Is nothing sacred any more? Gosh, there's vulnerabilities everywhere. Just when you thought you were safe after updating to protect your CPU, now there's this. Thought RAM vendors had fixed Rowhammer from 2014? Think again, it's back with Half-Double.
As a reminder: Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses. It's kinda similar to the speculative execution vulnerabilities in CPUs. This newer Half-Double attack vector "capitalizes on the worsening physics of some of the newer DRAM chips" which sounds quite terrible.
Traditionally, Rowhammer was understood to operate at a distance of one row: when a DRAM row is accessed repeatedly (the “aggressor”), bit flips were found only in the two adjacent rows (the “victims”). However, with Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength. Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to “transport” the Rowhammer effect of A onto C. Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate. This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable.
This is particularly harsh and will need hardware adjustments, again, to get around it. Google mentioned how it has signifiant ramifications for the entire computing industry and they want all stakeholders (that being literally everyone doing computing - server, client, mobile, automotive, IoT), to help develop a solution to this.
Find the paper on GitHub.