- Phoenix Rowhammer -Variant affects DDR5 Desktop systems where they bypass all known memories of SK Hynix Chips
- Attackers can get rod access and steal RSA keys within minutes using default system settings
- Researchers recommend tripling updating speeds as drama units cannot be patched and remain vulnerable in the long term
Standard, production quality desktop systems were for the first time ever found vulnerable to a variant of Rowhammer, a hardware-based safety vulnerability affecting DDR5 chips.
Rowhammer affects dynamic random access memory (dram) chips and allows attackers to manipulate memory content by repeatedly accessing – “hammer” – a particular range of memory cells.
This causes electrical interference that can turn bits in adjacent rows, without actually accessing these ranks, and results in privilege shell, remote utilization and various mobile vulnerabilities.
Privilege -skaling and Rod Access
The vulnerability was first discovered more than a decade ago and has been treated through Patches several times. As RAM chips get better – and memory cells are pressed closer together – the risk of Rowhammer attacks.
The latest discovery is called Phoenix and is traced as CVE-2025-6202. It got a severity of 7.1/10 (high), and successfully bypass all known midsters on chips built by the South Korean semiconductor manufacturer SK Hynix.
“We have proven that reliably triggering Rowhammer bit lashes on DDR5 units from SK Hynix is possible on a larger scale,” Eth Zurich said. “We also proved that on-die ECC doesn’t stop Rowhammer, and Rowhammer-end-to-end attacks are still possible with DDR5.”
The researchers claim that they can trigger privilege -shell and get rod access on a DDR5 system with default settings in less than two minutes. Practical use includes stealing the RSA-2048 keys to a co-located virtual machine and thus breaking SSH approval. A separate scenario includes the use of the sudo binary to escalate local privileges to the root user.
“As drama devices in nature cannot be updated, they will remain vulnerable for many years,” the analysts said in the paper. “We recommend increasing the update speed to 3x, which prevented Phoenix from triggering bit lashes on our test systems.” In this context, it is perhaps worth mentioning that after Rowhammer was first revealed in 2014, suppliers such as Intel and DRAM producers increased update speeds and Target Row Refresh (TRR) mechanisms such as mirroring measures.
Via Hacker the news
