ZENHAMMER DRAM attack, RowHammer comes to AMD

Tee Hee Johnson · 26 Mar 2024 at 14:09

Interesting:
https://www.theregister.com/2024/03/25/zenhammer_comes_down_on_amd/

It seems that RowHammer wasn't massively applicable to AMD, but now it somewhat is under the guise of ZENHAMMER.

Local execution required for this one, but as the article states RowHammer finally became remotely exploitable too with work and time.

AMD's response:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7021.html

Looks like the majority of mitigations recommended are towards EPYC and ECC RAM, so not 100% sure about desktop based mitigations.

Seems like its still fair game on CPU based attacks... ever since the big boys of Spectre and Meltdown they are constantly being targeted by researchers now.

jigger · 26 Mar 2024 at 18:15

This is DRAM attack and issue. Mitigation would be to use low density memory and/or high frequency memory refresh rates.

Mr Oxide · 26 Mar 2024 at 19:38

It looks like Zen4 - DDR5 got issues, too.

New ZenHammer memory attack impacts AMD Zen CPUs

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.

www.bleepingcomputer.com

jigger · 26 Mar 2024 at 19:49

Mr Oxide said:
It looks like Zen4 - DDR5 got issues, too.

New ZenHammer memory attack impacts AMD Zen CPUs

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.

www.bleepingcomputer.com

DDR3 too. Probably DDR6 also.

Mr Oxide · 26 Mar 2024 at 19:58

jigger said:
DDR3 too. Probably DDR6 also.

There is always going to be some kind of exploit.

Rroff · 26 Mar 2024 at 20:02

As I said awhile back this kind of stuff is always going to be found when an architecture has been around long enough, one of the problems with Intel being on what are very similar architectures for so long. Probably no processor/IC is immune to it.

jigger · 26 Mar 2024 at 20:15

Mr Oxide said:
There is always going to be some kind of exploit.

It’s fixable and some RAM is pretty resilient to row spamming. The issues is the ever increasing drive for faster, lower power and more dense memory capacity.

The big threat is in mobile devices and routers, particularly those with questionable support.

Mr Oxide · 26 Mar 2024 at 20:21

jigger said:
It’s fixable and some RAM is pretty resilient to row spamming. The issues is the ever increasing drive for faster, lower power and more dense memory capacity.

The big threat is in mobile devices and routers, particularly those with questionable support.

Could that be due to companies using cheaper silicon wafers in their modules? I don't know. I just thought it might be an interesting angle to look at, too.

jigger · 27 Mar 2024 at 14:46

Mr Oxide said:
Could that be due to companies using cheaper silicon wafers in their modules? I don't know. I just thought it might be an interesting angle to look at, too.

Price is definitely a driver, but if you keep hitting a row of cells fast and hard enough, eventually you will discharge the row to the point any adjacent rows will leak charge from the difference in potential.

The memory manufacturers need to look at the security claims.

Competitor rules

ZENHAMMER DRAM attack, RowHammer comes to AMD

More options

Tee Hee Johnson

Tee Hee Johnson

jigger

jigger

Mr Oxide

Mr Oxide

New ZenHammer memory attack impacts AMD Zen CPUs

jigger

jigger

New ZenHammer memory attack impacts AMD Zen CPUs

Mr Oxide

Mr Oxide

Rroff

Rroff

jigger

jigger

Mr Oxide

Mr Oxide

jigger

jigger