Exploiting The Dram Rowhammer Bug to Gain Kernel Privileges

by Mark Seaborn, Halvar Flake
Sept. 18, 2017 1 comment Black Hat belen_caty Pen Testing & Audits

"Rowhammer" is a problem with DRAM in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. While the industry has known about the problem for a while and has started mitigating the problem in newer hardware, it was rarely mentioned in public until the publication of Yoongu Kim et al's paper in the summer of 2014 which included hard data about the prevalence of the problem. In spite of the paper's speculations about the exploitability of the issue, most people still classified rowhammer as only a reliability issue - the probabilistic aspect of the problem seems to have made people think exploitability would be impractical. We will discuss the details of our two exploits cause and use bit flips, and how the rowhammer problem can be mitigated. We will explore whether it is possible to cause row hammering using normal cached memory accesses.


Steven Ulm 8 months, 1 week ago

I like your approach towards the subject, but in my opinion some things could be slightly improved (like the row hammering using normal cached memory accesses part).