The Rowhammer attack could allow malicious parties to create privilege escalation exploits and network-based attacks that would enable them to tamper with data and inject malicious commands in computer systems.
It is a software based fault injection attack.
- Specially created user mode program(native application/jave script on firefox) could create Rowhammer for privilege escalation(low previlege user application to get elevated access to system resources that are normally protected for user applications-)
- Refer to Google Project Zero for further information
Some of the Mitigation are
- ECC – Error correcting code. SEC- Single error correction. DED -Double error detection. Note that flipping three bits prevents the ECC from detecting the error
- TRR – Target row refresh (TRR) that prevents the row hammer effect without negatively impacting performance or power consumption
Not Even ECC Memory Is Safe Against Rowhammer Attacks (2018.11.26) – The attack is named “ECCPilot”