The research demonstrates that AMD Zen 2 and Zen 3 systems are vulnerable to Rowhammer despite TRR mitigations, expanding the attack surface. A new method, ZenHammer, triggers bit flips on DDR4 and DDR5 devices for the first time, with Zen 3 being more vulnerable. By reverse-engineering secret DRAM address functions, the team found reliable results but note that more research is needed for DDR5 devices. Using pattern-aware fence scheduling policies, the team determined optimal hammering instructions for AMD devices. The exploitability of the bit flips is analyzed, revealing vulnerabilities that could lead to privilege escalation. ZenHammer fuzzer and full details available on GitHub and in the USENIX Security 2024 paper.
https://comsec.ethz.ch/research/dram/zenhammer/