“Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
Exploiting the DRAM rowhammer bug to gain kernel privileges
http://googleprojectzero.blogspot.de/20 ... -gain.html
»Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors«.
http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf
»Using Memory Errors to Attack a Virtual Machine«
https://www.cs.princeton.edu/~appel/papers/memerr.pdf
Program for testing for the DRAM "rowhammer" problem
https://github.com/google/rowhammer-test
Sada je: 18 tra 2024, 16:58.
Moderator/ica: Moderatori/ce
1 post
• Stranica: 1/1.
"The quieter you become, the more you are able to hear...."
1 post
• Stranica: 1/1.
Na mreži
Trenutno korisnika/ca: / i 34 gostiju.
Powered by phpBB © phpBB Group.
phpbb.com.hr
Dizajn by:linuxzasve.com
Vremenska zona: UTC + 01:00