New Variants of Rowhammer and Speculative Execution Attacks Pique Researchers’ Interest

New Variants of Rowhammer and Speculative Execution Attacks Pique Researchers’ Interest

  • Rowhammer is tracked as CVE-2020-10255 and bypasses the suggested collective mitigation methods called ‘Target Row Refresh’ (TRR).
  • LVI-LFB (Load Value Injection in the Line Fill Buffers) is tracked as CVE-2020-0551 and is described as a reverse Meltdown-type attack.

Security researchers have uncovered two new vulnerabilities that can be a matter of concern for chip manufacturers. The new vulnerabilities are tracked as TRS-bypassing Rowhammer and Load Value Injection.

About TRS-bypassing Rowhammer 
  • Target Row Refresh (TRR)-bypassing Rowhammer is a new vulnerability discovered by VUSec Lab. The flaw is tracked as CVE-2020-10255 and bypasses the suggested collective mitigation methods called ‘Target Row Refresh’ (TRR).
  • TRR is a combination of software and hardware fixes that have been slowly added to the design of modern RAM cards after 2014 when academics disclosed the first-ever case of a Rowhammer attack.
  • Apart from affecting DDR3 and DDR4 memory chips, the flaw also affects LPDDR4 and LPDDR4X chips embedded in most of modern smartphones. With the discovery of this new vulnerability, millions of devices remain vulnerable to Rowhammer vulnerability again. The s LPDDR4 memory cards are used inside Google, LG, OnePlus and Samsung smartphones.
  • In order to understand the intensity of the vulnerability, researchers created a tool called TRRespass to identify new row patterns that can be hammered like before.
  • The tool was tested on 43  DIMMs (Dual In-line Memory Module) and researchers found that 13 DIMMs from the three major DRAM vendors (Samsung, Hynix, and Micron) are vulnerable to the new variations of Rowhammer.

About LVI-LFB vulnerability
  • LVI-LFB (Load Value Injection in the Line Fill Buffers) is a new vulnerability that affects many processors made by Intel. The vulnerability is tracked as CVE-2020-0551 and is described as a reverse Meltdown-type attack.
  • As explained by Bitdefender researchers, the vulnerability allows malicious software installed on a device to gain access to potentially sensitive information. This information can include anything from encryption keys to passwords, or other information that an attacker could exfiltrate, or use to gain further control of a targeted system.
  • The vulnerability impacts the security feature baked into Intel’s SGX (Software Guard Extensions).
  • Researchers note that there are some limitations that make it difficult to carry out the attack. However, due to the criticality of the issue, Intel has issued new mitigation guidance and tools for LVI to reduce the overall attack surface.

Bottom line
VUSec team had reported the new Rowhammer attacks to all affected parties last year but it is unclear when the firms are going to address the issue. On the other hand, Intel has urged the OS and VMM vendors to keep their system updated apart from providing mitigation measures.