Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

Google detail 'Half-Double', a new Rowhammer vulnerability for DRAM

By - | Views: 10,622

Is nothing sacred any more? Gosh, there's vulnerabilities everywhere. Just when you thought you were safe after updating to protect your CPU, now there's this. Thought RAM vendors had fixed Rowhammer from 2014? Think again, it's back with Half-Double.

As a reminder: Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses. It's kinda similar to the speculative execution vulnerabilities in CPUs. This newer Half-Double attack vector "capitalizes on the worsening physics of some of the newer DRAM chips" which sounds quite terrible.

Traditionally, Rowhammer was understood to operate at a distance of one row: when a DRAM row is accessed repeatedly (the “aggressor”), bit flips were found only in the two adjacent rows (the “victims”). However, with Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength. Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to “transport” the Rowhammer effect of A onto C. Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate. This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable.

This is particularly harsh and will need hardware adjustments, again, to get around it. Google mentioned how it has signifiant ramifications for the entire computing industry and they want all stakeholders (that being literally everyone doing computing - server, client, mobile, automotive, IoT), to help develop a solution to this.

Find the paper on GitHub.

Article taken from GamingOnLinux.com.
9 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. Find me on Mastodon.
See more from me
The comments on this article are closed.
6 comments

WorMzy May 26, 2021
Heh, ramifications.
AciD May 26, 2021
Quoting: WorMzyHeh, ramifications.

This is the first thing I thought ;)
Nanobang May 26, 2021
View PC info
  • Supporter
Fingers crossed, rabbit's foot rubbed, anyone know what the likelihood of being attacked, and what is/are the likely attack vector(s)?
Bumadar May 26, 2021
You want to be safe? Don't use a computer ;)
F.Ultra May 26, 2021
View PC info
  • Supporter
Quoting: NanobangFingers crossed, rabbit's foot rubbed, anyone know what the likelihood of being attacked, and what is/are the likely attack vector(s)?

Just as with the original rowhammer the attacker must first be able to run software on your system so this is mostly an attack on servers that have multiple users and cloud solutions where multiple people access the same hardware at the same time.

edit: and of course some malicious website can serve javascript that can use rowhammer to extract secret data from your computers ram.

edit2: what as can be seen in the demonstration video https://www.youtube.com/watch?v=k2D4D-kF-ic&t=1s using this attack in a browser both takes a long time and it not entirely silent (e.g Firefox here complains that a script is taking too much time)


Last edited by F.Ultra on 26 May 2021 at 3:56 pm UTC
prosoor Jun 1, 2021
Technology will soon need to change, from semiconductors to something else. It appears it reached the physical limit of shrinking.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.