Row hammer (also written as rowhammer) is a security exploit that takes advantage of an unintended and undesirable side effect in
dynamic random-access memory
Dynamic random-access memory (dynamic RAM or DRAM) is a type of random-access semiconductor memory that stores each bit of data in a memory cell, usually consisting of a tiny capacitor and a transistor, both typically based on metal-oxide ...
(DRAM) in which
memory cells interact electrically between themselves by leaking their charges, possibly changing the contents of nearby
memory rows that were not
addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted
memory access patterns that rapidly activate the same memory rows numerous times.
The row hammer effect has been used in some
privilege escalation computer security
exploits,
and network-based attacks are also theoretically possible.
Different hardware-based techniques exist to prevent the row hammer effect from occurring, including required support in some
processors and types of DRAM
memory modules.
Background
In
dynamic RAM (DRAM), each
bit of stored data occupies a separate memory cell that is electrically implemented with one
capacitor and one
transistor. The charge state of a capacitor (charged or discharged) is what determines whether a DRAM cell stores "1" or "0" as a
binary value
A binary number is a number expressed in the base-2 numeral system or binary numeral system, a method of mathematical expression which uses only two symbols: typically "0" (zero) and "1" ( one).
The base-2 numeral system is a positional notatio ...
. Huge numbers of DRAM memory cells are packed into
integrated circuit
An integrated circuit or monolithic integrated circuit (also referred to as an IC, a chip, or a microchip) is a set of electronic circuits on one small flat piece (or "chip") of semiconductor material, usually silicon. Large numbers of tiny ...
s, together with some additional logic that organizes the cells for the purposes of reading, writing, and
refreshing the data.
Memory cells (blue squares in both illustrations) are further organized into
matrices and addressed through rows and columns. A memory address applied to a matrix is broken into the row address and column address, which are processed by the row and column
address decoder
In digital electronics, an address decoder is a binary decoder that has two or more inputs for address bits and one or more outputs for device selection signals. When the address for a particular device appears on the address inputs, the decoder as ...
s (in both illustrations, vertical and horizontal green rectangles, respectively). After a row address selects the row for a read operation (the selection is also known as
row activation
Dynamic random-access memory (dynamic RAM or DRAM) is a type of random-access semiconductor memory that stores each bit of data in a memory cell, usually consisting of a tiny capacitor and a transistor, both typically based on metal-oxid ...
), bits from all cells in the row are transferred into the
sense amplifier In modern computer memory, a sense amplifier is one of the elements which make up the circuitry on a semiconductor memory chip ( integrated circuit); the term itself dates back to the era of magnetic core memory. A sense amplifier is part of the r ...
s that form the row buffer (red squares in both illustrations), from which the exact bit is selected using the column address. Consequently, read operations are of a destructive nature because the design of DRAM requires memory cells to be rewritten after their values have been read by transferring the cell charges into the row buffer. Write operations decode the addresses in a similar way, but as a result of the design entire rows must be rewritten for the value of a single bit to be changed.
As a result of storing data bits using capacitors that have a natural discharge rate, DRAM memory cells lose their state over time and require periodic
rewriting
In mathematics, computer science, and logic, rewriting covers a wide range of methods of replacing subterms of a well-formed formula, formula with other terms. Such methods may be achieved by rewriting systems (also known as rewrite systems, rewr ...
of all memory cells, which is a process known as refreshing.
As another result of the design, DRAM memory is susceptible to random changes in stored data, which are known as
soft memory errors and attributed to
cosmic rays and other causes. There are different techniques that counteract soft memory errors and improve the reliability of DRAM, of which
error-correcting code (ECC) memory and its advanced variants (such as
lockstep memory
Lockstep systems are fault-tolerant computer systems that run the same set of operations at the same time in parallel. The redundancy (duplication) allows error detection and error correction: the output from lockstep operations can be compared ...
) are most commonly used.
