RAM Bleed
<RAM Bleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes.
<The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine.
<As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAM Bleed to leak a 2048 bit RSA key.
<However, RAM Bleed can be used for reading other data as well.
<RAM Bleed is based on a previous side channel called Rowhammer, which enables an attacker to flip bits in the memory space of other processes.
<We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her own memory, can deduce the values in nearby DRAM rows.
<Thus, RAM Bleed shifts Rowhammer from being a threat not only to integrity, but confidentiality as well.
<Furthermore, unlike Rowhammer, RAM Bleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.
<The trend towards increasing DRAM cell density and decreasing capacitor size over the past decades has given rise to a reliability issue known as Rowhammer.
<Specifically, repeated accesses to rows in DRAM can lead to bit flips in neighboring rows (not only the direct neighbors), even if these neighboring rows are not accessed.
<Attackers can exploit these cross process bit flips for a myriad of security breaches.
<Researchers have demonstrated how to abuse Rowhammer for privilege escalation, RSA modulus factorization, and more.
<Previous attacks exploited the Rowhammer effect to write (or flip) bits in the victim's memory.
<RAM Bleed is different in that it uses Rowhammer for reading data stored inside the computer's physical memory.
<As the physical memory is shared among all process in the system, this puts all processes at risk.
>Site: https://rambleed.com
>Paper: https://rambleed.com/docs/20190603-rambleed-web.pdf
>CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0174