CVE-2015-0565

NameCVE-2015-0565
DescriptionNaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nacl (PTS)jessie20110221-4.1vulnerable
stretch20110221-5vulnerable
bullseye, sid, buster20110221-6.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
naclsource(unstable)(unfixed)unimportant

Notes

https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=284
Limited impact, and for chromium itself the CLFLUSH instruction has been
disalowed.

Search for package or bug name: Reporting problems