Phoenix Rowhammer attack bypasses DDR5 Rowhammer defenses

First reported

15.09.2025 21:01

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

A new Rowhammer attack variant, Phoenix, bypasses DDR5 Rowhammer defenses in SK Hynix memory chips. The attack exploits weaknesses in Target Row Refresh (TRR) mechanisms to flip bits, enabling privilege escalation, arbitrary memory access, and SSH authentication bypass. The vulnerability, tracked as CVE-2025-6202, affects all DDR5 DIMM RAM modules produced between January 2021 and December 2024. The attack works by exploiting specific refresh intervals not sampled by TRR and synchronizing with refresh operations to flip bits. Researchers demonstrated successful exploitation in under two minutes, achieving root-level access on tested systems. The vulnerability is industry-wide and cannot be corrected for existing memory modules. Mitigation involves tripling the DRAM refresh interval, which may cause system instability.

Timeline

15.09.2025 21:01 📰 1 articles · ⏱ 2h ago

Phoenix Rowhammer attack bypasses DDR5 Rowhammer defenses
Researchers at ETH Zurich University and Google developed the Phoenix Rowhammer attack, which bypasses DDR5 Rowhammer defenses in SK Hynix memory chips. The attack exploits weaknesses in TRR mechanisms to flip bits, enabling privilege escalation, arbitrary memory access, and SSH authentication bypass. The vulnerability affects all DDR5 DIMM RAM modules produced between January 2021 and December 2024. Researchers demonstrated successful exploitation in under two minutes, achieving root-level access on tested systems.
Show sources

New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01
Open in new tab

Information Snippets

Rowhammer attacks exploit high-speed read/write operations to cause bit flips in memory cells.
First reported: 15.09.2025 21:01

📰 1 source, 1 article
Show sources
- New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01
Target Row Refresh (TRR) is a defense mechanism against Rowhammer attacks.
First reported: 15.09.2025 21:01

📰 1 source, 1 article
Show sources
- New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01
The Phoenix attack bypasses TRR by exploiting unsampled refresh intervals.
First reported: 15.09.2025 21:01

📰 1 source, 1 article
Show sources
- New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01
Phoenix can flip bits in DDR5 memory chips, enabling privilege escalation and arbitrary memory access.
First reported: 15.09.2025 21:01

📰 1 source, 1 article
Show sources
- New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01
The vulnerability affects all DDR5 DIMM RAM modules produced between January 2021 and December 2024.
First reported: 15.09.2025 21:01

📰 1 source, 1 article
Show sources
- New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01
Researchers demonstrated successful exploitation in under two minutes, achieving root-level access.
First reported: 15.09.2025 21:01

📰 1 source, 1 article
Show sources
- New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01
Mitigation involves tripling the DRAM refresh interval, which may cause system instability.
First reported: 15.09.2025 21:01

📰 1 source, 1 article
Show sources
- New Phoenix attack bypasses Rowhammer defenses in DDR5 memory — www.bleepingcomputer.com — 15.09.2025 21:01