Another attack has emerged online, demonstrating the notorious Rowhammer’s persistent existence as a threat to processors. The researchers have exploited Rowhammer in the new ZenHammer attack against AMD Zen CPUs.
ZenHammer Attack Targets AMD Zen CPUs
Researchers from ETH Zurich have devised a new attack strategy against AMD processors, demonstrating the continued risk of the well-known Rowhammer vulnerability.
While this vulnerability has long been a threat to Intel CPUs, this time, the researchers exploited it against AMD Zen CPUs, thus calling the attack “ZenHammer.” Since, unlike Intel, AMD chips haven’t been analyzed much regarding Rowhammer, this study holds significance.
Specifically, the researchers conducted the ZenHammer attack against AMD Zen 2 and 3 chips even with deployed Target Row Refresh (TRR) mitigations. For this, they reverse-engineered the DRAM addressing functions in AMD. Once done, they perform the proposed ZenHammer attack and could induce bit flips DDR4/AMD Zen 2 (Ryzen 5 3600X) and Zen 3 (Ryzen 5 5600G) in most test cases, including some success with DDR5 chips on AMD Zen 4 that otherwise boasts resistance to Rowhammer. However, the researchers couldn’t succeed with the Ryzen 7 7700X, which exhibits numerous Rowhammer mitigations.
The researchers shared their study via a detailed research paper scheduled to appear in the USENIX Security 2024 in August 2024, alongside setting up a dedicated web page with ZenHammer’s information. Moreover, the researchers have also shared their ZenHammer fuzzer on GitHub for the users to check whether their DRAM is vulnerable to ZenHammer.
AMD’s Response To ZenHammer
Following this discovery, the researchers responsibly disclosed the issue to AMD in February 2024, going ahead with the public disclosure in March 2024.
In response to the researchers’ report, AMD issued a detailed advisory explaining that it plans to address Rowhammer bit flips on its DDR5 devices. Alongside confirming the inclusion of memory controllers that meet industry-standard DDR specifications, AMD also shared various Rowhammer mitigations to prevent such attacks.
Let us know your thoughts in the comments.