Go Go Gadget Hammer: Flipping Nested Pointers for Arbitrary Data Leakage

Explore a 12-minute conference talk from USENIX Security '24 that reveals a novel exploitation technique for Rowhammer vulnerabilities in DRAM modules. Learn how researchers from the University of Michigan, UNC Chapel Hill, and Georgia Tech demonstrate targeting nested pointer dereferences to achieve arbitrary data leakage from victim systems. Discover improved Rowhammer primitives including kernel memory massaging, synchronization techniques, and kernel flip testing that achieve significantly faster data extraction rates compared to previous methods. Understand how this research expands Rowhammer's attack surface by targeting code patterns rather than specific memory structures, highlighting the need for more comprehensive software defense strategies beyond selective memory padding.