By 
On Tuesday, a team of cybersecurity researchers disclosed details of a new side-channel attack on dynamic random-access memory (DRAM) that could let spiteful programs installed on a modern system to read sensitive memory data from other procedures running on the same hardware.
The new attack, dubbed RAMBleed and recognized as CVE-2019-0174, is based on a renowned class of DRAM side channel attack called Rowhammer, various variants [GLitch, RAMpage, Throwhammer, Nethammer, Drammer] of which have been verified by researchers lately.
Rowhammer bug, known since 2012, is a hardware dependability issue that was found in the new generation of DRAM chips.
It transpired that repetitively and fast accessing (hammering) a row of memory can cause bit flips in adjacent rows, i.e., changing their bit values from 0 to 1 or vice-versa.
Later, researchers also established successful exploits to attain privilege growth on the susceptible computers by flipping (writing) bits in the victim’s memory.
Revealed by a team of researchers from the University of Michigan, Graz University of Technology and the University of Adelaide, the new RAMBleed also depends on the bit-flip device; but instead of writing data in the adjacent rows, this attack allows attackers to read the information in protected memory belonging to other programs and users.
“More specifically, we show how an unprivileged attacker can exploit the data dependence between Rowhammer induced bit flips and the bits in nearby rows to deduce these bits, including values belonging to other processes and the kernel.”
“Thus, the primary contribution of this work is to show that Rowhammer is a threat to not only integrity but to confidentiality as well.”
To reveal the read side channel method, researchers presented an attack against OpenSSH 7.9 running on a Linux machine and successfully extracted an RSA-2048 key from the root level SSH daemon.
