Flip Feng Shui attack on cloud VMs exploits hardware weaknesses

Security researchers VUSec, of the  Systems and Network Security Group at VU Amsterdam, have revealed an attack that changes bits in the memory page of a VM running on the same host where an attacker is also running a VM.

The Flip Feng Shui (FFS) attack exploits behaviors in memory deduplication functions and leverages a previously documented memory-altering vulnerability called Rowhammer, unveiled by Google’s Project Zero research team.

The full details of the FFS attack are elaborate, but VUsec believes it is “possible to implement FFS reliably today in the cloud.”

Does this bug you? I’m not touching you

The attack involves three phases. First, the attacker VM runs a profile on the available physical memory to determine if there are memory cells that are vulnerable to Rowhammer attacks. Second, the attacker “writes a memory page that she knows exists in the victim on the vulnerable memory location.” The two pages, the attacker’s and the victims, are then merged automatically by the system’s memory deduplication mechanism.