Researchers have discovered a novel Rowhammer approach that may allow for the circumvention of existing safeguards against Rowhammer exploits on DRAM memory. This new approach, dubbed Blacksmith, allows attackers to target DDR4 memory, resulting in memory corruption and privilege escalation, among other things.
Researchers from the ComSec group revealed how to activate the Rowhammer vulnerability and target the linked DRAMs found in widely available devices. Blacksmith (CVE-2021-42114) is a fuzzing-based approach that, unlike prior DRAM exploits, also works for non-uniform hammering patterns. Previous hammering methods relied on a way of uniformly pounding patterns of cells within the RAM to circumvent protection. However, when investigating non-uniform structures, Blacksmith produces the same conclusions. Rowhammer is a well-known vulnerability in devices that use DRAM memory. It takes advantage of the leaking of electrical charges between neighbouring cells in DRAM memory to allow attackers to cause bit flips (i.e. flip zeros into ones and vice versa). Memory makers introduced a mechanism called Target Row Refresh (TRR) to reduce exploitation via Rowhammer attacks, which can protect DDR4 from Rowhammer attacks.
However, the most recent Blacksmith exploit designs frequency-based Rowhammer patterns using multiple factors such as order, regularity, and intensity.
Blacksmith is expected to have no effect on the most recent DDR5 DRAM modules on the market. TRR is replaced with Refresh Management in DDR5. This system monitors bank activations and sends out selected refreshes when a certain threshold is met.
This, in turn, makes scaled fuzzing on DDR DRAM difficult. The latest DDR5 DRAM modules on the market are likely to be unaffected by Blacksmith. The TRR has been superseded by Refresh Management in DDR5. This system monitors bank activations and performs selective refreshes when a threshold is achieved. As a result, scalable fuzzing on DDR DRAM is difficult.