ZenHammer comes down on AMD Zen 2 and 3 systems
Boffins demonstrate Rowhammer memory meddling on AMD DDR4 hardware
Updated ZenHammer would be the perfect name for a heavy metal band, but alas, it's an AMD-focused variant of the decade-old Rowhammer attack that compromises computers by flipping bits of memory.
Rowhammer was first proposed in a paper [PDF] published June 2014 by researchers at Carnegie Mellon University and Intel. It's a technique for activating rows of DRAM cells – "hammering" them – in a way that corrupts the contents of adjacent memory cells. These errors then enable further exploitation, potentially allowing privilege elevation, access to secrets in kernel memory, and breaking the boundary between virtual machines and the host.
Until now Rowhammer has been mainly a concern for those using CPUs from Intel, and to a lesser extent ARM hardware. Now it's AMD's turn, with ZenHammer, although mitigation is in place we're told.
Boffins from ETH Zurich – Patrick Jattke, Max Wipfli, Flavien Solt, Michele Marazzi, Matej Bölcskei, and Kaveh Razavi – have devised a way to induce bit flips on AMD Zen 2 and Zen 3 systems with DDR4 memory despite the deployment of a defensive technique called Target Row Refresh.
"ZenHammer reverse engineers DRAM addressing functions despite their non-linear nature, uses specially crafted access patterns for proper synchronization, and carefully schedules flush and fence instructions within a pattern to increase the activation throughput while preserving the access order necessary to bypass in-DRAM mitigations," the authors explain in their paper, which was provided to The Register.
"Our evaluation with ten DDR4 devices shows that ZENHAMMER finds bit flips on seven and six devices on AMD Zen 2 and Zen 3, respectively, enabling Rowhammer exploitation on current AMD platforms."
The researchers say they achieved a high number of bit flips on both Zen 2 and Zen 3 systems, with Zen 3 being more vulnerable than Intel's Coffee Lake hardware. "We can build the page table, RSA public key corruption, and sudo exploits from prior work on 7/6/4 of these devices, taking, on average, just 164/267/209 seconds," they claim in an explanatory note.
To achieve their results, the researchers reverse-engineered secret DRAM address functions using the DRAMA memory probing tool. Then they made some changes to a timing routine and realized that an offset value had to be applied to physical memory addresses, due to system address remapping, to recover DRAM address functions. They ended up building these insights into their own DRAM reverse-engineering tool called DARE, for DRAM Address Mapping Reverse-Engineering.
Rowhammer began as a local attack – you had to have access to the target machine, meaning it was mainly an issue in scenarios involving a threat actor operating within a cloud service provider. But variations have since been demonstrated on smartphones, in web browsers, across VMs, and over the network.
ZenHammer is also a local attack. The threat model assumes the attacker knows the CPU model of the target machine and has obtained DRAM address mappings using a reverse engineering tool. It also assumes that an unprivileged attacker can execute programs on the victim's machine.
Asked whether a remote attack could be devised, Kaveh Razavi, assistant professor in the department of information technology and electrical engineering at ETH Zürich, told The Register: "We did not build a JavaScript based attack based on ZenHammer. My guess is that it is possible, but it requires some more engineering effort similar to what has been done in the past on Intel CPUs."
- AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling
- Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical
- RAM-ramming Rowhammer is back – to uniquely fingerprint devices
- 3 is the magic number (of bits): Flip 'em at once and your ECC protection can be Rowhammer'd
In 2019, vendors like Oracle downplayed the risk of a Rowhammer-variant called RAMBleed, claiming its x86 and SPARC servers were not affected "because Oracle only employs DDR4 DIMMs that have implemented the Target Row Refresh (TRR) defense mechanism against RowHammer."
The following year, one of the ZenHammer paper's co-authors, Kaveh Razavi, participated in the development of TRRespass [PDF], a technique for conducting Rowhammer attacks on DDR4 memory chips protected by TRR.
So while it's unsurprising that DDR4 hardware may succumb to Rowhammer probing, this work extends the attack surface of Rowhammer significantly. The computer scientists observe that AMD's share of the x86 desktop market today is around 36 percent.
They also note that for the first time they've demonstrated bit flips on a DDR5 device, an AMD Zen 4 system (Ryzen 7 7700X). While their success was limited – only 1 in 10 DDR5 devices succumbed due to improvements like on-die error correction code (ECC), and a higher 32 ms refresh rate – they anticipate that their findings "will make it easier to port Rowhammer attacks to newer platforms in the future, such as DDR5 devices."
The authors are scheduled to present their findings at USENIX Security 2024 in August 2024
AMD did not respond to a request for comment. ®
Updated to add
AMD has shared its response to the Zenhammer findings here.
"AMD recommends contacting your DRAM or system manufacturer to determine any susceptibility to this new variant of Rowhammer," is the bottom line.