MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,878
New ZenHammer memory attack impacts AMD Zen CPUs
https://www.bleepingcomputer.com/news/security/new-zenhammer-memory-attack-impacts-amd-zen-cpus/
https://www.bleepingcomputer.com/news/security/new-zenhammer-memory-attack-impacts-amd-zen-cpus/
Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.
AMD Zen chips and DDR5 RAM modules were previously considered less vulnerable to Rowhammer, so the latest findings challenge this notion.
The ZenHammer attack was developed by researchers at public research university ETH Zurich, who shared their technical paper with BleepingComputer.
Attack background
Rowhammer is a well-documented attack method that exploits a physical characteristic of modern Dynamic Random-Access Memory (DRAM) to alter data by repeatedly accessing ("hammering") specific rows of memory cells through read/write operations to change bit values inside.
Memory cells store information as electric charges that determine the value of the bits inside as a 1 or a 0. Because of the increased density of the memory cells in modern chipscells, repeated "hammering" can change the charge state in adjiacent rows, a process known as "bit flipping."
By strategically inducing these bit flips in specific locations, an attacker could gain access to sensitive data (e.g. cryptographic keys) or escalate privileges.
The technique has been demonstrated on Intel and ARM CPUs, leaving AMD's Zen architecture CPUs largely unexplored due to inherent challenges such as unknown DRAM addressing schemes, synchronization with refresh commands, and difficulty to achieve a high enough row activation throughput.
With ZenHammer, the researchers at ETH Zurich managed to address these challenges by reverse-engineering the complex and non-linear DRAM addressing functions in AMD platforms.