How does RAMBleed work?
Rowhammer induced bit flips are data dependent, i.e. a bit is more likely to flip when the bits above and below it have the opposite charge. This creates a data-dependent side channel, wherein an attacker can deduce the values of bits in nearby rows by observing bit flips in her own memory rows. Finally, as the data in nearby rows might belong to a different process, this leakage breaks the isolation boundaries enforced by the operating system.
To exploit this effect, we developed novel memory massaging techniques to carefully place the victim’s secret data in the rows above and below the attacker’s memory row. This causes the bit flips in the attacker’s rows to depend on the values of the victim’s secret data. The attacker can then use Rowhammer to induce bit flips in her own memory, thereby leaking the victim’s secret data.
A side effect of: https://en.wikipedia.org/wiki/Row_hammer