Security News > 2020 > March > Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks
2020-03-10 14:35

Remember rowhammer vulnerability? A critical issue affecting modern DRAM chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips.

To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh that refreshes adjacent rows when a victim row is accessed more than a threshold.

According to the researchers, TRRespass fuzzer repeatedly selects different random rows at various locations in DRAM for hammering and works even when unaware of the implementation of the memory controller or the DRAM chip.

Target Row Refresh tries to identify possible victim rows by counting the number of adjacent row activations and comparing it against a predefined value, but it still is incapable of keeping the information about all accessed rows at the same time to effectively mitigate bit flips through aggressor rows.

"But having more aggressors overwhelms the TRR mitigation since it can only track a few aggressor rows at a time. 'Luckily' DDR4 chips are more vulnerable, giving us the possibility to reduce the number of accesses to each of the aggressors to trigger bit flips. Or, in other words, to increase the number of aggressors to bypass the mitigation."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/JXhRsG7hUy8/rowhammer-vulnerability-ddr4-dram.html