RowPress
vulns
RowPress | vulns | |
---|---|---|
1 | 2 | |
28 | 425 | |
- | - | |
6.1 | 10.0 | |
4 months ago | over 2 years ago | |
VHDL | ||
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
RowPress
-
There's a new way to flip bits in DRAM, and it works against the latest defenses
For those interested, the key takeaway from this IMO is that by issuing many sequential reads, the memory controller will hold a target row open for an extended amount of time to service the consecutive accesses.
This is in contrast to the original rowhammer attack, which issues accesses such that target rows are repeatedly opened and closed to trigger bitflips in neighboring rows.
By stretching out the row open time to 30ms (!), the authors claim they are able to reliably trigger bitflips with a single row opening in 13% of tested rows at 50 C[1]. Some rows in certain chips can be flipped with access times of under 10ms[2].
At more realistic row open times of 7.8 - 70us, there seems to be a 1/x relationship between row open time and number of activations required, they cumulative amount of time the row needs to be held open for to trigger a flip seems to remain fairly constant (around 50ms total from my very approximate estimations). Note that the attack needs to be executed in under 64 ms total, otherwise the automatic DRAM refresh will reset any progress made.
The authors demonstrate this attack with a userspace program that maps a 1 GB hugepage to be able to directly manipulate the lower 30 physical address bits[3], although they don't seem to provide the row open times they end up being able to achieve in practice.
The attack code itself: https://github.com/CMU-SAFARI/RowPress/blob/main/demonstrati...
[1]: https://arxiv.org/pdf/2306.17061.pdf pg 5. obsv. 2 [2]: pg 6. obsv. 6 [3] pg. 11 sec 6.1
vulns
What are some alternatives?
exploits - A handy collection of my public exploits, all in one place.