RAMBleed: Reading Bits in Memory Without Accessing Them Andrew Kwong Daniel Genkin Daniel Gruss Yuval Yarom University of Michigan University of Michigan Graz University of Technology University of Adelaide and Data61
[email protected] [email protected] [email protected] [email protected] Abstract—The Rowhammer bug is a reliability issue in DRAM directly access the changed memory location, the change is cells that can enable an unprivileged adversary to flip the values not visible to the processor or the operating system, and is of bits in neighboring rows on the memory module. Previous not subject to any permission checks. Thus far, this ability to work has exploited this for various types of fault attacks across security boundaries, where the attacker flips inaccessible bits, reliably flip bits across security boundaries has been exploited often resulting in privilege escalation. It is widely assumed for sandbox escapes [19, 55], privilege escalation attacks on however, that bit flips within the adversary’s own private memory operating systems and hypervisors [19, 21, 51, 55, 61, 64], have no security implications, as the attacker can already modify denial-of-service attacks [21, 28], and even for fault injection its private memory via regular write operations. in cryptographic protocols [6]. We demonstrate that this assumption is incorrect, by em- ploying Rowhammer as a read side channel. More specifically, A common theme for all past Rowhammer attacks is we show how an unprivileged attacker can exploit the data that they break memory integrity. Namely, the attacker uses dependence between Rowhammer induced bit flips and the bits Rowhammer to obtain a (limited) write primitive into oth- in nearby rows to deduce these bits, including values belonging to erwise inaccessible memory, and subsequently modifies the other processes and the kernel.