CVE-2015-0565: 
NaCl vulnerability analysis and mitigation

CVE-2015-0565 is a security vulnerability discovered in Native Client (NaCl) in 2015 that allowed the CLFLUSH instruction to be used, making rowhammer attacks possible. The vulnerability was disclosed in March 2015 and affected NaCl's x86-64 sandbox implementation (Project Zero).

The vulnerability stems from NaCl allowing the use of the x86 CLFLUSH instruction, which can be used to force memory accesses to be sent directly to the underlying DRAM, bypassing the CPU cache. This capability enables rowhammer attacks, where repeated access to specific memory locations can cause bit flips in adjacent memory rows. The vulnerability has a CVSS v3.1 base score of 10.0 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) (NVD).

The vulnerability could allow an attacker to escape from NaCl's x86-64 sandbox and gain the ability to call the host OS's syscalls directly. In a more severe scenario, when combined with other techniques, it could potentially enable privilege escalation to gain kernel-level access (Project Zero).

The vulnerability was mitigated by changing NaCl's x86 validator to disallow the CLFLUSH instruction. This change prevents the rowhammer attack vector from being exploited through NaCl (Project Zero).