Rowhammer Flaw-An Unusual DRAM Bug yields Kernel read-write Access.

Rowhammer flaw is Exceptional bug found in DRAM. This exploits complete physical memory of x86-64 Linux machines by contentiously accessing DRAM memory row till it turns into Bit Flips in adjacent rows. This Bug has been found in DDR3 and DDR4 DRAM memory devices.

A Malicious Attacker can collect the data like machine password and access the main memory content through vulnerable Storage devices.

rowhammer-flaw

 How Rowhammer flaw induce Bit Flip?

Rowhammer manipulates DRAM Memory rows and force for repeated reading and recharge the capacitors in DRAM Chip, when attacker use the machine code instruction CLFLUSH to clear the cache. Overload of CLFLUSH process will cause Bit Flipping and infect the neighboring capacitors.

An Organization built two working privileges to test the effects of Rowhammer bug. When The memory rows are accessed by unauthorized user, the bit flips into adjacent rows and gained complete ketnel privileges. When accessed by authorized user the bit flips infected the page table entries of machine vulnerable to Rowhammer problem. Hence an attacker gets Both Read-write access to the physical machine.

Schemes to prevent Rowhammer flaw

 As DRAM are important Storage chip of most electronic devices, basic machine security settings and Operating System updates wont work out to vanish the Rowhammer flaw from machine. There are some hardware implement mitigations come into action here.
  • Use of LPDDR4(Low Power DDR4) – a latest standard of DRAM with 2 rowhammer mitigation schemes used on memory controllers. Refresh the neighboring rows through Targeted Row Refresh(TRR) mode. Where Maximum Activate count(MAC) metadata field is used to activate number of rows before neighboring rows need refreshing.
  • Most modern CPUs are capable to monitor the cache misses. When truly cache-pessimal access patterns increase in numbers and heavy load on machine, use Intrusion detection system to take necessary action.
  • rowhammer_escape_test.c can be compiled and run as a Linux executable. In this case, it tests each possible bit flip in its code template, checking that each is handled correctly.

VPS9 Networks is providing highly configured Linux hosting solutions with latest hardware implements and Updated Operating System versions. Our Unmetered dedicated servers are configured using latest DDR3 and DDR4 memory devices. Get customized hosting plan with best of hosting features.

Leave a Reply

Your email address will not be published. Required fields are marked *