Row hammer

Rowhammer (also written as row hammer) is a computer security exploit that takes advantage of an unintended and undesirable side effect in dynamic random-access memory (DRAM) in which memory cells interact electrically between themselves by leaking their charges, possibly changing the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times.[1][2][3]

The Rowhammer effect has been used in some privilege escalation computer security exploits,[2][4][5][6] and network-based attacks are also theoretically possible.[7][8]

Different hardware-based techniques exist to prevent the Rowhammer effect from occurring, including required support in some processors and types of DRAM memory modules.[9][10]

  1. ^ Yoongu Kim; Ross Daly; Jeremie Kim; Chris Fallin; Ji Hye Lee; Donghyuk Lee; Chris Wilkerson; Konrad Lai; Onur Mutlu (June 24, 2014). "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors" (PDF). ece.cmu.edu. IEEE. Retrieved March 10, 2015.
  2. ^ a b Goodin, Dan (March 10, 2015). "Cutting-edge hack gives super user status by exploiting DRAM weakness". Ars Technica. Retrieved March 10, 2015.
  3. ^ Ducklin, Paul (March 12, 2015). "'Row hammering' – how to exploit a computer by overworking its memory". Sophos. Retrieved March 14, 2015.
  4. ^ Seaborn, Mark; Dullien, Thomas (March 9, 2015). "Exploiting the DRAM rowhammer bug to gain kernel privileges". googleprojectzero.blogspot.com. Retrieved March 10, 2015.
  5. ^ "Using Rowhammer bitflips to root Android phones is now a thing". Ars Technica. Retrieved October 25, 2016.
  6. ^ Swati Khandelwal (May 3, 2018). "GLitch: New 'Rowhammer' Attack Can Remotely Hijack Android Phones". The Hacker News. Retrieved May 21, 2018.
  7. ^ Mohit Kumar (May 10, 2018). "New Rowhammer Attack Can Hijack Computers Remotely Over the Network". The Hacker News. Retrieved May 21, 2018.
  8. ^ Swati Khandelwal (May 16, 2018). "Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests". The Hacker News. Retrieved May 21, 2018.
  9. ^ Marcin Kaczmarski (August 2014). "Thoughts on Intel Xeon E5-2600 v2 Product Family Performance Optimisation – Component selection guidelines" (PDF). Intel. p. 13. Archived from the original (PDF) on April 18, 2024. Retrieved March 11, 2015.
  10. ^ Greenberg, Marc (October 15, 2014). "Reliability, Availability, and Serviceability (RAS) for DDR DRAM interfaces" (PDF). memcon.com. pp. 2, 7, 10, 20, 27. Archived from the original (PDF) on July 5, 2016. Retrieved March 11, 2015.