New 'Mayhem' Attack Bypasses Security in OpenSSH, OpenSSL and MySQL via Fault Injection

A new paper titled "Mayhem: Targeted Corruption of Register and Stack Variables" reveals a critical security vulnerability that could allow hackers to bypass authentication checks in widely used software like OpenSSH, OpenSSL, MySQL, and SUDO. 

The vulnerability enables attackers to corrupt sensitive data stored in registers and on the program stack through a technique called Rowhammer.

What is Rowhammer?

Rowhammer is a well-known method for inducing hardware faults by rapidly accessing data from DRAM memory chips. Repeatedly activating the same row in DRAM can cause bit flips in adjacent rows, a phenomenon known as the Rowhammer effect.

Prior rowhammer attacks focused on flipping bits in dynamically allocated memory or binaries loaded from disk. This new attack is the first to demonstrate the corruption of register and stack variables using Rowhammer - data that was previously considered impervious to software fault injection.

Flipping Bits in Registers and on the Stack

The stack is a temporary memory used by software to store data like function parameters and local variables. Registers are small high-speed storage directly inside the CPU. Both stack and registers rely on fast SRAM rather than DRAM, so were assumed safe from Rowhammer.

However, the researchers found ways to force register values onto the stack at predictable times. 

For example, by triggering interrupt handlers or context switches, an attacker can cause the OS to save register contents to the stack. Stack data occasionally gets flushed out to main memory, where it becomes vulnerable to Rowhammer before being reloaded into registers.

By hammering physical memory containing saved register or stack data, random bit flips can be introduced. If this corrupted data contains security checks or authentication tokens, it may allow attackers to bypass login prompts, authenticate as an admin, or escalate privileges.

Image: Vernam Lab

Real-World Impacts

The paper demonstrates several practical attacks abusing this vector:

• Bypassing SUDO authentication to gain root access
• OpenSSH remote login without knowing the password
• Corrupting signature verification in OpenSSL libraries
• Defeating security checks in MySQL user authentication

These proofs of concept took between 20 minutes and 2 hours of profiling memory and hammering during a vulnerability window to induce a faulty authentication. The impact is privilege escalation, leaked sensitive data, or remote system compromise in common software.

Mitigating the Threat

The research illustrates a new class of surgical fault injection attacks that can reliably subvert program security, representing a practical threat. The authors recommend mitigation techniques focused on adding redundancy to make it harder to influence logic with single-bit flips:

• Use tighter conditional check logic - require security variables to match specific values rather than just be "non-zero"
• Store security flags in CPU registers instead of stack where possible
• Incorporate parity checks or canary values to detect corruption
• Refresh or reload sensitive data after returning from interrupt handlers
• Avoid frequent context switching for security-critical operations

“The idea is that any bit can be flipped in auth, and it will result in a mis-authentication. We prove this is a potential vulnerability in OpenSSH, OpenSSL, MySQL, and SUDO. To mitigate this, it is important to have tight logic such that a single-bit flip will not result in unintended execution,” researchers wrote.

The researchers demonstrated these principles by proposing mitigation for the specific sudo vulnerability they uncovered, which has been issued CVE-2023-42465 and patched in sudo v1.9.15.

This attack vector highlights that as Rowhammer techniques advance, previously "hardened" areas of memory should not be blindly trusted. Careful coding practices will be needed to guard against rising software fault injection threats.

The Mayhem attack highlights an emerging class of surgical fault injection attacks that the security community will need to continue researching. Adding redundancy and randomness where possible appears to be the best way to mitigate the threat today. The paper [PDF] provides an important look at these techniques security engineers should review to understand the risks and defenses.