'Rowhammer' DRAM flaw may impact a large number of computers

Shawn Knight

Posts: 15,256   +192
Staff member

rowhammer dram google memory ddr3 ram flaw project zero hardware bug bit flips

Project Zero, the team of experts Google commissioned to find cybersecurity threats last year, have detailed what’s being described by some as one of the more impressive hardware hacks in recent memory (no pun intended).

Google became aware of an issue known as rowhammer through a paper published last year called Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors.

As described in a blog post by self-professed sandbox builder and breaker Mark Seaborn, rowhammer is a result of DRAM cells getting smaller and closer together over the years. The term describes an effect in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. Only a few short lines of code are needed to generate bit flips.

The Project Zero team performed tests on a selection of readily available x86 laptops and discovered that a large subset of machines exhibited rowhammer-induced bit flips. All of the machines in question were produced between 2010 and 2014 and used DDR3 DRAM.

They are quick to point out, however, that their sample size was not large enough to be considered representative and that a negative result on a given machine doesn’t rule out the possibility of it being susceptible to rowhammer.

The team said the exploit can be used to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. The process was able to induce bit flips in page table entries (PTEs) and as Seaborn added, it was able to use this to gain write access to its own page table and hence gain read-write access to all physical memory.

It’s unclear at this time how many machines are vulnerable to the attack. What’s more, the team doesn’t know how many existing vulnerable systems can be fixed.

Permalink to story.

 
So we've been told, a few random bit flips before the system becomes self-aware and decides to replace you ;) But until it does, I'm gonna continue flipping bits blithely, believing in nothing beyond 1 and 0. Thanks for the heads-up.
 
Obviously some people can't read.... "can be used to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process"
 
NSA, FBI already have backdoors on Windows and MacOS. They only need this kind of secret implementation on linux like open platform :)
 
NSA has commit privileges to linux kernel and some API libraries at least (which aren't even reviewed by linus's team)... what more they need? I mean D'oh? What you think they use infiltration and spies+bribes and unlimited budget for these days?
 
Back