Submission + - Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges (blogspot.com) 2
netelder writes: “Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
Some might recall the IBM ... (Score:2)
Some might recall a bug in an older IBM system
where a single transistor could be abused by
a hand crafted bit of assembler which resulted
in a thermal damaged transistor.
IIRC a clip on heatsink fixed the problem but at
the time some CS students had trouble with their
final projects...
Interesting... bust out the heat spreaders and capacitors.
Rowhammer in MemTest86 & on Slashdot (Score:1)
It is worth noting that the row hammer issue isn't new. It as been known about for some time. Including this old Slashdot post
http://hardware.slashdot.org/s... [slashdot.org]
There has been an implementation of row hammer testing in MemTest86 V6.0 for over 6 months now as well. MemTest86 implements just the single sided hammer, whereas Google used a double sided hammer.
http://www.memtest86.com/ [memtest86.com]
While the double hammer might produce more RAM errors, this pattern of memory accesses isn't very likely to occur in real life soft