CVE-2019-0174: RAMBleed Ataque permite aos crackers Leia Secret Bits chave

A new side-channel exploit against dynamic random-access memory (DRAM) foi descoberto. O ataque, which is dubbed RAMBleed allows malicious programs to read sensitive memory data from other processes running on the same hardware.

RAMBleed has been identified as CVE-2019-0174. De fato, RAMBleed is based on a previous exploit known as Rowhammer which has had different versions in the past.

CVE-2019-0174: RAMBleed Description

The Rowhammer bug is a reliability issue in DRAM cells that can enable an unprivileged adversary to flip the values of bits in neighboring rows on the memory module. Previous work has exploited this for various types of fault attacks across security boundaries, where the attacker flips inaccessible bits, often resulting in privilege escalation. It is wide assumed however, that bit flips within the adversary’s own private memory have no security implications, as the attacker can already modify its private memory via regular write operations.

A team of researchers from University of Michigan, Graz University of Technology, and University of Adelaide and Data61 demonstrate that this assumption is incorrect by utilizing Rowhammer as a read side channel. Their paper is titled “RAMBleed: Reading Bits in Memory Without Accessing Them”.

The researchers’ work reveals how an unprivileged threat actor can exploit the data dependence between Rowhammer-induced bit flips and the bits in nearby rows to deduce these bits, including values that belong to other processes as well as the kernel.

relacionado: [wplinkpreview url =””] Side-channel Attacks Found to Affect GPU Cards

Em resumo, Rowhammer is a fault attack where the attacker utilizes a specific sequence of memory accesses that results in bit flips, such as changes in bit values, in locations other than those accessed. Because the attacker does not directly access the changed memory location, the change is not visible to the processor or the operating system, and is not subject to any permission checks, os pesquisadores disseram.

With RAMBleed, Contudo, it’s now known that Rowhammer also affect data confidentiality by allowing an unprivileged attacker to leverage Rowhammer-induced bit flips to read the value of nearby bits.

além disso, as not every bit in DRAM can be flipped via Rowhammer, Os pesquisadores “also present novel memory massaging techniques that aim to locate and subsequently exploit Rowhammer flippable bits. This enables the attacker to read otherwise inaccessible information such as secret key bits“.

Além disso, the RAMBleed bug would allow an unprivileged attacker to read secret data via the default configuration of a range of systems such as UbuntuLinux, without requiring any special configurations.

Full technical disclosure of CVE-2019-0174 is available in the original paper.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar