Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

Black Hat via YouTube Direct link

"Ideal" fix: Target Row Refresh, TRR

21 of 24

21 of 24

"Ideal" fix: Target Row Refresh, TRR

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Bit flips!
  2. 2 The rowhammer DRAM bug
  3. 3 Overview of talk
  4. 4 About the speakers
  5. 5 Exploiting random bit flips
  6. 6 Types of memory error
  7. 7 DRAM row buffer
  8. 8 DRAM refresh
  9. 9 "Hammering" can cause bit flips
  10. 10 Bad cells
  11. 11 Step 1: Bypass the cache
  12. 12 Double-sided hammering
  13. 13 Flippy the Laptop
  14. 14 Intro to Native Client (NaCl)
  15. 15 Escaping an in-process sandbox
  16. 16 Bit flips make safe code unsafe
  17. 17 Using physical memory access
  18. 18 Page reuse
  19. 19 Mitigations
  20. 20 Mitigation: ECC memory
  21. 21 "Ideal" fix: Target Row Refresh, TRR
  22. 22 Mitigation: 2x refresh rate
  23. 23 Conclusions
  24. 24 For more information

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.