Re: Still does my head in
>I can visualise how buggering up memory can cause other programs to mis-behave but still struggle to visualise how you can force such a specific mis-behaviour that you can take over control of the machine.
The Google Project Zero the article refers to is outlined here. It should answer your question better than I can!
https://googleprojectzero.blogspot.co.uk/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
I think the rough idea is that by hammering the memory bits you have permission to access, you can flip a bit in adjacent memory that otherwise would be off limits to you. Part of the exploit method is to deliberately fragment the machine's memory before the hammering, so that there is a greater chance of accessible memory being adjacent to memory reserved for the kernel.