Security Advisory — Phoenix: Rowhammer on DDR5

Advisory ID: CSA-2025-0928-PHOENIX • CVE: CVE-2025-6202 • Severity: High

Published: 28 September 2025 • Discovered by: ETH Zurich (COMSEC) & Google Security

Summary

Phoenix is a Rowhammer variant against DDR5 DRAM that bypasses on-die mitigations by exploiting timing blind spots in Target Row Refresh (TRR) and using long hammering sequences that remain synchronized with refresh commands via a self-correcting refresh synchronization mechanism. The researchers demonstrated exploitable bit flips on SK Hynix DDR5 DIMMs and end-to-end attacks including arbitrary read/write via PTE corruption, RSA key leakage, and local privilege escalation.

Technical Details

Vulnerability Class

Rowhammer (DRAM disturbance attack)

Root Cause

TRR implementations on the affected SK Hynix DDR5 modules exhibit non-uniform sampling across refresh intervals. Attackers can craft hammer patterns that target the lightly-sampled or unsampled tREFI intervals so TRR fails to refresh victim rows in time.

Key Innovations

P128 — 128 tREFI interval pattern that targets lightly-sampled intervals.
P2608 — Extended 2608 tREFI interval pattern to match alternate sampling behaviors.
Self-Correcting Refresh Synchronization — Periodic realignment mechanism to keep long patterns in phase with refresh commands.

Exploit Demonstrations

Page Table Entry (PTE) corruption → arbitrary read/write (100% tested DIMMs)
RSA-2048 key leakage in co-located VMs (~73% of DIMMs)
sudo binary modification → local root escalation (~33% of DIMMs)

Impact

Successful exploitation can lead to privilege escalation, secret extraction (SSH keys), and cross-VM compromise in multi-tenant environments.

CVSS v3.1 (est.): 8.8 (High)

Vector	Value
Attack Vector	Local
Attack Complexity	High
Privileges Required	Low
User Interaction	None

Mitigations

Immediate

Increase DRAM refresh rate (tREFI ≈ 1.3 µs, ~3× default) — shown to block Phoenix; measured ~8.4% SPEC CPU2017 overhead.
Apply vendor BIOS/firmware updates — vendors (e.g., AMD) released updates adjusting refresh scheduling and activation throttling.
Enable patrol scrubbing / ECC — periodic correction of errors where supported.

Long-term

Principled TRR designs without sampling blind spots.
Hardware per-row activation counting and throttling in memory controllers.
DRAM revisions with Rowhammer-resilient architectures.

Affected Hardware

15 SK Hynix DDR5 DIMMs (2021–2024) — all tested modules vulnerable to at least one pattern. ODECC does not prevent exploitation.

Detection

ETH Zurich published a PoC on GitHub for controlled testing (AMD Zen 4). Defensive signals to monitor:

High row activation rates / abnormal DRAM activity
Performance counter anomalies (cache misses, row activations)
Spike in ECC corrections or unexplained bit flips

Disclosure Timeline

06 Jun 2025 — Coordinated disclosure initiated
12 Sep 2025 — Vendor notified (BIOS update availability)
15 Sep 2025 — Embargo lifted
28 Sep 2025 — Advisory published

References

• ETH Zurich COMSEC Phoenix project page
• Phoenix GitHub repository (POC + artifacts)
• Google Security Blog summary
• CVE-2025-6202

Action Required

Organizations using DDR5 systems with SK Hynix DIMMs should immediately apply vendor BIOS/firmware updates and evaluate increasing DRAM refresh rates until hardware fixes or new DRAM revisions become available.

Acknowledgments: ETH Zurich Computer Security Group (COMSEC) and Google Security. Disclosure coordination: Swiss NCSC.

View PoC & Artifacts (GitHub) Project Page