Is Raspberry Pi affected by "rowhammer" vulnerability?

[zervanko]

Due to news about RAMPage (Android vulnerability), I found out about the thing, that called "rowhammer". So is Raspberry Pi vulnerable to rowhammer attack. Actually, I care about Raspberry Pi 3.

[wildfire]

The Pi uses DDR2 RAM, so no rowhammer is not an issue.

[zervanko]

The Pi uses DDR2 RAM, so no rowhammer is not an issue.

It uses LPDDR2, which is not the same as DDR2

[The Traveler]

It uses LPDDR2, which is not the same as DDR2

"Row hammer rarely or never affects DDR and DDR2 SDRAM modules." from Wikipedia article.
The biggest difference is LPDDR2 is "low power" consumption. So it's highly unlikely that row hammer affects it.

Cheers.

[zervanko]

It uses LPDDR2, which is not the same as DDR2

"Row hammer rarely or never affects DDR and DDR2 SDRAM modules." from Wikipedia article.
The biggest difference is LPDDR2 is "low power" consumption. So it's highly unlikely that row hammer affects it.

Cheers.

But here you can see, that RAMPage works on LPDDR2 https://www.bleepingcomputer.com/news/s ... erability/ and here https://www.androidcentral.com/rampage-exploit-android that DDR2 also affected. Wikipedia is lying or I do not understand something?

[The Traveler]

Wikipedia is lying or I do not understand something?

"The vulnerability could allow an adversary to create an exploit to gain administrative control over targeted Android smartphones and tablets. The flaw impacts Android devices dating back to 2012."

In this business, nothing is 100%, there's always a vulnerability somewhere. You'll note this in this new variation the attacks are focused on Android devices using the ION memory management code. That makes it fairly specific. It's the "likelihood" that is the concern. If you're worried that your device might get hacked, then take precautions to make is as hard as possible to access it. Use best practices to ensure that your device(s) are as secure as you can make them.

Otherwise, I wouldn't lose any sleep over it.

Cheers.