Re: 'Rowhammer' - Software-triggered DRAM corruption

[Nick Boyce <nick.boyce () gmail com>]

On 12 March 2015 at 20:31, Aris Adamantiadis <aris () badcode be> wrote:
> Le 12/03/15 17:00, Nick Boyce a écrit :
>
> > ... Google was only able to make the attack
> > work on laptops - desktop machines so far
> > remaining unaffected.
> >
> > [I *knew* it was a good idea to hang on to
> > that old Athlon XP desktop :-)]
> There are countless reports of the attack
> working on desktops. It worked on one of
> the two non-ecc desktops I've tried it on.
> It's an AMD FX 8150.

Damn - that's disappointing :-/
I see you're right - there's a lot of activity:
https://groups.google.com/group/rowhammer-discuss/

> > The authors state that ECC does not help,
> > which is puzzling.

This post:
http://blog.erratasec.com/2015/03/some-notes-on-dram-rowhammer.html
explains that ECC is only going to correct single bit fails, and
likely crash the machine on double-bit fails, but that multi-bit fails
(which the Google tool achieves) may evade the ECC and achieve the
goal.

https://github.com/google/rowhammer-test

I'm off to find some machines to test.

Nick
-- 
Coding is easy;  All you do is sit staring at a terminal until the drops
of blood form on your forehead.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/