DRAM rowhammer is a very strange hardware vulnerability which, in turn, opens the door to software vulnerabilities. In short, it allows an attacker to change a flip bits in a physical memory address, without accessing that address. Instead, the attacker writes one or more neighboring addresses in a DRAM, and, in some cases, the bits in another address will flip.
Successful attacks from user mode using this vulnerability can:
- elevate user privileges
- break security sandboxes
- forge new private keys
“NUMA also allows for greater opportunities to exploit Rowhammer”.
Note that this is a hardware failure, most software, even some security-oriented one, are not able to cope with this type of hardware-based attack. The vulnerability has been introduced in recent years due to the growing use of smaller memory cells, to enable memory-chips with more capacity.
- Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors
- Exploiting the DRAM rowhammer bug to gain kernel privileges
- Program for testing for the DRAM “rowhammer” problem
- Are virtualized environments vulnerable to the Row Hammer attack?
- New cloud attack takes full control of virtual machines with little effort
- Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer”
- How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware