Hacker News new | ask | show | jobs
by expliced 2562 days ago
>unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.

Seems like mitigations for Rowhammer is not enough for RAMBleed.
2 comments
opencl 2562 days ago
SEV is a completely different thing than ECC. It encrypts the memory. RAMBleed reads raw physical bits which are encrypted and thus useless when SEV is enabled.

The paper even specifically says that SEV and other similar technologies protect against this.

link
syn0byte 2562 days ago
ECC isn't effective mitigation against Rowhammer either.

https://www.vusec.net/projects/eccploit/

tl;dr ECC logic can't cope with 'single' errors involving > 2 bits.

link
Dylan16807 2561 days ago
It has to cause a huge amount of single-bit errors to find a spot suitable for a three-bit error.

If these errors are actually treated as errors, then chips will be disabled or processes will get blacklisted long before they can be used to exploit.

So this is really "ECC is often configured wrong", not "ECC isn't effective".

link