|
This is a proof-of-concept exploit that is able to gain kernel
|
privileges on machines that are susceptible to the DRAM "rowhammer"
|
problem. It runs as an unprivileged userland process on x86-64 Linux.
|
It works by inducing bit flips in page table entries (PTEs).
|
|
For development purposes, the exploit program has a test mode in which
|
it induces a bit flip by writing to /dev/mem. qemu_runner.py will run
|
the exploit program in test mode in a QEMU VM. It assumes that
|
"bzImage" (in the current directory) is a Linux kernel image that was
|
built with /dev/mem enabled (specifically, with the the
|
CONFIG_STRICT_DEVMEM option disabled).
|
|
Mark Seaborn
|
mseaborn@chromium.org
|
March 2015
|