A new memory attack named ZenHammer has been discovered by academic researchers, impacting AMD Zen CPUs. This variant of the Rowhammer DRAM attack is the first to work on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.
Previously, AMD Zen chips and DDR5 RAM modules were considered less vulnerable to Rowhammer attacks, but the latest findings challenge this notion. The ZenHammer attack was developed by researchers at ETH Zurich, a public research university, who shared their technical paper with BleepingComputer.
Rowhammer exploits a physical characteristic of modern DRAM to alter data by repeatedly accessing specific rows of memory cells. By inducing bit flips in specific locations, an attacker could gain access to sensitive data or escalate privileges.
The researchers at ETH Zurich managed to develop ZenHammer by addressing inherent challenges in AMD’s Zen architecture, such as unknown DRAM addressing schemes and difficulty in achieving high row activation throughput. They reverse-engineered complex DRAM addressing functions and developed synchronization techniques to time attacks with DRAM’s refresh commands.
The researchers demonstrated the effectiveness of the ZenHammer attack on DDR4 devices on AMD Zen 2 and Zen 3 platforms, as well as DDR5 chips on AMD’s Zen 4 platform. Despite improvements in DDR5 mitigations, the attack was successful in manipulating page table entries for unauthorized memory access.
To defend against this threat, AMD CPU users are advised to apply software patches and firmware updates. They may also consider using hardware with specific mitigations against Rowhammer. AMD has published a security bulletin in response to ZenHammer, providing mitigation advice and assuring users that they are assessing the issues thoroughly and will provide updates.
