AMD’s Zen 3 & Zen 2 CPUs Now Vulnerable To “Zenhammer”, Prompting Memory Leakage

AMD's Zen platform is reportedly vulnerable to Rowhammer attacks, as revealed in new research by ETH Zurich, affecting the usability of DRAM.

Rowhammer is quite an old vulnerability, initially discovered in 2014 through collaborative research by Carnegie Mellon University and Intel. This breach affects your DRAM's contents by prompting an electric leakage in memory cells, potentially flipping the bits present to corrupt the data in the memory. Moreover, it could also lead to intruders getting access to sensitive information, and the vulnerability has expanded to AMD's Zen systems, which is why it is labeled as "Zenhammer" now.

Independent researchers from ETH Zurich have found a way to disrupt your memory contents through the Rowhammer implementation, by flipping the bits in DDR4 memory mounted in Zen 2 and Zen 3 systems. Here is how they were able to do it:

ZenHammer reverse engineers DRAM addressing functions despite their non-linear nature, uses specially crafted access patterns for proper synchronization, and carefully schedules flush and fence instructions within a pattern to increase the activation throughput while preserving the access order necessary to bypass in-DRAM mitigations.

- ETH Zurich via The Register

The research showed that AMD systems were vulnerable, similar to how Intel-based systems are, and after successfully exploiting the secret DRAM address functions, the researchers were able to adjust the timing routine and, through extensive tests, were able to integrate Rowhammer's effects into the systems, flipping the memory contents in both Zen 2 and Zen 3 systems. While this situation is alarming for relatively old AMD consumers, Team Red has responded quickly to the problem and released a security brief to address it.

AMD continues to assess the researchers’ claim of demonstrating Rowhammer bit flips on a DDR5 device for the first time. AMD will provide an update upon completion of its assessment.

AMD microprocessor products include memory controllers designed to meet industry-standard DDR specifications. Susceptibility to Rowhammer attacks varies based on the DRAM device, vendor, technology, and system settings. AMD recommends contacting your DRAM or system manufacturer to determine any susceptibility to this new variant of Rowhammer.

AMD also continues to recommend the following existing DRAM mitigation to Rowhammer-style attacks, including:

For users particularly concerned with Zenhammer, we advise them to implement mitigations suggested by Team Red themselves to stay safe from the vulnerability. Meanwhile, the company is working on assessing the situation and providing a more extensive update.

News Sources: The Register, Comsec