Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK Hynix.
A Rowhammer attack works by repeatedly accessing specific rows of memory cells at high-speed read/write operations to cause enough electrical interference to alter the value of the nearby bits from one to zero and vice-versa (bit flipping).
An attacker could potentialluy corrupt data, increase their privileges on the system, execute malicious code, or gain access to sensitive data.
One defense mechanism against Rowhammer attacks is called Target Row Refresh (TRR), which prevents bit flips by issuing an extra refresh command when detecting frequent accesses to a particular row.
Hammering DDR5 for privilege escalation
A team of researchers in the Computer Security Group (COMSEC) at ETH Zurich University in Switzerland and Google created a new DDR5 Rowhammer attack they call Phoenix, which can flip bits in memory chips to enable malicious activity.
The tests were carried out on DDR5 products from Hynix, one of the largest memory chip makers with an estimated 36% of the market, but the security risk may extend to products from other vendors as well.
After reverse-engineering the complex protections that Hynix implemented against Rowhammer and learning how they worked, the researchers discovered that certain refresh intervals were not sampled by the mitigation, which could be exploited.
They also developed a method for Phoenix to track and synchronize with thousands of refresh operations by self-correcting when it detects a missed one.
To evade TRR protections, the Rowhammer patterns in the Phoenix attack cover 128 and 2608 refresh intervals and hammer specific activation slots only at precise moments.
Using their model, the researchers were able to flip bits on all 15 DDR5 memory chips in the test pool and created the first Rowhammer privilege escalation exploit.
During tests, it took them less than two minutes to get a shell with root privileges “on a commodity DDR5 system with default settings.”
Additionally, the researchers also explored the possibility of practical exploitation using the Phoenix attack method to take control of a target system.
When targeting page-table entries (PTEs) to craft an arbitrary memory read/write primitive, they found that all products in the test are vulnerable.
In another test, they targeted RSA-2048 keys of a co-located VM to break SSH authentication and discovered that 73% of the DIMMs are exposed.
In a third evaluation, the researchers found that they could alter the sudo binary to increase their local privileges to root level on 33% of the tested chips.
source: COMSEC ETH Zurich
The table above shows that all memory chips tested are vulnerable to one of the Rowhammer patterns used in the Phoenix attack. The shorter one with 128 refresh intervals is more effective, though, generating more bit flips on average.
Phoenix is currently tracked as CVE-2025-6202 and received a high-severity score. It affects all DIMM RAM modules produced between January 2021 and December 2024.
Although Rowhammer is an industry-wide security problem that cannot be corrected for existing memory modules, users can stop Phoenix attacks by tripling the DRAM refresh interval (tREFI).
However, this kind of stress may cause errors or data corruption and render the system unstable.
A technical paper titled “Phoenix: Rowhammer Attacks on DDR5 with Self-Correcting Synchronization” has been published and will also be presented at the IEEE Symposium on Security and Privacy next year.
The researchers also shared a repository with resources to reproduce the Phoenix attack, which includes experiments based on Field-Programmable Gate Array (FPGA) to reverse-engineer TRR implementations, and the code for the proof-of-concept exploits.
