[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption
From: Nick Boyce <nick.boyce () gmail ! com>
Date: 2015-03-13 1:07:11
Message-ID: CACqxkWKymXeRNT0fwbV20ffoy_4VPw1Bop_G2Nh_=HhnguvB=Q () mail ! gmail ! com
[Download RAW message or body]
On 12 March 2015 at 20:31, Aris Adamantiadis <aris@badcode.be> wrote:
> Le 12/03/15 17:00, Nick Boyce a écrit :
>
>> ... Google was only able to make the attack
>> work on laptops - desktop machines so far
>> remaining unaffected.
>>
>> [I *knew* it was a good idea to hang on to
>> that old Athlon XP desktop :-)]
>>
> There are countless reports of the attack
> working on desktops. It worked on one of
> the two non-ecc desktops I've tried it on.
> It's an AMD FX 8150.
Damn - that's disappointing :-/
I see you're right - there's a lot of activity:
https://groups.google.com/group/rowhammer-discuss/
>> The authors state that ECC does not help,
>> which is puzzling.
This post:
http://blog.erratasec.com/2015/03/some-notes-on-dram-rowhammer.html
explains that ECC is only going to correct single bit fails, and
likely crash the machine on double-bit fails, but that multi-bit fails
(which the Google tool achieves) may evade the ECC and achieve the
goal.
https://github.com/google/rowhammer-test
I'm off to find some machines to test.
Nick
--
Coding is easy; All you do is sit staring at a terminal until the drops
of blood form on your forehead.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic