Project-Zero is at it again. In 2015 they demonstrated how Intel PCs running Linux could be exploited by taking advantage of hardware (physical) weaknesses in DDR DRAM. On the 25th of May they introduced a new attack able to produce bitflips at a distance of two rows instead of canonical (one row). The research teams explained, “with Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength. Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B.”
Google’s team has been working with many semiconductor companies to engineer possible mitigations to this attack as it is only getting more efficient and wide-ranging effecting hardware industry-wide thus opening a vector for devastating attacks, if and when it becomes a viable tactic.