Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
Sep 16, 2025
Hardware Security / Vulnerability
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix ( CVE-2025-6202 , CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that reliably triggering RowHammer bit flips on DDR5 devices from SK Hynix is possible on a larger scale," ETH Zürich said. "We also proved that on-die ECC does not stop RowHammer, and RowHammer end-to-end attacks are still possible with DDR5." RowHammer refers to a hardware vulnerability where repeated access of a row of memory in a DRAM chip can trigger bit flips in adjacent rows, resulting in data corruption. This can be subsequently weaponized by bad actors to gain unauthorized access to data, escalate privileges, or even cause a denial-of-service. Although first demo...