Overview
Increased densities of
DRAM
Dynamic random-access memory (dynamic RAM or DRAM) is a type of random-access semiconductor memory that stores each bit of data in a memory cell, usually consisting of a tiny capacitor and a transistor, both typically based on metal-oxid ...
integrated circuit
An integrated circuit or monolithic integrated circuit (also referred to as an IC, a chip, or a microchip) is a set of electronic circuits on one small flat piece (or "chip") of semiconductor material, usually silicon. Large numbers of tiny ...
s have led to physically smaller memory cells containing less charge, resulting in lower operational
noise margins, increased rates of electromagnetic interactions between memory cells, and greater possibility of data loss. As a result, ''disturbance errors'' have been observed, being caused by cells interfering with each other's operation and manifesting as random changes in the values of bits stored in affected memory cells. The awareness of disturbance errors dates back to the early 1970s and
Intel 1103 as the first commercially available DRAM integrated circuits; since then, DRAM manufacturers have employed various
mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing. However, researchers proved in a 2014 analysis that commercially available
DDR3 SDRAM
Double Data Rate 3 Synchronous Dynamic Random-Access Memory (DDR3 SDRAM) is a type of synchronous dynamic random-access memory (SDRAM) with a high bandwidth (" double data rate") interface, and has been in use since 2007. It is the higher-speed ...
chips manufactured in 2012 and 2013 are susceptible to disturbance errors, while using the term ''row hammer'' to name the associated side effect that led to observed
bit flips.
The opportunity for the row hammer effect to occur in DDR3 memory
is primarily attributed to DDR3's high density of memory cells and the results of associated interactions between the cells, while rapid DRAM row activations have been determined as the primary cause. Frequent row activations cause
voltage fluctuations on the associated row selection lines, which have been observed to induce higher-than-natural discharge rates in capacitors belonging to nearby (adjacent, in most cases) memory rows, which are called ''victim rows''; if the affected memory cells are not
refreshed before they lose too much charge, disturbance errors occur. Tests show that a disturbance error may be observed after performing around 139,000 subsequent memory row accesses (with
cache flush
A CPU cache is a hardware cache used by the central processing unit (CPU) of a computer to reduce the average cost (time or energy) to access data from the main memory. A cache is a smaller, faster memory, located closer to a processor core, which ...
es), and that up to one memory cell in every 1,700 cells may be susceptible. Those tests also show that the rate of disturbance errors is not substantially affected by increased environment temperature, while it depends on the actual contents of DRAM because certain
bit pattern
The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represented a ...
s result in significantly higher disturbance error rates.
A variant called ''double-sided hammering'' involves targeted activations of two DRAM rows surrounding a victim row: in the illustration provided in this section, this variant would be activating both yellow rows with the aim of inducing bit flips in the purple row, which in this case would be the victim row. Tests show that this approach may result in a significantly higher rate of disturbance errors, compared to the variant that activates only one of the victim row's neighboring DRAM rows.
As DRAM vendors have deployed mitigations, patterns had to become more sophisticated to bypass Rowhammer mitigations. More recent Rowhammer patterns include non-uniform, frequency-based patterns.
These patterns consist of many double-sided aggressors pairs where each of them is hammered with a different frequency, phase, and amplitude. Using this and synchronizing patterns with the REFRESH command, it is possible to very effectively determine "blind spots" where the mitigation is not able to provide protection anymore. Based on this idea, academics built a Rowhammer fuzzer named ''Blacksmith'' that can bypass existing mitigations on all DDR4 devices.
Mitigation
Different methods exist for more or less successful detection, prevention, correction or mitigation of the row hammer effect. Tests show that simple
error correction code, providing
single-error correction and double-error detection (SECDED) capabilities, are not able to correct or detect all observed disturbance errors because some of them include more than two flipped bits per
memory word
In computing, a word is the natural unit of data used by a particular Central processing unit, processor design. A word is a fixed-sized Data (computing), datum handled as a unit by the instruction set or the hardware of the processor. The number ...
.
