Level 33
Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer's memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges.

Dubbed RAMBleed, the attack is based on the Rowhammer vulnerability and can be used to break the safe-storage promise of random access memory (RAM) modules; even those that integrate error-correcting code (ECC) mechanism.

Rowhammer started as an experimental study that tested the isolation of information loaded in RAM. As memory modules became physically smaller and their storage larger, the space between the inner cells grew shorter; which created an opportunity for electrical interference that could change the charge of the memory bits.

Through repeated reading from the same address, neighboring data can be corrupted, the researchers said in a paper published in 2014, as the bits change from 1 to 0 and vice-versa - a process known as bit flipping, thus altering the stored data.