Security News > 2021 > November > When the world ends, all that will be left are cockroaches and new Rowhammer attacks: RAM defenses broken again
Boffins at ETH Zurich, Vrije Universiteit Amsterdam, and Qualcomm Technologies have found that varying the order, regularity, and intensity of rowhammer attacks on memory chips can defeat defenses, thereby compromising security on any device with DRAM. The vulnerability, tracked as CVE-2021-42114 with a severity of 9 out of 10, means that pretty much any shared workload on physical hardware is potentially susceptible to a rowhammer attack, even if the device in question relies on a memory defense known as Target Row Refresh.
Around 2014 [PDF], computer researchers associated with Carnegie Mellon and Intel revealed that by "Hammering" RAM chips with write operations, they could flip bits stored in adjacent memory rows, creating errors that can be exploited to gain access to kernel memory, to elevate privileges, and to break the isolation between virtual machines and the host.
In a paper [PDF] titled "BLACKSMITH: Scalable Rowhammering in the Frequency Domain," co-authors Patrick Jattke, Victor van der Veen, Pietro Frigo, Stijn Gunter, and Kaveh Razavi describe their efforts to randomize the parameters of rowhammer attacks by hammering memory rows using different phases, frequencies, and amplitudes.
"Blacksmith finds complex patterns that trigger Rowhammer bit flips on all 40 of our recently-purchased DDR4 DIMMs, 2.6× more than state of the art, and generating on average 87× more bit flips," their paper explains.
Rowhammer requires local access to the target hardware, or did until 2016, when the technique was refined [PDF] so it could be conducted over the internet using JavaScript in a web browser.
An organization called JEDEC has been developing memory specifications to mitigate rowhammer attacks, but so far doesn't have much to show for its efforts.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/11/15/rowhammer_blacksmith_memory/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-16 | CVE-2021-42114 | Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. | 7.9 |