Furthermore, research shows that precisely targeted three-bit row hammer flips prevents ECC memory from noticing the modifications.
A less effective solution is to introduce more frequent memory refreshing, with the
refresh intervals shorter than the usual 64 ms, but this technique results in higher power consumption and increased processing overhead; some vendors provide
firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
updates that implement this type of mitigation. One of the more complex prevention measures performs
counter
Counter may refer to:
Mathematics and computing
* Counter machine, a subclass of register machines
* Counter (digital), an electronic device, mechanical device, or computer program for counting
* Loop counter, the variable that controls the iter ...
-based identification of frequently accessed memory rows and proactively refreshes their neighboring rows; another method issues additional infrequent random refreshes of memory rows neighboring the accessed rows regardless of their access frequency. Research shows that these two prevention measures cause negligible performance impacts.
Since the release of
Ivy Bridge microarchitecture
In computer engineering, microarchitecture, also called computer organization and sometimes abbreviated as µarch or uarch, is the way a given instruction set architecture (ISA) is implemented in a particular processor. A given ISA may be impl ...
,
Intel Xeon processors support the so-called ''pseudo target row refresh'' (pTRR) that can be used in combination with pTRR-compliant DDR3
dual in-line memory modules (DIMMs) to mitigate the row hammer effect by automatically refreshing possible victim rows, with no negative impact on performance or power consumption. When used with DIMMs that are not pTRR-compliant, these Xeon processors by default fall back on performing DRAM refreshes at twice the usual frequency, which results in slightly higher memory access latency and may reduce the memory bandwidth by up to 2–4%.
The
LPDDR4
Low-Power Double Data Rate (LPDDR), also known as LPDDR SDRAM, is a type of synchronous dynamic random-access memory that consumes less power and is targeted for mobile computers and devices such as mobile phones. Older variants are also known as ...
mobile memory standard published by
JEDEC includes optional hardware support for the so-called ''target row refresh'' (TRR) that prevents the row hammer effect without negatively impacting performance or power consumption.
Additionally, some manufacturers implement TRR in their
DDR4
Double Data Rate 4 Synchronous Dynamic Random-Access Memory (DDR4 SDRAM) is a type of synchronous dynamic random-access memory with a high bandwidth ("double data rate") interface.
Released to the market in 2014, it is a variant of dynamic rando ...
products, although it is not part of the DDR4 memory standard published by JEDEC. Internally, TRR identifies possible victim rows, by counting the number of row activations and comparing it against predefined
chip-specific ''maximum activate count'' (MAC) and ''maximum activate window'' (t
MAW) values, and refreshes these rows to prevent bit flips. The MAC value is the maximum total number of row activations that may be encountered on a particular DRAM row within a time interval that is equal or shorter than the t
MAW amount of time before its neighboring rows are identified as victim rows; TRR may also flag a row as a victim row if the sum of row activations for its two neighboring rows reaches the MAC limit within the t
MAW time window.
Research showed that TRR mitigations deployed on DDR4 UDIMMs and LPDDR4X chips from devices produced between 2019 and 2020 are not effective in protecting against Rowhammer.
Due to their necessity of huge numbers of rapidly performed DRAM row activations, row hammer exploits issue large numbers of uncached memory accesses that cause
cache misses, which can be detected by monitoring the rate of cache misses for unusual peaks using
hardware performance counter In computers, hardware performance counters (HPC), or hardware counters are a set of special-purpose Processor register, registers built into modern microprocessors to store the counts of hardware-related activities within computer systems. Advanced ...
s.
Version 5.0 of the
MemTest86
MemTest86 and Memtest86+ are memory test software programs designed to test and stress test an x86 architecture computer's random-access memory (RAM) for errors, by writing test patterns to most memory addresses, reading back the data, and com ...
memory diagnostic software, released on December 3, 2013, added a row hammer test that checks whether computer RAM is susceptible to disturbance errors, but it only works if the computer boots
UEFI; without UEFI, it boots an older version with no hammer test.
