Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Category : 7PK - Security Features Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C | [email protected] |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 36311
Date de publication : 2015-03-08 23h00 +00:00
Auteur : Google Security Research
EDB Vérifié : Yes
Sources:
http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
https://code.google.com/p/google-security-research/issues/detail?id=284
Full PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36311.tar.gz
This is a proof-of-concept exploit that is able to escape from Native
Client's x86-64 sandbox on machines that are susceptible to the DRAM
"rowhammer" problem. It works by inducing a bit flip in read-only
code so that the code is no longer safe, producing instruction
sequences that wouldn't pass NaCl's x86-64 validator.
Note that this uses the CLFLUSH instruction, so it doesn't work in
newer versions of NaCl where this instruction is disallowed by the
validator.
There are two ways to test the exploit program without getting a real
rowhammer-induced bit flip:
* Unit testing: rowhammer_escape_test.c can be compiled and run as a
Linux executable (instead of as a NaCl executable). In this case,
it tests each possible bit flip in its code template, checking that
each is handled correctly.
* Testing inside NaCl: The patch "inject_bit_flip_for_testing.patch"
modifies NaCl's dyncode_create() syscall to inject a bit flip for
testing purposes. This syscall is NaCl's interface for loading
code dynamically.
Mark Seaborn
[email protected]
March 2015
Products Mentioned
Configuraton 0
Apple>>Mac_os_x >> Version To (including) 10.10.3
- Apple>>Mac_os_x >> Version - (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.0.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.1.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.2.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.3.9 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.9 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.10 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.4.11 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.5.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.6 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.7 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.6.8 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.7.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.8.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.3 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.4 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.9.5 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.0 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.1 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.2 (Open CPE detail)
- Apple>>Mac_os_x >> Version 10.10.3 (Open CPE detail)
Références
http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Tags : x_refsource_MISC
Tags : x_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
2025©
tesweb SA
