[Info-vax] Throwhammer, remote Rowhammer via RDMA (was Re: CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics)
already5chosen at yahoo.com
already5chosen at yahoo.com
Sat May 12 14:11:40 EDT 2018
On Saturday, May 12, 2018 at 7:32:22 PM UTC+3, Stephen Hoffman wrote:
> On 2018-05-11 14:04:35 +0000, already5chosen at yahoo.com said:
>
> > I don't want to speculate about long run, but at the short run DDR4
> > (made by S and H, less so by M) is less vulnerable (or completely
> > immune?) to Rowhammer than DDR3.
>
> From 2016:
> https://arstechnica.com/information-technology/2016/03/once-thought-safe-ddr4-memory-shown-to-be-vulnerable-to-rowhammer/
>
This article does not contradict what I wrote above - M is vulnerable. But even M-made DDR4 are less vulnerable than DDR3.
>
> And given that throwhammer defenestrates an approach based on
> whitelisted and trusted applications, as sketchy as that assumption was
> given the numbers of latent vulnerabilities being found in existing
> apps...
>
>
> --
> Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list