Rowhammer Exploitation On AMD Platforms, DDR4 DDR5 (ETH Zurich)


A new technical paper titled “ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms” was published by researchers at ETH Zurich. The work will be presented at USENIX Security Symposium in August 2024.

“AMD has gained a significant market share in recent years with the introduction of the Zen microarchitecture. While there are many recent Rowhammer attacks launched from Intel CPUs, they are completely absent on these newer AMD CPUs due to three non-trivial challenges: 1) reverse engineering the unknown DRAM addressing functions, 2) synchronizing with refresh commands for evading in-DRAM mitigations, and 3) achieving a sufficient row activation throughput. We address these challenges in the design of ZENHAMMER, the first Rowhammer attack on recent AMD CPUs. ZENHAMMER reverse engineers DRAM addressing functions despite their non-linear nature, uses specially crafted access patterns for proper synchronization, and carefully schedules flush and fence instructions within a pattern to increase the activation throughput while preserving the access order necessary to bypass in-DRAM mitigations. Our evaluation with ten DDR4 devices shows that ZENHAMMER finds bit flips on seven and six devices on AMD Zen 2 and Zen 3, respectively, enabling Rowhammer exploitation on current AMD platforms. Furthermore, ZENHAMMER triggers Rowhammer bit flips on a DDR5 device for the first time.”

Find the ETH Zurich article here, the technical paper here (pdf file) and related Github here.

Jattke, Patrick, Max Wipfli, Flavien Solt, Michele Marazzi, Matej Bölcskei, and Kaveh Razavi. “ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms.” In 33rd USENIX Security Symposium (USENIX Security 2024). 2024.

Leave a Reply

(Note: This name will be displayed publicly)