13. March 2015
Statement on Rowhammer Issue
As reported in the media, over the last few days an even more seriously classified RAM issue with DDR3 RAM without ECC has been published by the Project Zero Team at Google.
According to their findings, repeated accessing of a row of memory can change a bit in the adjacent physical memory. Under very unfavourable circumstances, an unpriviliged user could possibly gain access to external memory area in this way.
The test tool which has been released by the Google team made it possible for a Golem.de editor, who had by chance leased a Hetzner server, to induce such a bit flip on an EX4 server.
Attempts on the part of our technicians to reproduce this with an identically constructed hardware constellation were not successful. However, a BIOS update was performed on the leased server. Afterwards, according to the journalist, it was no longer possible to provoke this behaviour. Later tests, using a modified version of the tool, which accesses the corresponding adjacent areas of a row of memory (Double-Rowhammer) on both sides, were again able to induce a bit flip in a few cases.
Own tests conducted up to now have not been able to ascertain any bit flips of this kind. As, as far as we are currently aware, a great number of unfavourable factors need to be present in order to exploit this issue, an acute risk to our clients cannot be assumed. Clients noticing such behaviour on their systems are kindly requested to contact our support team.
Our technicians are continuing to carry out tests and are in contact with the mainboard manufacturers. Any new developments will be published on www.hetzner-status.com in the next few days.