A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware.
Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side channel attack called Rowhammer, various variants [GLitch, RAMpage, Throwhammer, Nethammer, Drammer] of which have been demonstrated by researchers in recent years.
Known since 2012, Rowhammer bug is a hardware reliability issue that was found in the new generation of DRAM chips.
It turned out that repeatedly and rapidly accessing (hammering) a row of memory can cause bit flips in adjacent rows, i.e., changing their bit values from 0 to 1 or vice-versa.
In the following years, researchers also demonstrated successful exploits to achieve privilege escalation on the vulnerable computers by flipping (writing) bits in the victim’s memory.
Discovered by a team of researchers from the University of Michigan, Graz University of Technology and the University of Adelaide, the new RAMBleed also relies on the bit-flip mechanism; but instead of writing data in the adjacent rows, this attack allows attackers to read the information in protected memory belonging to other programs and users.
images from Hacker News