Researchers build “fuzzer” that supercharges potentially serious bitflipping exploits.

Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks.

Rowhammer attacks work by accessing – or hammering – physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. Researchers have shown the attacks can be used to give untrusted applications nearly unfettered system privileges, bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources, and root or infect Android devices, among other things.

All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” rows – meaning those that cause bitflips in nearby “victim” rows – are accessed the same number of times.

Rowhammer access patterns from previous work, showing spatial arrangement of aggressor rows (in black) and victim rows (in orange and cream) in DRAM memory

Relative activation frequency, i.e., number of ACTIVATEs per aggressor row in a Rowhammer pattern. Notice how they hammer aggressors uniformly.

Bypassing all in-DRAM mitigations

Research published on Monday presented a new Rowhammer technique. It uses non-uniform patterns that access two or more aggressor rows with different frequencies. The result: all 40 of the randomly selected DIMMs in a test pool experienced bitflips, up from 13 out of 42 chips tested in previous work from the same researchers.

“We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,” Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. “This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. These issues cannot be patched due to their hardware nature and will remain with us for many years to come.”

The non-uniform patterns work against Target Row Refresh. Abbreviated as TRR, the mitigation works differently from vendor to vendor but generally tracks the number of times a row is accessed and recharges neighboring victim rows when there are signs of abuse. The neutering of this defense puts further pressure on chipmakers to mitigate a class of attacks that many people thought more recent types of memory chips were resistant to.

In Monday’s paper, the researchers wrote:

Proprietary, undocumented in-DRAM TRR is currently the only mitigation that stands between Rowhammer and attackers exploiting it in various scenarios such as browsers, mobile phones, the cloud, and even over the network. In this paper, we show how deviations from known uniform Rowhammer access patterns allow attackers to flip bits on all 40 recently-acquired DDR4 DIMMs, 2.6× more than the state of the art. The effectiveness of these new non-uniform patterns in bypassing TRR highlights the need for a more principled approach to address Rowhammer.

Serious consequences

The effects of previous Rowhammer demonstrations have been serious. In one case, researchers were able to gain unrestricted access to all physical memory by flipping bits in the page table entry, which maps the memory address locations. The same research also demonstrated how untrusted applications could gain root privileges. In another case, researchers used Rowhammer to pluck a 2048-bit encryption key out of memory.

Razavi and Jattke said that one of their students was able to use the new approach to reproduce the crypto key attack, and simulations suggest that the other attacks are also possible. The researchers haven’t fully implemented the previous attacks because of the significant amounts of engineering required.

The researchers implemented the non-uniform access patterns using a custom-built “fuzzer,” which is software that detects bugs by automatically injecting malformed data in a semi-random fashion into a piece of hardware or software. The researchers then pointed Blacksmith, the name they gave to the fuzzer, at a wide variety of DDR4 modules that comprise about 94 percent of the DRAM market.

For our evaluation, we considered a test pool of 40 DDR4 devices covering the three major manufacturers (Samsung, Micron, SK Hynix), including 4 devices that did not report their manufacturer. We let our Blacksmith fuzzer run for 12 hours to assess its capability to find effective patterns. Thereafter, we swept the best pattern (based on the number of total bit flips triggered) over a contiguous memory area of 256 MB and report the number of bit flips. The results in Table 1 show that our Blacksmith fuzzer is able to trigger bit flips on all 40 DRAM devices with a large number of bit flips, especially on devices of [two unnamed manufacturers].

We also evaluated the exploitability of these bit flips based on three attacks from previous work: an attack targeting the page frame number of a page table entry (PTE) to pivot it to an attacker-controlled page table page, an attack on the RSA-2048 public key that allows recovering the associated private key used to authenticate to an SSH host, and an attack on the password verification logic of the sudoers.so library that enables gaining root privileges.

Representatives of Micron, Samsung, and Hynix didn’t respond to emails seeking comment for this post.