We experimentally demonstrate the effects of read disturbance (RowHammer and RowPress) and uncover the inner workings of undocumented read disturbance defense mechanisms in High Bandwidth Memory (HBM). Detailed characterization of six real HBM2 DRAM chips in two different FPGA boards shows that (1) the read disturbance vulnerability significantly varies between different HBM2 chips and between different components (e.g., 3D-stacked channels) inside a chip, (2) DRAM rows at the end and in the middle of a bank are more resilient to read disturbance, (3) fewer additional activations are sufficient to induce more read disturbance bitflips in a DRAM row if the row exhibits the first bitflip at a relatively high activation count, (4) a modern HBM2 chip implements undocumented read disturbance defenses that track potential aggressor rows based on how many times they are activated. We describe how our findings could be leveraged to develop more powerful read disturbance attacks and more efficient defense mechanisms. We open source all our code and data to facilitate future research at https://github.com/CMU-SAFARI/HBM-Read-Disturbance.

翻译：我们通过实验展示了读取干扰（RowHammer和RowPress）的影响，并揭示了高带宽内存（HBM）中未公开的读取干扰防御机制的内部工作原理。对两种不同FPGA板上的六颗真实HBM2 DRAM芯片的详细表征表明：（1）不同HBM2芯片之间以及芯片内部不同组件（例如3D堆叠通道）之间的读取干扰脆弱性存在显著差异；（2）存储体边缘和中间的DRAM行对读取干扰具有更强的抵抗力；（3）如果在相对较高的激活次数下首次出现比特翻转，则较少的额外激活即可在DRAM行中诱导更多的读取干扰比特翻转；（4）现代HBM2芯片实现了未公开的读取干扰防御机制，该机制根据潜在攻击行被激活的次数对其进行跟踪。我们描述了如何利用我们的发现来开发更强大的读取干扰攻击和更高效的防御机制。我们在https://github.com/CMU-SAFARI/HBM-Read-Disturbance开源所有代码和数据，以促进未来研究。