RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory
Jun 12, 2019
A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174 , the new attack is based on a well-known class of DRAM side channel attack called Rowhammer , various variants [ GLitch , RAMpage , Throwhammer , Nethammer , Drammer ] of which have been demonstrated by researchers in recent years. Known since 2012, Rowhammer bug is a hardware reliability issue that was found in the new generation of DRAM chips. It turned out that repeatedly and rapidly accessing (hammering) a row of memory can cause bit flips in adjacent rows, i.e., changing their bit values from 0 to 1 or vice-versa. In the following years, researchers also demonstrated successful exploits to achieve privilege escalation on the vulnerable computers by