A team of researchers from the Free University of Amsterdam, ETH Zurich and Qualcomm
RowHammer vulnerability allows to distort the contents of individual bits of memory by cyclically reading data from neighboring memory cells. Since DRAM memory is a two-dimensional array of cells, each of which consists of a capacitor and a transistor, performing continuous reading of the same area of ββmemory results in voltage fluctuations and anomalies that cause a slight loss of charge in neighboring cells. If the reading intensity is high enough, then the cell may lose a sufficiently large amount of charge and the next regeneration cycle will not have time to restore its original state, which will lead to a change in the value of the data stored in the cell.
To block this effect, modern DDR4 chips use TRR (Target Row Refresh) technology, which is designed to prevent cell distortion during a RowHammer attack. The problem is that there is no single approach to the implementation of TRR, and each CPU and memory manufacturer interprets TRR in its own way, applies its own protection options and does not disclose implementation details.
The study of RowHammer blocking methods used by manufacturers made it easy to find ways to bypass protection. When checking, it turned out that the principle practiced by manufacturers "
The utility developed by the researchers allows you to check the susceptibility of chips to multilateral RowHammer attacks, in which an attempt to influence the charge is made for several rows of memory cells at once. Such attacks bypass the TRR protection implemented by some manufacturers and lead to memory bit corruption even on new hardware with DDR4 memory.
Of the 42 DIMMs studied, 13 were vulnerable to non-standard variants of the RowHammer attack, despite the declared protection. Problem modules are produced by SK Hynix, Micron and Samsung, whose products
In addition to DDR4, LPDDR4 chips used in mobile devices were also studied, which also turned out to be sensitive to extended variants of the RowHammer attack. In particular, the memory used in Google Pixel smartphones, Google Pixel 3, LG G7, OnePlus 7 and Samsung Galaxy S10 was affected by the problem.
The researchers were able to reproduce several exploitation techniques on problematic DDR4 chips. For example, using RowHammer-
A utility has been published to check the DDR4 memory chips used by users
Company
Source: opennet.ru