dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
246

rchandra
Stargate Universe fan
Premium Member
join:2000-11-09
14225-2105
ARRIS ONT1000GJ4
EnGenius EAP1250

rchandra

Premium Member

new hardware based exploit: row hammer

Now you can't even rely on the underlying hardware sometimes. With semiconductor feature size shrink making individual features closer and closer together, we are starting to see the ability of one circuit to affect adjacent ones. In this case, rapidly manipulating one DRAM row in quick succession might cause bit flips in adjacent rows. If this adjacent row happens to be something like an Intel architecture descriptor table (GDT, LDT), you might be able to gain access to regions of the address space not otherwise possible, including everything.

»en.wikipedia.org/wiki/Row_hammer

»users.ece.cmu.edu/~yoong ··· ca14.pdf

»googleprojectzero.blogsp ··· ain.html

From the discussions I've seen, ECC RAM mitigates it somewhat, but not completely.