Full Disclosure mailing list archives
'Rowhammer' - Software-triggered DRAM corruption
From: Nick Boyce <nick.boyce () gmail com>
Date: Thu, 12 Mar 2015 16:00:20 +0000
(I'm just posting the news - haven't seen this here yet) A team of Google security researchers recently reported on discoveries they have made over the last few months which show it is possible to alter contents of DRAM locations by simply *reading* the contents of neighbouring locations. Using this technique they were able to develop an exploit which modified page tables to allow write access to the whole of physical memory and thus take complete control of the system. This is operating-system-agnostic. "As DRAM manufacturing scales down chip features to smaller physical dimensions, to fit more memory capacity onto a chip, it has become harder to prevent DRAM cells from interacting electrically with each other. As a result, accessing one location in memory can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells" Ouch. http://googleprojectzero.blogspot.co.uk/2015/03/exploiting-dram-rowhammer-bug-to-gain.html?m=1 The current saving grace appears to be that the attack only works against DDR3 RAM - less dense DDR2 circuitry is not susceptible, and DDR4 circuit designs contain mitigations against the attack (which implies the manufacturers have known about this for some time). The authors state that ECC does not help, which is puzzling. Also, this may only affect SODIMMs, not DIMMs, as Google was only able to make the attack work on laptops - desktop machines so far remaining unaffected. [I *knew* it was a good idea to hang on to that old Athlon XP desktop :-)] Fetch the popcorn ? Nick -- "Yes, that's all nice ... but can it check the quality of the music, and improve it along the way, if the music sucks ?" iptables -A INPUT -m state --state BIEBER -j DROP http://tech.slashdot.org/comments.pl?sid=6946741&cid=49024417 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- 'Rowhammer' - Software-triggered DRAM corruption Nick Boyce (Mar 12)
- Re: 'Rowhammer' - Software-triggered DRAM corruption Aris Adamantiadis (Mar 12)
- Re: 'Rowhammer' - Software-triggered DRAM corruption fulldisclosure (Mar 16)
- Re: 'Rowhammer' - Software-triggered DRAM corruption Dirk-Willem van Gulik (Mar 16)
- Re: 'Rowhammer' - Software-triggered DRAM corruption Nick Boyce (Mar 16)
- Re: 'Rowhammer' - Software-triggered DRAM corruption fulldisclosure (Mar 16)
- Re: 'Rowhammer' - Software-triggered DRAM corruption Aris Adamantiadis (Mar 12)