[Info-vax] Throwhammer, remote Rowhammer via RDMA (was Re: CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics)

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Sat May 12 15:17:20 EDT 2018 

On 2018-05-12 18:11:40 +0000, already5chosen at yahoo.com said:

> On Saturday, May 12, 2018 at 7:32:22 PM UTC+3, Stephen Hoffman wrote:
>> On 2018-05-11 14:04:35 +0000, already5chosen at yahoo.com said:
>> 
>>> I don't want to speculate about long run, but at the short run DDR4  
>>> (made by S and H, less so by M) is less vulnerable (or completely  
>>> immune?) to Rowhammer than DDR3.
>> 
>> From 2016:
>> https://arstechnica.com/information-technology/2016/03/once-thought-safe-ddr4-memory-shown-to-be-vulnerable-to-rowhammer/ 
>> 
>> 
> 
> This article does not contradict what I wrote above - M is vulnerable. 
> But even M-made DDR4 are less vulnerable than DDR3.

If by "less so" you meant to speculate that some of the Micron DDR4 
modules were found vulnerable to rowhammer, sure.    "Of the twelve 
memory modules we tested, eight showed bit flips during our 4-hour 
experiment. And of these eight failures, every memory module that 
failed at default settings was on DDR4 silicon manufactured by Micron."

SK Hynix and Samsung fared far better in the referenced tests at 
standard refresh rates, and presumably all of the DDR4 vendors have 
been working to improve the integrity or reliability their designs.  
Though that old memory is in use.  In the host main memory, or in all 
the other parts within a modern server that embed SDRAM for cache or 
otherwise.   And some of the vendor improvements involve 
cost-reductions, too.

Comparatively few folks know what memory vendor was used by the vendor 
originally or during subsequent replacements, nor do POST diagnostics 
nor the operating systems I've worked with report the presence of 
known- or potentially-vulnerable SDRAM configurations.  The user has to 
know or learn about this, and then go inventory the hardware.

And as for SK Hynix, Samsung, Micron or the vendors of any other 
component products in our increasingly-complex servers, the details 
here can and do change by revision and model.

Whether servers using DDR3 or DDR4 or otherwise, memory errors are not 
particularly visible to OpenVMS users in normal operations, either.  
That's without having rowhammer or throwhammer around.  I've worked 
with various Integrity servers that were throwing blizzards of memory 
errors, and SHOW ERROR showed nada.





-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list