Many DDR3 Modules Vulnerable To Bit Rot By a Simple Program

New submitter Pelam writes: Researchers from Carnegie Mellon and Intel report that a large percentage of tested regular DDR3 modules flip bits in adjacent rows (PDF) when a voltage in a certain control line is forced to fluctuate. The program that triggers this is dead simple — just two memory reads with special relative offset and some cache control instructions in a tight loop. The researchers don't delve deeply into applications of this, but hint at possible security exploits. For example a rather theoretical attack on JVM sandbox using random bit flips (PDF) has been demonstrated before.

Many DDR3 modules?

[ArcadeMan]

This is all very interesting but totally pointless! Which modules? Tell us the brands, model names, manufacturer numbers?

Re:Many DDR3 modules?

[DigiShaman]

FTFP. "We induce errors in most DRAM modules (110 out of 129) from three major DRAM manufacturers."

Short version, leakage current from adjacent gates can nudge other to bit-flip. I don't think this is a manufacturing problem as it is a fundamental EE design oversight. So yeah, defective by design (unintentionally)!!

Re:Many DDR3 modules?

[Rei]

If you're wanting to narrow it down, you won't like this line from the paper:

In particular, all modules manufactured in the past two years (2012 and 2013) were vulnerable,

It's pretty clever, and something I always wondered whether would be possible. They're exploiting the fact that DRAM rows need to be read every so often to refresh them because they leak charge, and eventually would fall below the noise threshold and be unreadable. Their exploit works by running code that - by heavily, cyclicly reading rows - makes adjacent rows leak faster than expected, leading to them falling below the noise threshold before they get refreshed.

Re:Many DDR3 modules?

[DigiShaman]

True, and commodity chips not to exact spec will introduce disturbance errors. But apparently this is been a known problem with DRAM with various method of mitigation during the binning process. It's just that density and tolerances have become so tight that the issue is now exasperated. I wouldn't be surprised at all if those 19 models also had a few that failed if tested again and again.

Honest. General computing from low-end PCs, phones, and other devices are long overdue in employing ECC by default. So you lose capacity and tiny performance hit. BFD if that means your data doesn't become corrupted. The only people that would care are the PC gaming benchmark queens.

Re:Many DDR3 modules?

[MightyYar]

Climate change... [ducks].

Re:good news for ECC memory makers

[Rei]

According to the paper, EEC only reduces but does not eliminate the problem (section 6.3). Multiple bits can be corrupted at once.

Re:good news for ECC memory makers

[sshir]

At least with ECC you'll get _some_ feedback (it's random so it will pop from time to time) indicating that something fishy is going on. With regular ram all corruptions are silent so you'll get random crashes that will drive you crazy...

Re:Does the cache control commands require root ac

[PhrostyMcByte]

No. These are standard instructions that many apps require to function correctly when using multiple threads. Even if you aren't using them directly, at least some of the APIs you use most certainly are.

Not theoretical. It's hogwash.

This is ridiculous. Realistically, when have you ever run into a situation where stib teg ylirartibra deppilf?

Known issue

This has been know for some time. It's been referred to as "Row Hammer" and has been discussed at length by Intel and DRAM manufacturers.

https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#safe=off&q=intel%20row%20hammer

I've seen it cause multi-bit errors in ECC systems