Last March it was published information about this hardware vulnerability
https://security-tracker.debian.org/tracker/CVE-2020-10255
Since Purism hardware uses DDR4 DRAM chips, I ask which products are affected.
In case, I suppose that it will not be easy to replace DDR4 DRAM chip in Librem 5 as it is in laptops.
1 Like
Since this is largely a privilege escalation issue, or similar, for a local attacker, … for the majority of Purism’s devices, the goal would be to avoid local attackers in the first place rather than worrying about what those local attackers can do once they have gained access.
Of course, defense in depth is always good, so still better to avoid this specific attack if possible.
From the description in the CVE, a better question might be: are any memory chips not vulnerable to one or both attacks (RowHammer or the attack against the mitigation for RowHammer)? Hynix, Micron and Samsung together probably account for the substantial majority of all memory chips produced in the world each year.
If the answer to this question is “no” then the answer to your original question is “all”. Right? And you could stop reading. Otherwise …
You might start by opening up your Librem laptop and seeing what memory chips it has - which is sort of what the CVE is really telling you to do.
If there are any chips that are not vulnerable, you are free to replace the module yourself - as various users have done.