Mark Seaborn

**Nome do software vulnerável e versões afetadas: NaCl (versões afetadas não especificadas) Descrição: A vulnerabilidade permite a realização de ataques rowhammer, uma vez que o NaCl permitiu a instrução CLFLUSH em 2015. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Apple Mac EFI versions before 2015-001 OS X versions prior to 10.10.4 **Description** The issue is related to the improper setting of refresh rates for DDR3 RAM, which could facilitate row-hammer attacks. This might allow remote attackers to gain privileges or cause a denial of service due to memory corruption by triggering specific patterns of access to memory locations. **Recommendations** For Apple Mac EFI versions before 2015-001, update to version 2015-001 or later. For OS X versions prior to 10.10.4, update to OS X 10.10.4 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.19.3 **Description** The issue is related to the `pagemap open` function in `fs/proc/task mmu.c` of the Linux kernel, which lacks protection of internal data. This can be exploited by a local attacker to gain access to sensitive information by reading the pagemap file. The exploitation allows local users to obtain sensitive physical-address information. **Recommendations** For Linux kernel versions prior to 3.19.3, update to version 3.19.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the pagemap file to minimize the risk of exploitation.