Vulnerability Management

DDR5 defenses circumvented by new Phoenix attack

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

Advanced SK Hynix DDR5 memory chip protections against Rowhammer intrusions could be bypassed by the novel Phoenix attack, which enables bit flipping for malicious activity, according to BleepingComputer.

Researchers from ETH Zurich University's Computer Security Group, who reverse-engineered Rowhammer security mechanisms implemented by SK Hynix, discovered that mitigations were unable to cover some refresh intervals.

Thousands of refresh operations could also be monitored and synchronized with the attack, tracked as CVE-2025-6202, said researchers, who were able to retrieve a shell with root privileges on commodity DDR5 systems using default settings in under two minutes.

Another test exploiting a co-located virtual machine's RSA-2048 keys revealed 73% exposed DIMMs, as well as the potential modification of the sudo binary to raise local privileges to root across 33% of examined chips.

All DIMM RAM modules manufactured from January 2021 to December 2024 are impacted by the Phoenix attack, which could be addressed by increasing DRAM refresh intervals by threefold.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds