Cisco wipes its memory from susceptible-to-Row Hammer list
Make sure you use only original spares …
Cisco has worked through data centre and switch products that may have been vulnerable to the Row Hammer vulnerability, and decided there's nothing with the bridge brand on the front that's subject to the bug.
Back at the beginning of the month, Google cheerily announced to the world that writing and re-writing memory in DRAMs could force capacitor errors.
Hammering one row, the report found, could corrupt data in an adjacent row – which if exploited correctly could have resulted in giving kernel-level privilege to normal user-space programs.
When it first announced it was looking at the issue, The Borg said only a “limited number of products” allowed unprivileged users to load and execute binaries. These included a handful of Nexus, web security and e-mail security products running various IOS or ASA software.
Cisco now says “this issue is not exploitable on devices that are equipped with ECC DDRAM and have the ECC checking options enabled in their BIOS” – which is the default configuration.
All Cisco UCS products have been cleared if they're using Cisco DIMMs, but if users have installed non-Cisco DIMMs, these could be vulnerable. ®