“With enough accesses, this can change a cell’s value from 1 to 0 or vice versa. In other words, the selected zero area will be transferred to the victims, or vice versa.” researchers explained.The Bit flipping technique was first presented in an experimental study paper published by Carnegie Mellon University, entitled, "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors."
Bit flipping technique shouldn’t be confused with Buffer overflow or use-after-free memory corruption techniques where an attacker funnels malicious shellcode into protected regions of victim’s computer.
- First, Page table entries (PTEs) based exploit uses rowhammer induced bit flips to achieve kernel privileges on x86-64 Linux and hence, gain read-write access to entire of physical memory.
- Second exploit demonstrates the exploitation of same vulnerability by escaping from the Native Client sandbox.