CVE-2019-0174: RAMBleed Attack Allows Attackers to Read Secret Key Bits
CYBER NEWS

CVE-2019-0174: RAMBleed Attack Allows Attackers to Read Secret Key Bits

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

A new side-channel exploit against dynamic random-access memory (DRAM) has been discovered. The attack, which is dubbed RAMBleed allows malicious programs to read sensitive memory data from other processes running on the same hardware.

RAMBleed has been identified as CVE-2019-0174. In fact, RAMBleed is based on a previous exploit known as Rowhammer which has had different versions in the past.




CVE-2019-0174: RAMBleed Description

The Rowhammer bug is a reliability issue in DRAM cells that can enable an unprivileged adversary to flip the values of bits in neighboring rows on the memory module. Previous work has exploited this for various types of fault attacks across security boundaries, where the attacker flips inaccessible bits, often resulting in privilege escalation. It is wide assumed however, that bit flips within the adversary’s own private memory have no security implications, as the attacker can already modify its private memory via regular write operations.

A team of researchers from University of Michigan, Graz University of Technology, and University of Adelaide and Data61 demonstrate that this assumption is incorrect by utilizing Rowhammer as a read side channel. Their paper is titled “RAMBleed: Reading Bits in Memory Without Accessing Them”.

The researchers’ work reveals how an unprivileged threat actor can exploit the data dependence between Rowhammer-induced bit flips and the bits in nearby rows to deduce these bits, including values that belong to other processes as well as the kernel.

Related:
A new security report shows that GPU cards are vulnerable to new side-channel attacks, read more about the dangers in our article
Side-channel Attacks Found to Affect GPU Cards

In short, Rowhammer is a fault attack where the attacker utilizes a specific sequence of memory accesses that results in bit flips, such as changes in bit values, in locations other than those accessed. Because the attacker does not directly access the changed memory location, the change is not visible to the processor or the operating system, and is not subject to any permission checks, the researchers said.

With RAMBleed, however, it’s now known that Rowhammer also affect data confidentiality by allowing an unprivileged attacker to leverage Rowhammer-induced bit flips to read the value of nearby bits.

Furthermore, as not every bit in DRAM can be flipped via Rowhammer, the researchers “also present novel memory massaging techniques that aim to locate and subsequently exploit Rowhammer flippable bits. This enables the attacker to read otherwise inaccessible information such as secret key bits“.

Moreover, the RAMBleed bug would allow an unprivileged attacker to read secret data via the default configuration of a range of systems such as UbuntuLinux, without requiring any special configurations.




Full technical disclosure of CVE-2019-0174 is available in the original paper.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...