Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <db41b7e2-cf14-51e3-a2f7-12cffc467bdf@riseup.net>
Date: Sat, 2 Jun 2018 13:57:24 +0000
From: procmem <procmem@...eup.net>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: kernel-hardening@...ts.openwall.com
Subject: Re: Nethammer and kernel network drivers

Hi. I asked one of the authors (Daniel Gruss) to give you more
insightful feedback as its more helpful in the matter.


Greg KH:
> On Sat, Jun 02, 2018 at 03:46:19AM +0000, procmem wrote:
>> Hello. I wanted to get your attention about a new, more serious
>> reincarnation of rowhammer called nethammer that doesn't need to execut
>> any code on the system like in the past nor does it leave a trace.
>>
>> The summary of the paper is that rowhammer can be
>> remotely triggered by feeding susceptible* network driver crafted
>> traffic. This attack can do all kinds of nasty things such as modifying
>> SSL certs on the victim system.
>>
>> * Susceptible drivers are those relying on Intel CAT, uncached memory or
>> the clflush instruction.
>>
>> In absence of hardware mitigations, please identify and disable/fix
>> susceptible network drivers to avoid this type of attack. Thanks.
> 
> Any hint as to how to identify such drivers?  Have you looked into what
> this would entail?
> 
> thanks,
> 
> greg k-h
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.