Is there a “rowhammer” for MLC NAND Flash SSDs? An analysis of filesystem attack vectors

Abstract

Rowhammer demonstrated that non-physical hardwareweakness- based attacks can be devastating. In a recent paper, Cai et al. [2] propose that similar attacks can be performed on MLC NAND flash-based SSDs, with potentially devastating effects as well. In this paper, we discuss the requirements for a successful, full-system, local privilege attack on SSDs and show a filesystem based attack vector, which we demonstrate. In particular, to motivate the assumptions of the filesystem-level attack, we show the attack primitive that an attacker can obtain by making use of cell-to-cell interference is quite weak, and therefore requires a carefully crafted attack at the OS layer for successful exploitation.