AMD's microprocessor products are equipped with memory controllers that adhere to the DDR specifications set by the industry. The vulnerability of these products to Rowhammer attacks is dependent on a variety of factors, including the DRAM device, its manufacturer, the technology employed, and the configuration of the system. AMD advises customers to consult with their DRAM or system manufacturers to assess the risk posed by this new variant of the Rowhammer attack.

To mitigate the risk of Rowhammer-style attacks, AMD continues to recommend several established DRAM security measures, such as:

• Utilizing DRAM with Error Correcting Codes (ECC)
• Setting memory refresh rates higher than the standard rate
• Disabling features like Memory Burst or Postponed Refresh
• Employing AMD CPUs with memory controllers featuring a Maximum Activate Count (MAC) for DDR4, specifically:
  • 1st Generation AMD EPYC Processors (Naples)
  • 2nd Generation AMD EPYC Processors (Rome)
  • 3rd Generation AMD EPYC Processors (Milan)
• Using AMD CPUs with memory controllers that support Refresh Management (RFM) for DDR5, specifically:
  • 4th Generation AMD EPYC Processors (Genoa)

AMD extends its gratitude to Patrick Jattke, Max Wipfli, Flavien Solt, Michele Marazzi, Matej Boleskei, and Kaveh Razavi from ETH Zurich for their research and for engaging in a coordinated disclosure of these vulnerabilities.