Google 的 Project Zero 實做 Rowhammer Bug:「Exploiting the DRAM rowhammer bug to gain kernel privileges」。
開頭就很科幻:
“Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows.
然後就提到實做了:
We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect.
給出了 NaCl sandbox escape 與 Kernel privilege escalation 兩種方式。
這頭快炸了...