Rowhammer Privilege Escalation Techniques and Challenges

This technical report discusses the ongoing challenges associated with Rowhammer privilege escalation, particularly in the context of modern memory technologies. It outlines the difficulties posed by on-die ECC, probabilistic countermeasures, and memory encryption, which complicate the exploitation process. The report details methods to overcome these obstacles, including after-the-fact filtering of bit flips through speculative execution and selecting entropy-tolerant exploit targets. It explains the implications of speculative execution and timing side channels, referencing known vulnerabilities such as Spectre and Meltdown. The report also examines the effectiveness of existing defenses, such as the PARA technique and memory encryption, highlighting their limitations. Additionally, it presents a case study on the performance of PARA and discusses potential alternative targets for exploitation, specifically focusing on bitmaps in the Linux kernel. The report concludes with lessons learned and emphasizes the evolving nature of exploit techniques in relation to defensive measures.