Paper is in the repo, slides: http://users.ece.cmu.edu/~omutlu/pub/dram-row-hammer_kim_talk_isca14.pdf
Has anyone tried testing this sort of thing on two virtual machines running on the same machine?
From reading the presentation it seems like they could be vulnerable - which means if you happened to get a server on the same physical machine you could start getting other local VMs to crash. It would be truly impressive to run a successful exploit this way!
On the plus side, it seems like it would be difficult to get a web service to perform this sort of attack for you.
Oh, crap. You are absolutely right. Definitely something to test for when hosting them.
This looks like some very good and equally scary research. And I love how the paper, presentation and code are not behind a paywall.
Judging from the graphs in their slides, it seems like DRAM manufacturers started addressing this issue pretty quickly after the discovery, since it seems modules which weren’t vulnerable started surfacing near the end of 2013. Or maybe it was just a lucky side effect of some other change.