Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploiting the DRAM Rowhammer Bug To Gain Kernel Privileges

Posted by Soulskill on from the flipping-tables-over-flipped-bits dept.

New submitter netelder sends this excerpt from the Project Zero blog: 'Rowhammer' is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access (PDF) to all of physical memory.

4 of 180 comments (clear)

  1. Re:Frist Psot!! by grcumb · · Score: 5, Funny

    I got First Post!!!!!!! Yippppppeeeeeeee!!!!!!!!

    And I don't even know what a DRAM rowhammer is!!!!!!!!!!

    Dude, guess what? We row-hammered you into second place. Now excuse me while I flip you the bit. :-)

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  2. Re:Deja vu... by ArcadeMan · · Score: 5, Funny

    Alright, alright! We're getting off your lawn!

    --
    Get free satoshi (Bitcoin) and Dogecoins
  3. Re: Thanks to Wang by fuzzyfuzzyfungus · · Score: 5, Funny

    That sounds like a real dick move on their part.

  4. Re: ECC Memory by An+ominous+Cow+art · · Score: 5, Funny

    Now that's insideous!

    It takes 2 bit changes to change 'i' to 'e', so your problems are worse than you thought...