RAMBleed: New Rowhammer attack can steal data from memory

An international academic research team discovered a variant of the Rowhammer attack, called RAMBleed, that can be performed even if a system is patched against Rowhammer.

The RAMBleed attack is based on Rowhammer, which was originally discovered by Google's Project Zero in 2015 and could induce bit flipping in vulnerable dynamic RAM modules to bypass core system protections. While Rowhammer attacks worked by writing to memory, RAMBleed uses the Rowhammer flaw in order to read data stored in physical memory.

The research team of Andrew Kwong and Daniel Genkin from the University of Michigan, Daniel Gruss from the Graz University of Technology in Austria, and Yuval Yarom from the University of Adelaide described RAMBleed (CVE-2019-0174) as "a side-channel attack that enables an attacker to read out physical memory belonging to other processes."

"As the physical memory is shared among all process in the system, this puts all processes at risk," the researchers wrote in a FAQ about RAMBleed. "While the end-to-end attack we demonstrated read out OpenSSH 7.9's RSA key, RAMBleed can potentially read any data stored in memory. In practice, what can be read depends on the victim program's memory access patterns."

The researchers warned that mitigations against Rowhammer, like error correcting code (ECC), are not guaranteed to protect systems against RAMBleed.

"RAMBleed uses bit flips as a read side channel, and as such does not require bit flips to be persistent. Instead, the attacker merely needs to know that a bit flip occurred; the secret information leaks regardless of whether or not ECC corrects the flip," the researchers wrote. "Users can mitigate their risk by upgrading their memory to DDR4 with targeted row refresh (TRR) enabled. While Rowhammer-induced bit flips have been demonstrated on TRR, it is harder to accomplish in practice. As such, we suspect that many classes of computers are susceptible to RAMBleed."

Despite the large number of potentially vulnerable devices, Intel rated the severity as low, and the flaw received a CVSS v3 rating of 3.8, in part, because it requires local access to exploit.

"Partial physical address information potentially disclosed through exploitation of this vulnerability does not contain user secrets, but could potentially be utilized to enhance unrelated attack methods," Intel's advisory said.

Intel's claim seems to be contradicted by the researchers, who demonstrated "an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key."

Jake Williams, founder and CEO of Rendition Infosec in Augusta, Ga., said Intel and the researchers might be "referencing two different things." 

"Those Intel statements are discussing using RAMBleed to bypass security controls like kernel ASLR [address space layout randomization]," Williams said. "Also, 2048 bits is only 256 bytes. Disclosing that amount of information is one thing. Figuring out what's in that 256 bytes is another challenge entirely. Still, I have no doubt that RAMBleed can be weaponized to produce more reliable exploitation results."

Williams added that while RAMBleed is "an interesting vulnerability, and while it is particularly dangerous under ideal lab conditions, it is unclear how easily this can be exploited on production machines."

But he also noted that it may be difficult to know if RAMBleed is used in the wild, because, like Rowhammer, "it doesn't leave any specific logs, so it's hard to say."

Neither Intel nor the research team behind RAMBleed responded to requests for comment at the time of this post.