ZENHAMMER DRAM attack, RowHammer comes to AMD

[Tee Hee Johnson]

Interesting:
https://www.theregister.com/2024/03/25/zenhammer_comes_down_on_amd/

It seems that RowHammer wasn't massively applicable to AMD, but now it somewhat is under the guise of ZENHAMMER.

Local execution required for this one, but as the article states RowHammer finally became remotely exploitable too with work and time.

AMD's response:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7021.html

Looks like the majority of mitigations recommended are towards EPYC and ECC RAM, so not 100% sure about desktop based mitigations.

Seems like its still fair game on CPU based attacks... ever since the big boys of Spectre and Meltdown they are constantly being targeted by researchers now.

 

[jigger]

This is DRAM attack and issue. Mitigation would be to use low density memory and/or high frequency memory refresh rates.

 

[Mr Oxide]

It looks like Zen4 - DDR5 got issues, too.

New ZenHammer memory attack impacts AMD Zen CPUs

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.

www.bleepingcomputer.com

 

[jigger]

It looks like Zen4 - DDR5 got issues, too.

New ZenHammer memory attack impacts AMD Zen CPUs

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.

www.bleepingcomputer.com

DDR3 too. Probably DDR6 also.

 

[Mr Oxide]

DDR3 too. Probably DDR6 also.

There is always going to be some kind of exploit.

 

[Rroff]

As I said awhile back this kind of stuff is always going to be found when an architecture has been around long enough, one of the problems with Intel being on what are very similar architectures for so long. Probably no processor/IC is immune to it.

 

[jigger]

There is always going to be some kind of exploit.

It’s fixable and some RAM is pretty resilient to row spamming. The issues is the ever increasing drive for faster, lower power and more dense memory capacity.

The big threat is in mobile devices and routers, particularly those with questionable support.

 

[Mr Oxide]

It’s fixable and some RAM is pretty resilient to row spamming. The issues is the ever increasing drive for faster, lower power and more dense memory capacity.

The big threat is in mobile devices and routers, particularly those with questionable support.

Could that be due to companies using cheaper silicon wafers in their modules? I don't know. I just thought it might be an interesting angle to look at, too.

 

[jigger]

Could that be due to companies using cheaper silicon wafers in their modules? I don't know. I just thought it might be an interesting angle to look at, too.

Price is definitely a driver, but if you keep hitting a row of cells fast and hard enough, eventually you will discharge the row to the point any adjacent rows will leak charge from the difference in potential.

The memory manufacturers need to look at the security claims.