Winter is Coming Back: Defeating the Most Advanced Rowhammer Defenses to Gain Root and Kernel Privileges presented at BlackHatAsia2019 2019

by Zhi Wang, Yueqiang Cheng, Zhi Zhang, Surya Nepal,

Summary : Rowhammer attacks can break the MMU-enforced memory protection to achieve privilege escalation, without requiring any software vulnerability. To mitigate such an attack, numerous software-only countermeasures have been proposed.In this talk, we will present a novel exploit that is able to effectively break the most advanced rowhammer defense. The exploit allows an unprivileged user application to gain both root and kernel privileges. Further, the exploit is stealthier and more efficient compared to existing rowhammer exploits.To demonstrate the effectiveness of the exploit, we will show live demos of two successful attacks on a real system. One is to gain the root privilege and the other is to gain the kernel privilege. Finally, we offer possible mitigations against our proposed exploit, and call for more parties to join in this effort to enhance the system security.