grsecurity forums

I just read this article about bit flipping & rowhammering: http://arstechnica.com/security/2015/03 ... -weakness/

PoCs here https://code.google.com/p/google-securi ... ail?id=283 and here https://github.com/google/rowhammer-test

Is there anything the grsec patch can do to mitigate this issue?

ECC will correct 1 bit errors and cause a panic on 2 bit errors. This means the vulnerability can only occur if 3 or more bits are flipped, otherwise it's just a DoS attack at best. Perhaps grsecurity could set a rate limit on 1 bit error correction and panic early to make it even less likely for an attack like this to succeed. This would make a DoS attack a bit easier, but only due to the faulty hardware that's vulnerable to this... I doubt there's anything that can be done for consumer hardware.