Implications
Memory protection, as a way of preventing
processes from accessing memory that has not been
assigned to each of them, is one of the concepts behind most modern
operating systems. By using memory protection in combination with other security-related mechanisms such as
protection rings, it is possible to achieve
privilege separation between processes, in which
programs
Program, programme, programmer, or programming may refer to:
Business and management
* Program management, the process of managing several related projects
* Time management
* Program, a part of planning
Arts and entertainment Audio
* Programm ...
and computer systems in general are divided into parts limited to the specific
privileges
Privilege may refer to:
Arts and entertainment
* ''Privilege'' (film), a 1967 film directed by Peter Watkins
* ''Privilege'' (Ivor Cutler album), 1983
* ''Privilege'' (Television Personalities album), 1990
* ''Privilege (Abridged)'', an alb ...
they require to perform a particular task. Using privilege separation can also reduce the extent of potential damage caused by
computer security attacks by restricting their effects to specific parts of the system.
Disturbance errors (explained in the
section above) effectively defeat various layers of memory protection by "
short circuiting" them at a very low hardware level, practically creating a unique
attack vector type that allows processes to alter the contents of arbitrary parts of the
main memory
Computer data storage is a technology consisting of computer components and recording media that are used to retain digital data. It is a core function and fundamental component of computers.
The central processing unit (CPU) of a computer ...
by directly manipulating the underlying memory hardware.
In comparison, "conventional" attack vectors such as
buffer overflows aim at circumventing the protection mechanisms at the software level, by
exploiting various programming mistakes to achieve alterations of otherwise inaccessible main memory contents.
Exploits
The initial research into the row hammer effect, published in June 2014, described the nature of disturbance errors and indicated the potential for constructing an attack, but did not provide any examples of a working security exploit.
A subsequent October 2014 research paper did not imply the existence of any security-related issues arising from the row hammer effect.
On March 9, 2015,
Google's
Project Zero
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.
History
After finding a number of flaws in software used by many end-users while researching other p ...
revealed two working
privilege escalation exploits based on the row hammer effect, establishing its exploitable nature on the
x86-64 architecture. One of the revealed exploits targets the
Google Native Client (NaCl) mechanism for running a limited subset of x86-64
machine instructions within a
sandbox
A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic.
Sandbox or Sand box may also refer to:
Arts, entertainment, and media
* Sandbox (band), a Canadian rock music group
* Sandbox ( ...
,
exploiting the row hammer effect to escape from the sandbox and gain the ability to issue
system calls directly. This NaCl
vulnerability, tracked as , has been mitigated by modifying the NaCl so it does not allow execution of the
clflush
(
cache line
A CPU cache is a hardware cache used by the central processing unit (CPU) of a computer to reduce the average cost (time or energy) to access data from the main memory. A cache is a smaller, faster memory, located closer to a processor core, whi ...
flush) machine instruction, which was previously believed to be required for constructing an effective row hammer attack.
The second exploit revealed by Project Zero runs as an unprivileged
Linux process on the x86-64 architecture, exploiting the row hammer effect to gain unrestricted access to all
physical memory installed in a computer. By combining the disturbance errors with
memory spraying In computer security, heap spraying is a technique used in exploits to facilitate arbitrary code execution. The part of the source code of an exploit that implements this technique is called a heap spray. In general, code that ''sprays the heap'' ...
, this exploit is capable of altering
page table entries used by the
virtual memory system for mapping
virtual address
In computing, a virtual address space (VAS) or address space is the set of ranges of virtual addresses that an operating system makes available to a process. The range of virtual addresses usually starts at a low address and can extend to the hig ...
es to
physical addresses, which results in the exploit gaining unrestricted memory access.
