Security News > 2023 > July > Serious Security: Rowhammer returns to gaslight your computer

Serious Security: Rowhammer returns to gaslight your computer
2023-07-10 21:22

The bad news here is that, because reading from DRAM forces the hardware to write the data back to the same memory cells right away, you only need read access to a particular bunch of memory cells in order to trigger low-level electronic rewrites of those cells.

Simply put, merely by reading from the same block of DRAM memory over and over in a tight loop, you automatically cause it to be rewritten at the same rate, thus greatly increasing the chance that you'll deliberately, if largely unpredictably, induce one or more "Bit flips" in nearby memory cells.

Many modern DRAM chips have extra smarts built into their memory refresh hardware these days, including a mitigation called TRR. This system deliberately and automatically rewrites the storage capacitors in any memory lines that are close to memory locations that are being accessed repeatedly.

Intriguingly, a paper recently published by researchers at the University of California, Davis investigates the use of rowhammering not for the purpose of breaking into a computer by modifying memory in an exploitable way and thereby opening up a code execution security hole.

Ironically, a memory module that gets worse over time at resisting the bit-flip side-effects of rowhammering will, in theory at least, become more and more vulnerable to code execution exploits, because ongoing attacks will gradually trigger more and more bit-flips, and thus probably open up more exploitable memory corruption opportunties.

Firstly, the Cenaturi code needs the privilege to flush the CPU memory cache on demand, so that every memory read really does trigger electrical access to directly to a DRAM chip.


News URL

https://nakedsecurity.sophos.com/2023/07/10/serious-security-rowhammer-returns-to-gaslight-your-computer/