ZenHammer comes down on AMD Zen 2 and 3 systems

Boffins demonstrate Rowhammer memory meddling on AMD DDR4 hardware

Updated ZenHammer would be the perfect name for a heavy metal band, but alas, it's an AMD-focused variant of the decade-old Rowhammer attack that compromises computers by flipping bits of memory.

Rowhammer was first proposed in a paper [PDF] published June 2014 by researchers at Carnegie Mellon University and Intel. It's a technique for activating rows of DRAM cells – "hammering" them – in a way that corrupts the contents of adjacent memory cells. These errors then enable further exploitation, potentially allowing privilege elevation, access to secrets in kernel memory, and breaking the boundary between virtual machines and the host.

Until now Rowhammer has been mainly a concern for those using CPUs from Intel, and to a lesser extent ARM hardware. Now it's AMD's turn, with ZenHammer, although mitigation is in place we're told.

Boffins from ETH Zurich – Patrick Jattke, Max Wipfli, Flavien Solt, Michele Marazzi, Matej Bölcskei, and Kaveh Razavi – have devised a way to induce bit flips on AMD Zen 2 and Zen 3 systems with DDR4 memory despite the deployment of a defensive technique called Target Row Refresh.

"ZenHammer reverse engineers DRAM addressing functions despite their non-linear nature, uses specially crafted access patterns for proper synchronization, and carefully schedules flush and fence instructions within a pattern to increase the activation throughput while preserving the access order necessary to bypass in-DRAM mitigations," the authors explain in their paper, which was provided to The Register.

"Our evaluation with ten DDR4 devices shows that ZENHAMMER finds bit flips on seven and six devices on AMD Zen 2 and Zen 3, respectively, enabling Rowhammer exploitation on current AMD platforms."

The researchers say they achieved a high number of bit flips on both Zen 2 and Zen 3 systems, with Zen 3 being more vulnerable than Intel's Coffee Lake hardware. "We can build the page table, RSA public key corruption, and sudo exploits from prior work on 7/6/4 of these devices, taking, on average, just 164/267/209 seconds," they claim in an explanatory note.

To achieve their results, the researchers reverse-engineered secret DRAM address functions using the DRAMA memory probing tool. Then they made some changes to a timing routine and realized that an offset value had to be applied to physical memory addresses, due to system address remapping, to recover DRAM address functions. They ended up building these insights into their own DRAM reverse-engineering tool called DARE, for DRAM Address Mapping Reverse-Engineering.

Rowhammer began as a local attack – you had to have access to the target machine, meaning it was mainly an issue in scenarios involving a threat actor operating within a cloud service provider. But variations have since been demonstrated on smartphones, in web browsers, across VMs, and over the network.

ZenHammer is also a local attack. The threat model assumes the attacker knows the CPU model of the target machine and has obtained DRAM address mappings using a reverse engineering tool. It also assumes that an unprivileged attacker can execute programs on the victim's machine.

Asked whether a remote attack could be devised, Kaveh Razavi, assistant professor in the department of information technology and electrical engineering at ETH Zürich, told The Register: "We did not build a JavaScript based attack based on ZenHammer. My guess is that it is possible, but it requires some more engineering effort similar to what has been done in the past on Intel CPUs."

In 2019, vendors like Oracle downplayed the risk of a Rowhammer-variant called RAMBleed, claiming its x86 and SPARC servers were not affected "because Oracle only employs DDR4 DIMMs that have implemented the Target Row Refresh (TRR) defense mechanism against RowHammer."

The following year, one of the ZenHammer paper's co-authors, Kaveh Razavi, participated in the development of TRRespass [PDF], a technique for conducting Rowhammer attacks on DDR4 memory chips protected by TRR.

So while it's unsurprising that DDR4 hardware may succumb to Rowhammer probing, this work extends the attack surface of Rowhammer significantly. The computer scientists observe that AMD's share of the x86 desktop market today is around 36 percent.

They also note that for the first time they've demonstrated bit flips on a DDR5 device, an AMD Zen 4 system (Ryzen 7 7700X). While their success was limited – only 1 in 10 DDR5 devices succumbed due to improvements like on-die error correction code (ECC), and a higher 32 ms refresh rate – they anticipate that their findings "will make it easier to port Rowhammer attacks to newer platforms in the future, such as DDR5 devices."

The authors are scheduled to present their findings at USENIX Security 2024 in August 2024

AMD did not respond to a request for comment. ®

Updated to add

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7021.html

More about

TIP US OFF

Send us news


Other stories you might like