Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation


  • Please log in to reply
4 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:37 PM

Posted 10 March 2015 - 03:47 PM

 

Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips and gaining higher kernel privileges on the system.
 
The technique, dubbed "rowhammer", was outlined in a blog post published Monday by Google's Project Zero security initiative, a team of top security researchers dedicatedly identifies severe zero-day vulnerabilities in different software.
 
Rowhammer is a problem with recent generation DRAM chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row which could allow anyone to change the value of contents stored in computer memory.
 
 

WHAT IS ROWHAMMER BUG
DDR memory is arranged in an array of rows and columns, which are assigned to various services, applications and OS resources in large blocks. In order to prevent each application from accessing the memory of other application, they are kept in a "sandbox" protection layer.
 
However, Sandbox protection can be bypassed using Bit flipping technique in which a malicious application needs to repeatedly access adjacent rows of memory in a tiny fraction of a second.
 
As a result, hammering two aggressor memory regions can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells.
DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation

BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:37 PM

Posted 11 March 2015 - 03:59 PM

Program for testing for the DRAM "rowhammer" problem

The test should work on Linux or Mac OS X, on x86 only.

 

 

https://github.com/google/rowhammer-test
 



#3 j4m3s

j4m3s

  • Members
  • 287 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 12 March 2015 - 08:29 AM

This is actually pretty cool (you know, aside from the fact that it can be used maliciously). Most vulnerabilities exploit software weaknesses, but these researchers are actually manipulating the hardware physically. It's pretty amazing.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:37 PM

Posted 12 March 2015 - 03:12 PM

Most vulnerabilities exploit software weaknesses, but these researchers are actually manipulating the hardware physically. It's pretty amazing.

 

Yup, and they do it with software.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 28 July 2015 - 07:06 PM

A new wrinkle to Rowhammer

 

Previously, taking advantage of Rowhammer required local program execution on a computer—in other words, the computer already needed to be partly compromised. But now, any webpage can potentially exploit Rowhammer to arbitrarily access your data, perhaps even by gaining full control over the computer. And again, it doesn’t matter what operating system you’re using, since the problem is in the physical circuits of your memory chips. As the security researchers explain, it is “the first remote software-induced hardware-fault attack.”

Rowhammer wouldn’t be so scary, however, if it could be exploited only locally, by downloading malware. But the authors of this new paper found a way to trigger Rowhammer simply through Javascript on a webpage—the scripting language used by almost every site todayYet browsers can’t patch the bug because there’s nothing they can patch. It would take a BIOS firmware update, beyond most users’ capacity to install, to fix the problem on vulnerable systems. Otherwise, the best one can do is mitigate the issue by turning off Javascript on untrusted sites. The paper mentions the possibility of slowing down Javascript in the browser to reduce vulnerability to Rowhammer, but Gruss told me he considers browsers unlikely to take such a performance hit.

 

Article






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users