Half Spectre, Full Exploit: Hardening Rowhammer Attacks with Half-Spectre Gadgets

Despite nearly a decade of mitigation efforts by both industry and academia, the community has yet to find comprehensive and efficient countermeasures against pernicious hardware vulnerabilities such as Spectre and Rowhammer. While Spectre mitigations have mostly focused on patching dangerous disclosure gadgets in high-value codebases such as the Linux kernel, mitigating Rowhammer in software is still challenging and security often hinges on the (im)practicality of real-world attacks. Indeed, some Rowhammer attacks are entirely nondeterministic, triggering random bit flips in the hope of corrupting victim data-but at the risk of corrupting critical data and crashing the system. More reliable attacks rely on techniques such as memory templating and massaging, but achieving fully deterministic behavior is still difficult in face of complex memory management abstractions in both hardware and software. In this paper, we show that fully deterministic Rowhammer attacks are feasible. To this end, we exploit synergies with Spectre and specifically focus our attention on so-called half-Spectre gadgets. We show these gadgets, previously deemed unexploitable on last-generation CPUs due to their inability to directly disclose secret data, do enable powerful disclosure primitives to harden other attacks such as Rowhammer. Specifically, we use half-Spectre gadgets to build Preload+Time, a generic primitive to monitor a controlled victim's physical memory activity at the cache line granularity, without sharing memory with the victim. We use this capability to craft ProbeHammer, the first crash-free end-to-end Rowhammer exploit that does not rely on templating or massaging. In detail, we spray physical memory with aggressor (i.e., user) and victim (i.e., page table) data and disclose their location with Preload+Time. This primitive allows us to select safe hammering patterns and avoid unintended bit flips that may crash the system. Our evaluation confirms ProbeHammer attacks yield no false positives (hence, no crashes) by construction and can compromise real-world systems in a matter of hours.