The infamous Rowhammer DRAM attack can now be pulled off on some AMD CPUs as well, academic researchers from ETH Zurich have proved.
As reported by BleepingComputer, the researchers dubbed the attack ZenHammer, after cracking the complex, non-linear DRAM addressing functions in AMD platforms.
For the uninitiated, the Rowhammer DRAM attack revolves around changing data in Dynamic Random Access-Memory (DRAM), by repeatedly “hammering”, or accessing, specific rows of memory cells. Memory cells keep information as electric charges. These charges determine the value of the bits, which can either be a 0, or a 1. As the density of the memory cells in today’s chips is fairly big, “hammering” can alter the state in adjacent rows, or “flip” the bit. By flipping specific bits, the attackers can pull cryptographic keys, or other sensitive data, BleepingComputer explained.
Purely theoretical?
This means that AMD has joined Intel and ARM CPUs who were already known to be vulnerable to hammering attacks.
The researchers tested their theory on different platforms. For AMD Zen 2, they were successful 70% of the time. For AMD Zen 3, 60%. For AMD Zen 4, however, they were only successful 10% of the time, suggesting that “the changes in DDR5 such as improved Rowhammer mitigations, on-die error correction code (ECC), and a higher refresh rate (32 ms) make it harder to trigger bit flips.”
While usually academic research is purely theoretical, the researchers said this attack could be pulled off in the real world, too. They simulated successful attacks targeting the system’s security, and manipulating page table entries for unauthorized memory access.
Those fearing ZenHammer, it’s important to stress that these types of attacks are quite difficult to pull off. What’s more, there are patches and mitigations. Earlier this week, AMD released a security advisory with mitigation options.