RAMBleed is different in that it uses Rowhammer for reading data stored inside the computer’s physical memory. As the physical memory is shared among all process in the system, this puts all processes at risk. RAMBleed is a side channel attack that enables an attacker to read out physical memory belonging to other processes. The vulnerability, listed as CVE-2019-0174, got the RAMBleed name because random access memory “bleeds its contents.
What is the Rowhammer bug?
The trend towards increasing DRAM cell density and decreasing capacitor size over the past decades has given rise to a reliability issue known as Rowhammer. Specifically, repeated accesses to rows in DRAM can lead to bit flips in neighboring rows (not only the direct neighbors), even if these neighboring rows are not accessed. Attackers can exploit these cross-process bit flips for a myriad of security breaches.
what data can be read by RAMBleed?
In a proof-of-concept (PoC) end-to-end attack, researchers demonstrated that they could read an OpenSSH 7.9 RSA key – and potentially any data stored in memory via a Rowhammer as a side channel. RAMBleed can potentially read any data stored in memory.
What technologies are affected by RAMBleed?
Machines with memory chips susceptible to Rowhammer attacks are potentially vulnerable, including “both DDR3 and DDR4 with TRR (targeted row refresh) enabled,” the researchers indicated. However, they also suggested that upgrading to DDR4 with TRR turned on would still serve as mitigation because exploits are “harder to accomplish in practice.”
How to Mitigate this issue?
Users can mitigate their risk by upgrading their memory to DDR4 with targeted row refresh (TRR) enabled. While Rowhammer-induced bit flips have been demonstrated on TRR, it is harder to accomplish in practice.
Memory manufacturers can help mitigate this issue by more rigorously testing for faulty DIMMs. Furthermore, publicly documenting vendor specific TRR implementations will facilitate a stronger development process as security researchers probe such implementations for weaknesses.
For any Cyber Security information contact firstname.lastname@example.org