Defending RAMbleed, RAM choice, and testing

Cyber Security & Hacking
1

Not sure if this belongs in cybersec forum or HW forum. There’s been lots of hype about RAMbleed in the news lately, but little actionable content.

Supposedly, even DDR4 is susceptible, despite mitigations. The recommendation is to use DDR4 with TRR (targetted row refresh). I’ve only been able to find some hearsay in online articles indicating that Samsung and Micron supposedly have TRR on all of their DDR4. The spec sheets for my Samsung DDR4/ECC ram is cryptic about TRR - some timing values are available, but no clear message of ‘this ram supports TRR’. Perhaps I’m not searching hard enough.

In any case, what can an end-user do? The best that I can figure is to run memtest86 a LOT to determine if your memory is hammer-vulnerable. Even then, the docs for memtest86 ( https://www.memtest86.com/troubleshooting.htm#hammer ) admit that it probably doesn’t test the worst case scenario for hammering.
I’ve never actually encountered ram (DDR3, DDR4, laptop, desktop, or server) that tested vulnerable for rowhammer on memtest86. Is there a better test for rowhammer bit flipping out there?

The good news - unless you’re a cloud infrastructure provider, this probably isn’t a huge practical threat. You would probably notice the slowdown on a desktop before any meaningful data was extracted. That’s only a little comfort to me.

2

I find it interesting that the website dedicated to the whitepaper, states conflicting information.

https://rambleed.com/

What technologies are affected by RAMBleed?
States that TRR Enabled is what’s Affected

yet…

How can I mitigate this issue?
States that TRR Enabled is used to mitigate the issue.

They really should get things right…
I would agree with them on their take if it’s been used in the wild. Unlikely

3

@faust, my (limited) understanding is that the RAMbleed is most effective against RAM that does not have TRR (DDR3 for example). TRR will reduce (but may not eliminate according to recent research) hammer bit flips. Thus it would take more time to execute an attack on DDR4 with TRR. So TRR isn’t a true fix.

The authors’ proof of concepts were demonstrated on DDR3 systems (server and desktop Haswell). It’s unclear from a quick read of the paper if they used RAM known to be vulnerable to hammering. I would assume that they did. They assume that DDR4 would also be vulnerable based on reports that DDR4 can be hammered (likely but not necessarily true) and RAMbleed on DDR4 to be future work.