New Phoenix RowHammer Attack Overcomes DDR5 Memory Protections in Just 109 Seconds

A research team from ETH Zürich and Google has unveiled a new variant of the RowHammer attack, named Phoenix, specifically targeting DDR5 memory chips produced by SK Hynix. This attack (CVE-2025-6202, CVSS score: 7.1) effectively circumvents advanced security measures designed to protect against such vulnerabilities. “Our findings confirm that it is possible to consistently trigger RowHammer bit flips on a wider scale with SK Hynix’s DDR5 devices,” stated ETH Zürich’s Computer Security Group (COMSEC). “We also demonstrated that on-die ECC fails to prevent RowHammer attacks, making end-to-end RowHammer exploits feasible on DDR5.” RowHammer is a critical hardware vulnerability where repetitive access to a memory row can induce bit flips in neighboring rows, leading to data corruption that malicious actors can exploit to access sensitive information or elevate privileges.

New Phoenix RowHammer Attack Compromises DDR5 Memory Protections

A recent discovery made by researchers from ETH Zürich and Google has brought to light a new variant of the RowHammer attack, specifically targeting DDR5 memory chips from South Korean semiconductor manufacturer SK Hynix. This variant, dubbed Phoenix (CVE-2025-6202, CVSS score: 7.1), successfully circumvents advanced protective measures that have been developed to safeguard against such vulnerabilities.

The research team from ETH Zürich’s Computer Security Group (COMSEC) has demonstrated that it is feasible to trigger RowHammer bit flips on a larger scale within SK Hynix DDR5 devices. Notably, they have revealed that existing on-die error-correcting code (ECC) mechanisms are ineffective in stopping this attack. The findings indicate that RowHammer poses a serious risk even in environments utilizing DDR5 technology, allowing end-to-end exploitation of the vulnerability.

RowHammer exploits a known hardware flaw within dynamic random-access memory (DRAM) chips, where repeated accesses to a particular memory row can inadvertently result in bit flips in adjacent rows. This degradation can jeopardize data integrity and, when exploited, can facilitate unauthorized data access and privilege escalation, prompting significant cybersecurity concerns.

The implications of the Phoenix variant extend beyond theoretical discussions, as they underscore real-world threats to businesses relying on DDR5 memory. Given the sophistication and prevalence of cyber attacks today, the ability to leverage such vulnerabilities poses a tangible risk to sensitive data and operational security.

Examining potential MITRE ATT&CK tactics reveals that this attack aligns with several adversary strategies. For instance, initial access could be achieved by exploiting the hardware vulnerability itself, while persistence and privilege escalation tactics may be employed through subsequent code execution. The threat landscape continues to evolve, and the rapid advancements in memory technology like DDR5 have not been immune to these emerging risks.

As cybersecurity professionals and business owners assess the ramifications of these findings, the necessity for continued vigilance and rapid adaptation of security practices becomes clear. Understanding the technical foundations of such vulnerabilities and implementing robust protective measures forms the cornerstone of an effective defense strategy in an increasingly hostile digital environment.

The Phoenix RowHammer attack exemplifies critical challenges posed by modern hardware vulnerabilities and requires stakeholders to prioritize not just immediate risk mitigation but also long-term strategic planning against emerging threats. In navigating this landscape, businesses must consider both technological advancements and the evolving tactics used by malicious actors, fortifying their defenses in an age where digital security is paramount.

Source link

Related Posts

⚡ Weekly Roundup: Evolving Threats—Bootkit Malware, AI-Enhanced Attacks, Supply Chain Vulnerabilities, Zero-Day Exploits & More

Sep 15, 2025
Cybersecurity / Hacking News

In today’s landscape of relentless threats, the role of the modern CISO extends beyond mere technology security—it’s about safeguarding institutional trust and ensuring business continuity. This week revealed a disturbing trend: adversaries are increasingly targeting the intricate networks that connect businesses, from supply chains to strategic partnerships. As new regulations emerge and AI-driven attacks escalate, the choices you make now will define your organization’s resilience for years to come. This report isn’t just a list of threats; it’s a strategic framework for effective leadership. Here’s your comprehensive weekly recap, filled with insights to keep you ahead in the game.

⚡ Threat of the Week

New HybridPetya Ransomware Bypasses UEFI Secure Boot — A new variant of the notorious Petya/NotPetya malware, named HybridPetya, has been identified. While there is currently no data indicating its deployment in the wild, it stands out for its ability to compromise the secure boot feature.

Safeguarding the Agentic Era: Unveiling Astrix’s AI Agent Control Plane

AI agents are swiftly becoming integral to enterprises, seamlessly integrating into workflows, functioning with autonomy, and making critical decisions regarding system access and usage. However, with their increasing power and independence come heightened risks and threats. Recent studies reveal that 80% of organizations have encountered unintended actions by AI agents, ranging from unauthorized system access to data breaches. These incidents are not isolated; they are the predictable consequences of deploying AI agents at scale without tailored security measures. Traditional Identity and Access Management (IAM) systems were not designed to handle this paradigm shift. Agents operate rapidly and continuously, relying on non-human identities (NHIs) to dictate their permissions. So, how can organizations secure systems they can neither see nor fully manage? To tackle this challenge, a new, purpose-driven approach is essential—one that facilitates secure-by-design deployment of AI agents throughout the enterprise. Introducing: Astrix’s Agent Control Plane (ACP).