Blacksmith

We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort. This result has a significant impact on the system’s security as DRAM devices in the wild cannot easily be fixed, and previous work showed real-world Rowhammer attacks are practical, for example, in the browser using JavaScripton smartphonesacross VMs in the cloud, and even over the network.

Rowhammer is a vulnerability caused by leaking charges in DRAM cells that enables attackers to induce bit flips in DRAM memory. To stop Rowhammer, DRAM implements a mitigation known as Target Row Refresh (TRR). Our previous work showed that the new n-sided patterns can still trigger bit flips on 31% of today’s PC-DDR4 devices. We propose a new highly effective approach for crafting non-uniform and frequency-based Rowhammer access patterns that can bypass TRR from standard PCs. We implement these patterns in our Rowhammer fuzzer named Blacksmith and show that it can bypass TRR on 100% of the PC-DDR4 DRAM devices in our test pool. Further, our work provides new insights on the deployed mitigations.

How did you do it?

We conducted a series of experiments starting from the observation that all previously used Rowhammer patterns such as single-sided, double-sided, and n-sided patterns (e.g., n=4) hammer aggressor uniformly, i.e., the same number of times.

Fig. 1: Rowhammer access patterns from previous work.Fig. 2: All existing patterns hammer aggressors uniformly.

As the search space of non-uniform patterns is huge, we conducted a series of further experiments to determine the structure of patterns that effectively bypass TRR. Our experiments showed that the order, regularity, and intensity of accessing aggressor rows in non-uniform patterns are essential. We noticed that our observations nicely match with common parameters of the frequency domain, namely frequency, phase, and amplitude. We used these parameters to design frequency-based Rowhammer patterns that can effectively explore the space of non-uniform patterns. We implemented these patterns in a black-box fuzzer named Blacksmith that determines suitable parameter values crafting effective patterns targeting a specific device.

How bad is it?

For our evaluation, we considered a test pool of 40 DDR4 devices covering the three major manufacturers (Samsung, Micron, SK Hynix), including 4 devices that did not report their manufacturer. We let our Blacksmith fuzzer run for 12 hours to assess its capability to find effective patterns. Thereafter, we swept the best pattern (based on the number of total bit flips triggered) over a contiguous memory area of 256 MB and report the number of bit flips. The results in Table 1 show that our Blacksmith fuzzer is able to trigger bit flips on all 40 DRAM devices with a large number of bit flips, especially on devices of manufacturers A and D.

We also evaluated the exploitability of these bit flips based on three attacks from previous work: an attack targeting the page frame number of a page table entry (PTE) to pivot it to an attacker-controlled page table page, an attack on the RSA-2048 public key that allows recovering the associated private key used to authenticate to an SSH host, and an attack on the password verification logic of the sudoers.so library that enables gaining root privileges.

Table 1: Result of a 12h run of the Blacksmith fuzzer on the devices of our testpool. We report for each the number of effective patterns found (#Patterns), the total no. of bit flips observed during the sweep (#Patterns), and for each attack the number of exploitable bit flips (#Expl. BFs) and the average time to trigger the first exploitable bit flip (Time).
DIMM #Patterns #Bit Flips PTE RSA-2048 sudo
#Expl. BFs Time #Expl. BFs Time #Expl. BFs Time
A0 47 82183 7604 4s 210 30s 17 5m
A1 116 12134 28 4m 12s
A2 462 134702 9198 6s 306 21s 13 6m 43s
A3 82 1746 73 2m 21s 3 47m 37s
A4 460 5132 214 33s 7 13m 16s
A5 42 113190 99 1m 27s 269 34s 12 11m 41s
A6 102 98425 52 2m 12s 220 32s 9 11m 55s
A7 66 32090 6043 6s 69 2m 5s 8 11m 11s
A8 83 92660 64 2m 24s 184 54s 15 10m 5s
A9 349 4889 136 28s 6 9m 45s
A10 350 3051 216 24s 7 12m 4s
A11 202 3171 197 2m 8s 13 23m 21s
A12 74 43581 6596 7s 116 55s 2 38m 35s
A13 72 59721 4520 8s 144 49s 7 13m 44s
A14 51 64083 5172 8s 151 44s 7 14m 19s
A15 67 52580 4567 8s 105 1m 3s 7 14m 7s
A16 372 99552 6572 6s 231 27s 13 6m 30s
A17 425 138601 9775 3s 324 11s 10 5m 1s
A18 126 80601 11124 5s 182 44s 23 5m 28s
A19 107 11599 832 3s 20 1m 18s 3 6m 21s
B0 9 63
B1 7 506 1 1h 44m* 1 2h 31m*
B2 9 15
B3 1 111 3 1h 16m
B4 101 1107 2 1h 27m 4 34m 7s
B5 19 14
B6 18 78
B7 4 70
B8 4 258 1 26m 50s*
B9 40 1223 3 1h 3m
C0 1 26 1 2h 8m*
C1 16 28
C2 82 2551 1 1h* 3 59m 39s
C3 6 636
C4 31 769 4 59m 19s 2 2h 5m
C5 23 1028 1 4h 2m*
D0 26 10646 5202 4s 23 3m 43s 4 19m 56s
D1 37 6655 4 19m 33s 15 5m 25s
D2 3 2030 135 40s 6 11m 41s
D3 41 6797 760 22s 32 5m 49s

