Not sure if this belongs in cybersec forum or HW forum. There’s been lots of hype about RAMbleed in the news lately, but little actionable content.
Supposedly, even DDR4 is susceptible, despite mitigations. The recommendation is to use DDR4 with TRR (targetted row refresh). I’ve only been able to find some hearsay in online articles indicating that Samsung and Micron supposedly have TRR on all of their DDR4. The spec sheets for my Samsung DDR4/ECC ram is cryptic about TRR - some timing values are available, but no clear message of ‘this ram supports TRR’. Perhaps I’m not searching hard enough.
In any case, what can an end-user do? The best that I can figure is to run memtest86 a LOT to determine if your memory is hammer-vulnerable. Even then, the docs for memtest86 ( https://www.memtest86.com/troubleshooting.htm#hammer ) admit that it probably doesn’t test the worst case scenario for hammering.
I’ve never actually encountered ram (DDR3, DDR4, laptop, desktop, or server) that tested vulnerable for rowhammer on memtest86. Is there a better test for rowhammer bit flipping out there?
The good news - unless you’re a cloud infrastructure provider, this probably isn’t a huge practical threat. You would probably notice the slowdown on a desktop before any meaningful data was extracted. That’s only a little comfort to me.