Slashdot Mirror

← Back to Stories (view on slashdot.org)

Many DDR3 Modules Vulnerable To Bit Rot By a Simple Program

Posted by Soulskill on from the flipping-bits-for-fun-and-profit dept.

New submitter Pelam writes: Researchers from Carnegie Mellon and Intel report that a large percentage of tested regular DDR3 modules flip bits in adjacent rows (PDF) when a voltage in a certain control line is forced to fluctuate. The program that triggers this is dead simple — just two memory reads with special relative offset and some cache control instructions in a tight loop. The researchers don't delve deeply into applications of this, but hint at possible security exploits. For example a rather theoretical attack on JVM sandbox using random bit flips (PDF) has been demonstrated before.

4 of 138 comments (clear)

  1. Re:Many DDR3 modules? by Rei · · Score: 5, Informative

    If you're wanting to narrow it down, you won't like this line from the paper:

    In particular, all modules manufactured in the past two years (2012 and 2013) were vulnerable,

    It's pretty clever, and something I always wondered whether would be possible. They're exploiting the fact that DRAM rows need to be read every so often to refresh them because they leak charge, and eventually would fall below the noise threshold and be unreadable. Their exploit works by running code that - by heavily, cyclicly reading rows - makes adjacent rows leak faster than expected, leading to them falling below the noise threshold before they get refreshed.

    --
    I am a proud traitor to my species in alliance with my mother the Earth in opposition to those who would destroy her.
  2. Re:good news for ECC memory makers by Rei · · Score: 3, Informative

    According to the paper, EEC only reduces but does not eliminate the problem (section 6.3). Multiple bits can be corrupted at once.

    --
    I am a proud traitor to my species in alliance with my mother the Earth in opposition to those who would destroy her.
  3. Re:Does the cache control commands require root ac by PhrostyMcByte · · Score: 5, Informative

    No. These are standard instructions that many apps require to function correctly when using multiple threads. Even if you aren't using them directly, at least some of the APIs you use most certainly are.

  4. Known issue by Anonymous Coward · · Score: 5, Informative

    This has been know for some time. It's been referred to as "Row Hammer" and has been discussed at length by Intel and DRAM manufacturers.

    https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#safe=off&q=intel%20row%20hammer

    I've seen it cause multi-bit errors in ECC systems