Half-Double: A New DRAM Rowhammer Vulnerability | #linux | #linuxsecurity


The Rowhammer security exploit affecting DRAM memory modules has a new chapter with Google now detailing “half-double” as a new technique for exploit of system memory.

Google security researchers discovered Half-Double as a new technique that “capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory.”

Traditionally, Rowhammer was understood to operate at a distance of one row: when a DRAM row is accessed repeatedly (the “aggressor”), bit flips were found only in the two adjacent rows (the “victims”). However, with Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength. Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to “transport” the Rowhammer effect of A onto C. Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate. This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable.

The Half-Double vulnerability affects current DDR4 system modules and Google has been working with JEDEC on new mitigation techniques.

More details on the Half-Double vulnerability via the Google Security Blog and the Half-Double whitepaper.



Original Source link

Leave a Reply

Your email address will not be published.

thirty five − 25 =