ZenHammer: Rowhammer attacks on AMD Zen-based platforms

Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. Using these address functions gives us very few bit flips on 5 and 0 of 10 devices on AMD Zen 2 and Zen 3, respectively, as we show in Table 1. Table 4: Analysis of the bit flip exploitability found during the sweep over 256 MiB on AMD Zen 2, Zen 3, and Intel Coffee Lake. Finally, we tried ZenHammer on DDR5 by reverse engineering the DRAM functions on AMD Zen 4 and evaluating ten DDR5 devices. We could not trigger any bit flips on 3 and 4 of our 10 devices on Zen 2 and Zen 3, respectively. Why does your evaluation consider ten devices only?Because we have a limited number of AMD Zen 2/3 machines in our lab and some of our experiments took a long time, we have decided to reduce the number of devices to ten. How can I check whether my DRAM is vulnerable?The code of our ZenHammer fuzzer, which you can use to assess your DRAM device for bit flips on AMD Zen 2/3/4 CPUs, is available on GitHub.