Concluding, our work confirms that the DRAM vendors’ claims about Rowhammer protections are false and lure you into a false sense of security. All currently deployed mitigations are insufficient to fully protect against Rowhammer. Our novel patterns show that attackers can more easily exploit systems than previously assumed.

Demo

You can a demo of our Blacksmith fuzzer below, showing how easy and quick it is to find bit flips on TRR-enabled DDR4 devices. For the full details and more information about our work, please have a look at our paper, which is to appear at IEEE S&P 2022.

FAQs

Following, we provide answers to the most frequently asked questions about our work.

  • Are there any DIMMs that are safe?
    We did not find any DIMMs that are completely safe. According to our data, some DIMMs are more vulnerable to our new Rowhammer patterns than others.
  • Which implications do these new results have for me?
    Triggering bit flips has become more easy on current DDR4 devices, which facilitates attacks. As DRAM devices in the wild cannot be updated, they will remain vulnerable for many years.
  • How can I check whether my DRAM is vulnerable?
    The code of our Blacksmith Rowhammer fuzzer, which you can use to assess your DRAM device for bit flips, is available on GitHub. We also have an early FPGA version of Blacksmith, and we are working with Google to fully integrate it into an open-source FPGA Rowhammer-testing platform.
  • Why hasn’t JEDEC fixed this issue yet?
    A very good question! By now we know, thanks to a better understanding, that solving Rowhammer is hard but not impossible. We believe that there is a lot of bureaucracy involved inside JEDEC that makes it very difficult.
  • What if I have ECC-capable DIMMs?
    Previous work showed that due to the large number of bit flips in current DDR4 devices, ECC cannot provide complete protection against Rowhammer but makes exploitation harder.
  • What if my system runs with a double refresh rate?
    Besides an increased performance overhead and power consumption, previous work (e.g., Mutlu et al. and Frigo et al.) showed that doubling the refresh rate is a weak solution not providing complete protection.
  • Why did you anonymize the name of the memory vendors?
    We were forced to anonymize the DRAM vendors of our evaluation. If you are a researcher, please get in touch with us to receive more information.
  • Does Blacksmith work on DIMMs from other vendors?
    According to statistics, the three DRAM chip manufacturers considered by us cover 94% of the DRAM market. However, we have tested Blacksmith on three DRAM devices from another vendor and we could successfully trigger bit flips on these devices too.

Disclosure

We have responsibly disclosed our results to affected parties. Following, we provide a short summary of the disclosure timeline.

  • In Q1-2021, we initiated the responsible disclosure process with the National Cyber Security Centre Switzerland (NCSC-CH).
  • In Q2-2021, NCSC informed major DRAM manufacturers, OEMs, and major tech companies about our findings and shared our paper’s draft and code.
  • In Q3-2021, NCSC sent affected parties an updated version of our paper and communicated the public disclosure date.
  • In Q4-2021, we have received a CVE for our finding (CVE-2021-42114) and publicly disclosed Blacksmith on November 15, 2021.

The three DRAM manufacturers (Samsung, SK Hynix, and Micron), Intel, AMD, Microsoft, Oracle, and Google confirmed the reception of our findings. SK Hynix got in touch with us to discuss the LPDDR4X results. We discussed possible mitigations with Intel and our findings more in detail with Google.

The issues disclosed by this work are tracked under CVE-2021-42114.

Acknowledgements

This research was supported by the Swiss National Science Foundation under NCCR Automation, grant agreement 51NF40_180545, and in part by the Netherlands Organisation for Scientific Research through grant NWO 016.Veni.192.262.