Researchers from the Swiss Higher Technical School of Zurich, together with engineers from Google developed a new technique Attacks of the Rowhammer class-phoenix (CVE-2025-6202), which allows bypass Trr protection mechanisms (Target Row Refresh), which prevents the distortion of memory cells due to the loss of charge. Published an exploit prototype that allows you to change the contents of a certain bit in RAM and achieve an increase in its privileges in the system. A demonstration of the attack was carried out on a PC with an AMD processor based on the Zen 4 and DDR5 and DDR5 SK HYNIX microarchitecture, on which the tasks typical of the desktop were performed.
Rowhammer attack allows you to distort the contents of individual DRAM memory bits by cyclic data reading from neighboring memory cells. Since the DRAM memory is a two-dimensional array of cells, each of which consists of a capacitor and a transistor, the execution of continuous reading of the same area of memory leads to voltage fluctuation and abnormalities that cause a slight loss of charge of neighboring cells. If the reading intensity is large, then the adjacent cell may lose a fairly large charge volume and the next regeneration cycle will not have time to restore its initial state, which will lead to a change in the value of the data stored in the cell.
The Rowhammer attack method was proposed in 2014, after which the game of the equipment began in the “cat-mossy cats” – manufacturers of chips. They tried to block the vulnerability, and the researchers found new ways to bypass it. For example, to protect against Rowhammer, chips manufacturers added the TRR (Target Row Refresh) mechanism, but it turned out that it blocks the distortion of cells only in particular cases, but does not protect against all possible attack options. The attack methods were designed for DDR3, DDR4 and DDR5 chips on systems with Intel, AMD and arm, as well as for video memory used in Nvidia