How is it a write-only attack vector?

privatelypublic · 2025-07-16T03:14:32 1752635672

Rowhammer allows you to corrupt/alter memory physically adjacent to memory you have access to. It doesn't let you read the memory you're attacking.

There's PoC's of corrupting memory _that the kernel uses to decide what that process can access_ but the process can't read that memory. It only knows that the kernel says yes where it used to say no. (Assuming it doesn't crash the whole machine first)

SnowflakeOnIce · 2025-07-16T11:36:58 1752665818

Suppose you have access to certain memory. If you repeatedly read from that memory, can't you still corrupt/alter the physically adjacent memory you don't have access to? Does it really need to be a write operation you repeatedly perform?

extraduder_ire · 2025-07-16T21:57:55 1752703075

> Does it really need to be a write operation you repeatedly perform?

Yes. The core of rowhammer attacks is in changing the values in RAM repeatedly, creating a magnetic field, which induces a change in the state of nearby cells of memory. Reading memory doesn't do that as far as I know.

privatelypublic · 2025-07-16T14:32:28 1752676348

I probably should have called it "blind" instead.