Due to its nature and the inability of the x86-64 architecture to make
clflush
a privileged machine instruction, this exploit can hardly be mitigated on computers that do not use hardware with built-in row hammer prevention mechanisms. While testing the viability of exploits, Project Zero found that about half of the 29 tested
laptop
A laptop, laptop computer, or notebook computer is a small, portable personal computer (PC) with a screen and alphanumeric keyboard. Laptops typically have a clam shell form factor with the screen mounted on the inside of the upper li ...
s experienced disturbance errors, with some of them occurring on vulnerable laptops in less than five minutes of running row-hammer-inducing code; the tested laptops were manufactured between 2010 and 2014 and used non-ECC DDR3 memory.
In July 2015, a group of security researchers published a paper that describes an
architecture- and
instruction-set-independent way for exploiting the row hammer effect. Instead of relying on the
clflush
instruction to perform cache flushes, this approach achieves uncached memory accesses by causing a very high rate of
cache eviction using carefully selected memory access patterns. Although the
cache replacement policies
In computing, cache algorithms (also frequently called cache replacement algorithms or cache replacement policies) are optimizing instructions, or algorithms, that a computer program or a hardware-maintained structure can utilize in order to ma ...
differ between processors, this approach overcomes the architectural differences by employing an adaptive cache eviction strategy
algorithm.
The
proof of concept for this approach is provided both as a
native code implementation, and as a pure
JavaScript implementation that runs on
Firefox 39. The JavaScript implementation, called ''Rowhammer.js'', uses large
typed arrays and relies on their internal
allocation
Allocation may refer to:
Computing
* Block allocation map
* C++ allocators
* Delayed allocation
* File allocation table
* IP address allocation
* Memory allocation
* No-write allocation (cache)
* Register allocation
Economics
* Asset alloca ...
using
large pages; as a result, it demonstrates a very high-level exploit of a very low-level vulnerability.
In October 2016, researchers published DRAMMER, an Android application that uses row hammer, together with other methods, to reliably gain root access on several popular smartphones. The vulnerability was acknowledged as and a mitigation was released by Google within a month. However, due to the general nature of possible implementations of the attack, an effective software patch is difficult to be reliably implemented. As of June 2018, most patch proposals made by academia and industry were either impractical to deploy or insufficient in stopping all attacks. As a mitigation, researchers proposed a lightweight defense that prevents attacks based on
direct memory access (DMA) by isolating DMA buffers with guard rows.
In May 2021, a Google research team announced a new exploit, Half-Double that takes advantage of the worsening physics of some of the newer DRAM chips.
See also
*
Memory scrambling
Memory is the faculty of the mind by which data or information is Encoding (memory), encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If Foresight (psycholo ...
memory controller feature that turns user data written to the memory into pseudo-random patterns
*
Radiation hardening the act of making electronic components resistant to damage or malfunctions caused by ionizing radiation
*
Single event upset a change of state caused by ions or electromagnetic radiation striking a sensitive node in an electronic device
*
Soft error
In electronics and computing, a soft error is a type of error where a signal or datum is wrong. Errors may be caused by a defect, usually understood either to be a mistake in design or construction, or a broken component. A soft error is also a s ...
a type of error involving erroneous changes to signals or data but no changes to the underlying device or circuit
Notes
References
External links
Some notes on DRAM (#rowhammer) March 9, 2015, by Robert Graham
InfoWorld
, March 9, 2015, by Serdar Yegulalp
* , July 17, 2014, by Barbara Aichinger
Patent US 20140059287 A1: Row hammer refresh command February 27, 2014, by Kuljit Bains et al.
* Row Hammer Privilege Escalation Vulnerability,
Cisco Systems security advisory, March 11, 2015
* ARMOR: A run-time memory hot-row detector,
The University of Manchester, by Mohsen Ghasempour et al.
Using Memory Errors to Attack a Virtual Machine March 6, 2003, by Sudhakar Govindavajhala and Andrew W. Appel
A program for testing for the DRAM "rowhammer" problem source code on
GitHub
{{Operating system
Computer memory
Computer security exploits
Data quality
Privilege escalation exploits
Denial-of-service attacks
Hardware bugs
2014 in computing