by Herbert Bos, Bart Preneel, Cristiano Giuffrida, Kaveh Razavi, Erik Bosman, Ben Gras,

Summary : We show how an attacker virtual machine (VM) can induce Rowhammer bit flips over memory used by another VM on the same host even under strong hardware-enforced memory isolation in a "fully controlled way". In many cloud settings, memory deduplication is used to reduce the memory footprint of VMs significantly by keeping a single copy of multiple memory pages with the same contents. The memory deduplication process scans the memory periodically to find memory pages with the same contents, then keeps one copy in the physical memory (i.e., the primary page) and releases the copies to the system. We show that by guessing the contents of a target page in a victim VM, an attacker VM can easily control the primary page, or in other words, the location of the victim's memory page on physical memory. By placing the victim page on a physical memory location with the right vulnerable bit offset, determined in the first stage of our exploit, we can perform a reliable and deterministic Rowhammer across VMs. We used this new technique, named flip feng shui, to corrupt the page cache of a victim VM hosting RSA public keys. We exemplify end-to-end attacks (a) breaking OpenSSH public-key authentication, thereby allowing remote OpenSSH access using a newly generated private key, and (b) forging GPG signatures from trusted keys, thereby compromising the Ubuntu/Debian updating mechanism, all without relying on any software vulnerability. Unlike other Rowhammer-based cryptographic fault attacks, ours is quite practical: it does not make any assumption on the environment nor requires the knowledge of the CPU's memory addressing function. We discuss practical defenses against flip feng shui attacks at the end.