Allow me to save some time, from TFA:
> Is there a CVE number?
> Yes, see CVE-2019-0174 .
> What is RAMBleed?
> Previous attacks exploited the Rowhammer effect to write (or flip) bits in the victim's memory. RAMBleed is different in that it uses Rowhammer for reading data stored inside the computer's physical memory. As the physical memory is shared among all process in the system, this puts all processes at risk.
> What data can be read by RAMBleed?
> While the end-to-end attack we demonstrated read out OpenSSH 7.9's RSA key, RAMBleed can potentially read any data stored in memory. In practice, what can be read depends on the victim program's memory access patterns.
> What technologies are affected by RAMBleed?
> RAMBleed relies on Rowhammer-induced bit flips to read privileged memory. As such, any system that uses Rowhammer-susceptible DIMMs is vulnerable. Previous research has demonstrated bit flips on both DDR3 and DDR4 with TRR (targeted row refresh) enabled. While we demonstrated our attack on a desktop machine and an ECC enabled server machine, Rowhammer attacks have been demonstrated against both mobile devices and laptops. As such, we suspect that many classes of computers are susceptible to RAMBleed.
> How can I mitigate this issue?
> Users can mitigate their risk by upgrading their memory to DDR4 with targeted row refresh (TRR) enabled. While Rowhammer-induced bit flips have been demonstrated on TRR, it is harder to accomplish in practice.
> Memory manufacturers can help mitigate this issue by more rigorously testing for faulty DIMMs. Furthermore, publicly documenting vendor specific TRR implementations will facilitate a stronger development process as security researchers probe such implementations for weaknesses.
I think the marketing campaigns are awesome. Makes it much easier to get resources to fix.
But sometimes it seems to be stretched to the point of making you feel nauseated and cause extreme distraction (which can be the point in some cases, though). Still, I wish some of the less egregious issues were described with a little less hysteria, while still conveying their seriousness. (Maybe it's my weariness of dealing with them is speaking here.)
But there really isn't any other good options.