"DRAM stores data as electrical charges in small "cells" of memory. Those charges leak over time, corrupting data. Computer scientists have known this for ages, and the controllers that manage memory therefore periodically refresh cells to ensure memory remains reliable. Infosec types with friendly and/or adversarial inclinations noticed that behavior and wondered what would happen if they repeatedly accessed specific rows of memory cells. They learned that by "hammering" those rows of cells with many access requests it's possible to corrupt data in adjacent cells."
"Rowhammer is a known problem and infosec researchers long ago developed defenses that system builders and memory-makers adopted. Last year, standards body the JEDEC Solid State Technology Association introduced a new DRAM data integrity measure called Per-Row Activation Counting (PRAC) that looks for the sort of activity involved in a Rowhammer attack and pauses traffic to stymie hostile action. Google's researchers, however, assert that systems that include DDR5 have not employed PRAC."
DRAM stores bits as electrical charges in tiny cells that leak over time and require periodic refresh operations to remain reliable. Repeated aggressive accesses to specific memory rows, known as Rowhammer, can induce bit flips in adjacent rows, degrade performance, or enable privilege escalation. JEDEC introduced Per-Row Activation Counting (PRAC) to detect and pause suspicious activation patterns. DDR5 modules in production have been assumed more resistant, but some DDR5 systems have not deployed PRAC. Testing tools were used to evaluate DDR5 modules and revealed a new, computationally expensive Rowhammer variant called "Phoenix" that successfully affects SK Hynix DDR5, raising practical security concerns and motivating broader testing and mitigations.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]