Exploiting the DRAM rowhammer bug to gain kernel privileges
Exploiting the DRAM rowhammer bug to gain kernel privileges
The Project Zero blog looks
at the "Rowhammer" bug. "“Rowhammer” is a problem with some
recent DRAM devices in which repeatedly accessing a row of memory can cause
bit flips in adjacent rows. We tested a selection of laptops and found that
a subset of them exhibited the problem. We built two working privilege
escalation exploits that use this effect. One exploit uses
rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when
run as an unprivileged userland process. When run on a machine vulnerable
to the rowhammer problem, the process was able to induce bit flips in page
table entries (PTEs). It was able to use this to gain write access to its
own page table, and hence gain read-write access to all of physical
memory.
" (Thanks to Paul Wise)