Security Techniques

Rowhammer: Linux Kernel Privilege Escalation PoC

Rowhammer: Linux Kernel Privilege Escalation PoC:

Full PoC:

This is a proof-of-concept exploit that is able to gain kernel privileges on machines that are susceptible to the DRAM “rowhammer” problem.  It runs as an unprivileged userland process on x86-64 Linux. It works by inducing bit flips in page table entries (PTEs).

For development purposes, the exploit program has a test mode in which it induces a bit flip by writing to /dev/mem. will run the exploit program in test mode in a QEMU VM.  It assumes that “bzImage” (in the current directory) is a Linux kernel image that was
built with /dev/mem enabled (specifically, with the the CONFIG_STRICT_DEVMEM option disabled).