"We have proven that reliably triggering RowHammer bit flips on DDR5 devices from SK Hynix is possible on a larger scale," ETH Zürich said. "We also proved that on-die ECC does not stop RowHammer, and RowHammer end-to-end attacks are still possible with DDR5."
"RowHammer refers to a hardware vulnerability where repeated access of a row of memory in a DRAM chip can trigger bit flips in adjacent rows, resulting in data corruption. This can be subsequently weaponized by bad actors to gain unauthorized access to data, escalate privileges, or even cause a denial-of-service. Although first demonstrated in 2014, future DRAM chips are more likely to be susceptible to RowHammer attacks as DRAM manufacturers depend on density scaling to increase DRAM capacity."
"Further research into the subject has demonstrated that the vulnerability has several dimensions to it and that it's sensitive to several variables, including environmental conditions (temperature and voltage), process variation, stored data patterns, memory access patterns, and memory control policies. Some of the primary mitigations for RowHammer attacks include Error Correction Code (ECC) and Target Row Refresh (TRR). However, these countermeasures have been proven to be ineffective against more sophisticated attacks like TRRespass, SMASH, Half-Double, and Blacksmith."
A new RowHammer attack variant (CVE-2025-6202) targets SK Hynix DDR5 memory and reliably triggers bit flips at scale. On-die ECC does not prevent the induced bit flips, enabling end-to-end RowHammer attacks against DDR5 systems. RowHammer occurs when repeated activation of a DRAM row causes bit flips in adjacent rows, producing data corruption that can enable unauthorized data access, privilege escalation, or denial-of-service. DRAM density scaling increases susceptibility because smaller feature sizes reduce the number of activations needed to cause flips. Vulnerability behavior depends on temperature, voltage, process variation, stored data patterns, access patterns, and memory controller policies. Common mitigations such as ECC and TRR have been bypassed by advanced attack techniques.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]