Today's security vulnerability: let's exploit hardware bugs!



  • “Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
    http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

    They anonymize the hardware they tested so you can't just look, but you can download a test program to see if you're vulnerable.

    I wonder how many decades it will be until there is any chance of anything computery being even vaguely secure.


  • SockDev

    @EvanED said:

    I wonder how many decades it will be until there is any chance of anything computery being even vaguely secure.

    Infinite, probably. computers are really really really complicated, yo.

    still it's nice to see a HW based exploit for a change.... SW by far dominates the vuln sectors


  • SockDev

    @accalia said:

    computers are really really really complicated

    And yet all they ever really do is one of two things:

    1. Copy a number from one place to another
    2. Add two numbers together


  • You could just not use Linux.


  • SockDev

    @blakeyrat said:

    You could just not use Linux.

    It's a hardware exploit; the OS used is irrelevant.



  • It says Linux right there. Right up there, says Linux.


  • SockDev

    It also says the issue is in the hardware



  • One of the exploits they built is for Linux. The other breaks out of Chrome's NaCl sandbox. It's quite likely that if someone put in the effort, they could carry out an exploit on Windows.


  • SockDev

    yes. so the demonstrator exploit uses linux. given what this exploit does i'd bet my next three paychecks that someone could find a way to make it exploitable on windows too



  • @blakeyrat said:

    It says Linux right there. Right up there, says Linux.

    undefined 🤦



  • @RaceProUK said:

    It also says the issue is in the hardware

    Right. LINUX hardware.

    @EvanED said:

    to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process.

    Look. Linux. It's dripping with Linux. What's wrong with you people?


  • SockDev

    @blakeyrat said:

    LINUX hardware

    I… what?


  • SockDev

    @blakeyrat said:

    Right. LINUX hardware.

    not sure if flamebaiting or trolling.....

    you are aware that both linux and windows run on identical x86_64 hardware, right? I mean that is a thing. and the hardware doesn't change when you change OS.


  • SockDev

    @accalia said:

    not sure if flamebaiting or trolling

    A combination of the two, methinks



  • @accalia said:

    you are aware that both linux and windows run on identical x86_64 hardware, right?

    Well duh, but this security hole is in Linux. It says so right in the first post.


  • SockDev

    And you think the stupid is strong with me…



  • @blakeyrat said:

    Well duh, but this security hole is in Linux. It says so right in the first post.
    Really? Really?

    “Rowhammer” is a problem **with some recent DRAM devices** in which repeatedly accessing a row of memory can cause bit flips in adjacent rows.
    The bug is a hardware bug. They used it to exploit Linux, and to exploit NaCl. The same bug could almost certainly be used to exploit Windows. I don't see how this is difficult to understand.


  • @EvanED said:

    They used it to exploit Linux, and to exploit NaCl.

    Salt isn't even software. Goddamned these Linux users are stupid, if they think you can escalate privileges of salt.


  • SockDev

    @EvanED said:

    I don't see how this is difficult to understand.

    It's @blakeyrat; he always twists this sort of thing into Linux hate because he's secretly in love with Richard Stallman 😉



  • Guys. It's pretty damn obvious trolling and you're still falling for it.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.