CVE-2015-0565

CRITICAL

Google Native Client - Memory Corruption via CLFLUSH Instruction

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-0565. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits the DRAM 'rowhammer' vulnerability to escape Native Client's x86-64 sandbox by inducing bit flips in read-only code. It leverages the CLFLUSH instruction to manipulate memory, bypassing NaCl's validator.

Description

NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocallinux_x86-64

https://www.exploit-db.com/exploits/36311

View Code ZIP pw:eip

This PoC exploits the DRAM 'rowhammer' vulnerability to escape Native Client's x86-64 sandbox by inducing bit flips in read-only code. It leverages the CLFLUSH instruction to manipulate memory, bypassing NaCl's validator.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Native Client (NaCl) x86-64 sandbox

No auth needed

Prerequisites: Vulnerable DRAM hardware · CLFLUSH instruction enabled in NaCl

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocallinux_x86-64

https://www.exploit-db.com/exploits/36310

View Code ZIP pw:eip

This is a proof-of-concept exploit for CVE-2015-0565, leveraging the DRAM 'rowhammer' vulnerability to gain kernel privileges on x86-64 Linux systems by inducing bit flips in page table entries (PTEs). It includes a test mode for development using /dev/mem and is designed to run as an unprivileged userland process.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (x86-64, with CONFIG_STRICT_DEVMEM disabled)

No auth needed

Prerequisites: x86-64 Linux system · DRAM susceptible to rowhammer · CONFIG_STRICT_DEVMEM disabled for test mode

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/36310/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/36311/

Exploit x_refsource_misc

https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

Scores

CVSS v3 10.0

EPSS 0.0685

EPSS Percentile 91.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

google/native_client 2015

Published Feb 25, 2020

Tracked Since Feb 18, 2026