CVE-2021-42114

Name of the Vulnerable Software and Affected Versions Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by this issue.

Description The vulnerability is related to the internal Target Row Refresh (TRR) mitigation against Rowhammer attacks in modern DRAM devices. Novel non-uniform Rowhammer access patterns can trigger bit flips on affected memory modules, allowing attackers to exploit Rowhammer even when using chips advertised as Rowhammer-free. This enables privilege-escalation attacks against the kernel or binaries and triggering bit flips in RSA-2048 keys to gain cross-tenant virtual-machine access. All 40 PC-DDR4 DRAM devices in the test pool, covering the three major DRAM manufacturers (Samsung, SK Hynix, and Micron), are affected by this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.