I'll answer myself. Rowhammer can't affect ECC memory, so no Servers/VMs/Cloud escape should be possible, only desktops/laptops.
@ortegaalfredo The #rowhammer paper discusses ECC. In some DRAMs they saw >1 bit flip per 64-bit word - uncorrectable with SECDED ECC.
-
-
@Mark_Seaborn uncorrectable, but detectable. Some servers will isolate the DIMM and continue, but a DoS is a possibility.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@Mark_Seaborn you could try and create a valid undetectable error with >2 bit flips. By that time, you DoS's the server some dozen times. -
@ortegaalfredo Right. With ECC, rowhammer should be a DoS rather than a priv esc - as long as you enable strict MCE checking in your kernel -
@Mark_Seaborn you could also massively attack thousands of servers, crash them all and get priv esc in one. Sometimes you only need that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.