Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips.
To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh (TRR) that refreshes adjacent rows when a victim row is accessed more than a threshold.
But it turns out ‘Target Row Refresh,’ promoted as a silver bullet to mitigate rowhammer attacks, is also insufficient and could let attackers execute new hammering patterns and re-enable the bit-flip attacks on the latest hardware as well.
TRRespass: The Rowhammer Fuzzing Tool
Tracked as CVE-2020-10255, the newly reported vulnerability was discovered by researchers at VUSec Lab, who today also released ‘TRRespass,’ an open source black box many-sided RowHammer fuzzing tool that can identify sophisticated hammering patterns to mount real-world attacks.
According to the researchers, TRRespass fuzzer repeatedly selects different random rows at various locations in DRAM for hammering and works even when unaware of the implementation of the memory controller or the DRAM chip.
What’s more? The latest flaw also affects LPDDR4 and LPDDR4X chips embedded on most of the modern smartphones, leaving millions of devices still vulnerable to the RowHammer vulnerability again.
images from Hacker News
Recent Comments