A new ZenHammer attack is targeting more AMD CPUs

One of the best amd processor picks against a fuchia techradar background
(Image credit: Future)

The infamous Rowhammer DRAM attack can now be pulled off on some AMD CPUs as well, academic researchers from ETH Zurich have proved.

As reported by BleepingComputer, the researchers dubbed the attack ZenHammer, after cracking the complex, non-linear DRAM addressing functions in AMD platforms.

For the uninitiated, the Rowhammer DRAM attack revolves around changing data in Dynamic Random Access-Memory (DRAM), by repeatedly “hammering”, or accessing, specific rows of memory cells. Memory cells keep information as electric charges. These charges determine the value of the bits, which can either be a 0, or a 1. As the density of the memory cells in today’s chips is fairly big, “hammering” can alter the state in adjacent rows, or “flip” the bit. By flipping specific bits, the attackers can pull cryptographic keys, or other sensitive data, BleepingComputer explained.

Purely theoretical?

This means that AMD has joined Intel and ARM CPUs who were already known to be vulnerable to hammering attacks.

The researchers tested their theory on different platforms. For AMD Zen 2, they were successful 70% of the time. For AMD Zen 3, 60%. For AMD Zen 4, however, they were only successful 10% of the time, suggesting that “the changes in DDR5 such as improved Rowhammer mitigations, on-die error correction code (ECC), and a higher refresh rate (32 ms) make it harder to trigger bit flips."

While usually academic research is purely theoretical, the researchers said this attack could be pulled off in the real world, too. They simulated successful attacks targeting the system’s security, and manipulating page table entries for unauthorized memory access.

Those fearing ZenHammer, it’s important to stress that these types of attacks are quite difficult to pull off. What’s more, there are patches and mitigations. Earlier this week, AMD released a security advisory with mitigation options.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.