LVI-LFB (Load Value Injection in the Line Fill Buffers) is tracked as CVE-2020-0551 and is described as a reverse Meltdown-type attack.
Security researchers have uncovered two new vulnerabilities that can be a matter of concern for chip manufacturers. The new vulnerabilities are tracked as TRS-bypassing Rowhammer and Load Value Injection.
About TRS-bypassing Rowhammer
Target Row Refresh (TRR)-bypassing Rowhammer is a new vulnerability discovered by VUSec Lab. The flaw is tracked as CVE-2020-10255 and bypasses the suggested collective mitigation methods called ‘Target Row Refresh’ (TRR).
TRR is a combination of software and hardware fixes that have been slowly added to the design of modern RAM cards after 2014 when academics disclosed the first-ever case of a Rowhammer attack.
Apart from affecting DDR3 and DDR4 memory chips, the flaw also affects LPDDR4 and LPDDR4X chips embedded in most of modern smartphones. With the discovery of this new vulnerability, millions of devices remain vulnerable to Rowhammer vulnerability again. The s LPDDR4 memory cards are used inside Google, LG, OnePlus and Samsung smartphones.
In order to understand the intensity of the vulnerability, researchers created a tool called TRRespass to identify new row patterns that can be hammered like before.
The tool was tested on 43 DIMMs (Dual In-line Memory Module) and researchers found that 13 DIMMs from the three major DRAM vendors (Samsung, Hynix, and Micron) are vulnerable to the new variations of Rowhammer.
About LVI-LFB vulnerability
LVI-LFB (Load Value Injection in the Line Fill Buffers) is a new vulnerability that affects many processors made by Intel. The vulnerability is tracked as CVE-2020-0551 and is described as a reverse ..
Support the originator by clicking the read the rest link below.
