Frequently asked questions

Can you explain the problem in layman's terms?

Security researchers have demonstrated a GPU-initiated microarchitectural attack via a WebGL program enabling them to construct pointers to arbitrary virtual memory locations.

The method is using side-channel and so-called ‘Rowhammer’ attacks from remote JavaScript.

The so-called ‘Rowhammer’ attack has existed for several years, but recent research has shown such an attack can potentially be initiated from a GPU.

What kind of data is vulnerable?

Malware using this method and running remotely via a WebGL program could expose sensitive data on the system. 

What is a ‘Rowhammer’ attack? 

The so-called 'Rowhammer' attack was initially found by researchers in 2014 and the Project Zero at Google revealed two working privilege escalation exploits in 2015.

It is a side effect of DRAM. By frequently activating specific rows an attacker can influence the charge in the capacitors of adjacent rows, making it possible to induce bit flips in a victim row without having access to its data.

What is WebGL and how can it be used for a so-called ‘Rowhammer’ attack?

WebGL (Web Graphics Library) is a JavaScript API for rendering interactive 3D and 2D graphics within any compatible web browser without the use of plug-ins. Malware can use it for remote so-called ‘Rowhammer’-type attacks via GPU acceleration.

What does this mean for the average mobile user?

Such an attack could potentially allow for unauthorized access to sensitive data on mobile devices.

What did you do upon being notified?

We took the immediate action to assess the scope of impact and worked together as an industry-wide effort. We have communicated the mitigation measures to all affected silicon partners. There was no delay between Arm partners providing details of the new technique and Arm starting to take action.

What consumer products are affected?

GPUs are a common part of consumer products, such as mobile phones, DTVs, and VR devices.  The most recent exploit described here utilizes the GPU to initiate a so-called ‘Rowhammer’ attack. There are software mitigations to address it.

What Mali GPUs are impacted?

It may be possible that variants of the exploit discovered by the researchers could be found on Mali GPUs.

We are not aware of any such exploits on Mali GPUs and believe that the memory structure and internal timing of Mali GPUs would make it difficult to implement.

Are Mali GPUs safer than others?

We have no comments on non-Mali GPUs. However, as previously stated, our assessment is that it will be difficult to find such an exploit on Mali GPUs.

Are software mitigations available, and will I get them?

Yes, there are software mitigations in web browsers to disable the high-resolution timer or to provide a less accurate timer. Google has disabled the high-resolution timer in Chrome. Please ensure your browser is up-to-date in line with good practice.