Rowhammer DRAM-based privilege escalation exploit

metaschima · 03-11-2015, 11:21 AM

This is a very interesting new exploit discovered by Google:
https://threatpost.com/rowhammer-har...ops-pcs/111532

Quote:

Now, it is hardware’s turn in the spotlight, as researchers have published details of a new method for exploiting a problem with some DRAM memory devices that can allow attackers to get low-level access to target machines.

The problem is being called “rowhammer”, as it’s a method for repeatedly hammering on rows of cells of memory in DRAM devices to induce cells to flip from one state to another. Using a new technique to exploit the rowhammer issue, researchers at Google were able to produce these bit flips in cells and gain kernel-level privileges. Security researchers say the technique is some of the more important work done on exploitation in recent years and could affect a huge number of laptops and desktop machines.

Other articles:
http://googleprojectzero.blogspot.co...g-to-gain.html
http://arstechnica.com/security/2015...dram-weakness/

Proof of concept, READ THE WARNINGS:
https://github.com/google/rowhammer-test
Backup your data, and do NOT run this on a production machine.

I've run it for 2000 iterations and no exploit. This doesn't mean that my RAM is secure tho. Again, read all the warnings.

EDIT:
For a safer alternative program, use memtest86 v6.0.0. It has a hammer test.

veerain · 03-11-2015, 12:12 PM

It happens with specific ram modules only.

metaschima · 03-11-2015, 12:20 PM

Quote:

Originally Posted by veerain

It happens with specific ram modules only.

From Google's tests about 50% of RAM modules tested.

I've stopped at 2200 iterations, no exploit. My RAM is:
Corsair Dominator Platinum 8GB (2x4GB) DDR3 1600 MHz (PC3 12800) Desktop Memory (CMD8GX3M2A1600C8)

metaschima · 03-11-2015, 05:15 PM

Memtest86 v6.0.0 has a hammer test, but it only boots on UEFI systems. My RAM also passes that. The RAM on my Atom system also passes with:
Transcend TK483PCW3 2GB DDR3-1333