[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3693Date: (C)2015-07-03   (M)2024-02-22


Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1032444
SECTRACK-1032755
BID-75495
APPLE-SA-2015-06-30-2
APPLE-SA-2015-06-30-3
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
http://support.apple.com/kb/HT204934
http://support.apple.com/kb/HT204942

CPE    1
cpe:/o:apple:mac_os_x
CWE    1
CWE-254
OVAL    2
oval:org.secpod.oval:def:25312
oval:org.secpod.oval:def:25246

© SecPod Technologies