implementation
- Rowhammer attack can be still possible to TRR equipped memory systems, using memory access patterns adapting to each TRR implementation
Impact
Rowhammer attack may be possible to TRR (Target Row Refresh) equipped memory systems.
Solution
JPCERT/CC is currently unaware of a practical solution to this problem.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| FUJITSU LIMITED | Not Vulnerable, investigating | 2020/04/17 | |
| Japan Digital Design, Inc | Vulnerability Information Provided | 2020/03/12 | |
| NEC Corporation | Not Vulnerable, investigating | 2020/03/12 | |
| RICOH COMPANY, LTD. | Vulnerability Information Provided | 2020/03/12 | |
| Sharp Corporation | Vulnerability Information Provided | 2020/03/12 | |
| Sony Corporation | Vulnerability Information Provided | 2020/03/12 | |
| SOURCENEXT CORPORATION | Not Vulnerable | 2020/03/12 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2020-10255 |
| JVN iPedia |
Update History
- 2020/03/12
- SOURCENEXT CORPORATION update status
- 2020/04/13
- FUJITSU LIMITED update status
- 2020/04/17
- FUJITSU LIMITED update status