RowPress Vulnerability in Modern DRAM Chips
Haocong Luo, Ataberk Olgun, A. Giray Yağlıkçı, Yahya Can Tuğrul, Steve Rhyner, Meryem Banu Cavlak, Joël Lindegger, Mohammad Sadrosadati, Onur Mutlu
TL;DR
RowPress identifies a new DRAM read-disturb mechanism caused by long aggressor-row open times ($t_{\text{AggON}}$) that can flip bits without thousands of activations, distinct from RowHammer. The authors perform large-scale real-device characterization across $164$ DDR4 chips, demonstrate a proof-of-concept RowPress attack on a system with RowHammer protections, and propose a mitigation framework that adapts RowHammer defenses to RowPress. Key findings show RowPress is widespread, temperature-sensitive, and largely operates via a different failure mechanism than RowHammer, with potential to be triggered by a single aggressor activation under long open times. The work has practical industry impact by prompting updates to mitigation strategies, memory-controller policies, and standards, and it provides open-source tools to enable replication and further study of read disturbance in DRAM.
Abstract
Memory isolation is a critical property for system reliability, security, and safety. We demonstrate RowPress, a DRAM read disturbance phenomenon different from the well-known RowHammer. RowPress induces bitflips by keeping a DRAM row open for a long period of time instead of repeatedly opening and closing the row. We experimentally characterize RowPress bitflips, showing their widespread existence in commodity off-the-shelf DDR4 DRAM chips. We demonstrate RowPress bitflips in a real system that already has RowHammer protection, and propose effective mitigation techniques that protect DRAM against both RowHammer and RowPress.