Row hammer

[7][8] Different hardware-based techniques exist to prevent the Rowhammer effect from occurring, including required support in some processors and types of DRAM memory modules.

[9][10] In dynamic RAM (DRAM), each bit of stored data occupies a separate memory cell that is electrically implemented with one capacitor and one transistor.

Write operations decode the addresses in a similar way, but as a result of the design entire rows must be rewritten for the value of a single bit to be changed.

However, researchers proved in a 2014 analysis that commercially available DDR3 SDRAM chips manufactured in 2012 and 2013 are susceptible to disturbance errors, while using the term Rowhammer to name the associated side effect that led to observed bit flips.

Using this and synchronizing patterns with the REFRESH command, it is possible to very effectively determine "blind spots" where the mitigation is not able to provide protection anymore.

Based on this idea, academics built a Rowhammer fuzzer named Blacksmith[21] that can bypass existing mitigations on all DDR4 devices.

[1]: 10–11 [25] Since the release of Ivy Bridge microarchitecture, Intel Xeon processors support the so-called pseudo target row refresh (pTRR) that can be used in combination with pTRR-compliant DDR3 dual in-line memory modules (DIMMs) to mitigate the Rowhammer effect by automatically refreshing possible victim rows, with no negative impact on performance or power consumption.

[9] The LPDDR4 mobile memory standard published by JEDEC[26] includes optional hardware support for the so-called target row refresh (TRR) that prevents the Rowhammer effect without negatively impacting performance or power consumption.

[26][32] Research showed that TRR mitigations deployed on DDR4 UDIMMs and LPDDR4X chips from devices produced between 2019 and 2020 are not effective in protecting against Rowhammer.

[20] Due to their necessity of huge numbers of rapidly performed DRAM row activations, Rowhammer exploits issue large numbers of uncached memory accesses that cause cache misses, which can be detected by monitoring the rate of cache misses for unusual peaks using hardware performance counters.

Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system.

[2][4][18][37] In comparison, "conventional" attack vectors such as buffer overflows aim at circumventing the protection mechanisms at the software level, by exploiting various programming mistakes to achieve alterations of otherwise inaccessible main memory contents.

[18]: 34, 36–57  Due to its nature and the inability of the x86-64 architecture to make clflush a privileged machine instruction, this exploit can hardly be mitigated on computers that do not use hardware with built-in Rowhammer prevention mechanisms.

[41][42][43][44] In October 2016, researchers published DRAMMER, an Android application that uses Rowhammer, together with other methods, to reliably gain root access on several popular smartphones.

[47][48] In May 2021, a Google research team announced a new exploit, Half-Double that takes advantage of the worsening physics of some of the newer DRAM chips.

A high-level illustration of DRAM organization, which includes memory cells (blue squares), address decoders (green rectangles), and sense amplifiers (red squares)
Rapid row activations (yellow rows) may change the values of bits stored in victim row (purple row). [ 15 ] : 2