Select Page

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices.

The new technique — dubbed “Blacksmith” (CVE-2021-42114, CVSS score: 9.0) — is designed to trigger bit flips on target refresh rate-enabled DRAM chips with the help of novel “non-uniform and frequency-based” memory access patterns, according to a study jointly published by academics from ETH Zurich, Vrije Universiteit Amsterdam, and Qualcomm Technologies.

Originally disclosed in 2014, Rowhammer refers to a fundamental hardware vulnerability that could be abused to alter or corrupt memory contents by taking advantage of DRAM’s tightly-packed, matrix-like memory cell architecture to repeatedly access certain rows (aka “aggressors”) that induces an electrical disturbance large enough to cause the capacitors in neighbouring rows to leak charge faster and flip bits stored in the “victim” rows adjacent to them.

A double-sided Rowhammer access pattern sandwiches a victim row in between two aggressor rows, maximizing the bit flips in the victim row. Another method called Half-Double, as established by Google researchers earlier this May, leverages the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed to tamper with data stored in memory and, in principle, even gain unfettered access to the system.

images from Hacker News