Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack • The Register

Researchers from Google and Swiss college ETH Zurich have discovered a brand new class of Rowhammer vulnerability that would permit attackers to entry information saved in DDR5 reminiscence.

As Google explains in its post on the invention, DRAM shops knowledge as electrical costs in small “cells” of reminiscence. These costs leak over time, corrupting knowledge. Laptop scientists have recognized this for ages, and the controllers that handle reminiscence due to this fact periodically refresh cells to make sure reminiscence stays dependable.

Infosec varieties with pleasant and/or adversarial inclinations observed that habits and puzzled what would occur in the event that they repeatedly accessed particular rows of reminiscence cells. They realized that by “hammering” these rows of cells with many entry requests it’s doable to deprave knowledge in adjoining cells, degrade system efficiency, and even obtain privilege escalation.

Rowhammer is a recognized downside and infosec researchers way back developed defenses that system builders and memory-makers adopted. Final 12 months, requirements physique the JEDEC Strong State Expertise Affiliation launched a brand new DRAM knowledge integrity measure referred to as Per-Row Activation Counting (PRAC) that appears for the form of exercise concerned in a Rowhammer assault and pauses site visitors to stymie hostile motion.

Google’s researchers, nonetheless, assert that methods that embrace DDR5 haven’t employed PRAC. The online large additionally created a pair of instruments to check DDR5 modules for susceptibility to Rowhammer.

Researchers at ETH Zurich put these instruments to work and found a brand new type of Rowhammer assault that works on DDR5 from SK Hynix, the world’s largest memory-maker.

The assault, referred to as “Phoenix”, isn’t easy and is computationally costly. However it works.

And that’s worrying as a result of the paper [PDF] that describes the joint Google/ETH analysis opens by observing “DDR5 has proven an elevated resistance to Rowhammer assaults in manufacturing settings. Surprisingly, DDR5 achieves this with out further refresh administration instructions.”

Google and ETH Zurich discovered their Rowhammer variant utilizing a machine powered by an AMD Zen 4 processor and SK Hynix DDR5 and can try to duplicate their work on reminiscence and CPUs from different distributors.

If the researchers succeed it’s not a shame for impacted producers as a result of Rowhammer-style assaults are exhausting to defeat, with current victims together with Nvidia, DDR4 and everybody’s privateness because of a Rowhammer variant that makes it doable to fingerprint computing units.

The assault found by Google and ETH Zurich is now referred to as CVE-2025-6202 and earned a 7.1 CVSS ranking.

ETH Zurich says it performed accountable disclosure of Phoenix that noticed it inform SK Hynix, CPU distributors, and main cloud suppliers on June 6, 2025. AMD advised the researchers it made a BIOS replace to guard methods that use its processors. Extra data, together with the supply code for all of the experiments and the exploit, may be discovered here. ®