[ Branimir Maksimovic @ 12.03.2020. 04:53 ] @


Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips.

To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh (TRR) that refreshes adjacent rows when a victim row is accessed more than a threshold.

But it turns out 'Target Row Refresh,' promoted as a silver bullet to mitigate rowhammer attacks, is also insufficient and could let attackers execute new hammering patterns and re-enable the bit-flip attacks on the latest hardware as well.



Tracked as CVE-2020-10255, the newly reported vulnerability was discovered by researchers at VUSec Lab, who today also released 'TRRespass,' an open source black box many-sided RowHammer fuzzing tool that can identify sophisticated hammering patterns to mount real-world attacks.

According to the researchers, TRRespass fuzzer repeatedly selects different random rows at various locations in DRAM for hammering and works even when unaware of the implementation of the memory controller or the DRAM chip.

What's more? The latest flaw also affects LPDDR4 and LPDDR4X chips embedded on most of the modern smartphones, leaving millions of devices still vulnerable to the RowHammer vulnerability again.
[ nkrgovic @ 12.03.2020. 07:55 ] @
Ovo prvo jeste nezgodno. Ovo drugo.... Rowhammer na telefonu? Kako je dosao na telefon? :) Mislim, onaj ko se ulogovao na telefon i moze da izvrsi 3rd party aplikaciju (nesto sto je sam skinuo dodatno) - gledaj taj vec ima pristup svemu sto ima u telefonu. Edge case u najboljem slucaju.

Ja verujem da Rowhammer radi i na npr. R-Pi, pa? :) Jedno je nesto sto je mutli-user, neki server-grade CPU koji ima multi-tennant, tu imam ozbiljan problem ako nemam izolaciju izmedju VM-ova, ali telefon....
[ Branimir Maksimovic @ 12.03.2020. 12:05 ] @
"ali telefon.... "

sto jeste, jeste, telefon ionako nema multi user :P