Hubbry Logo
Row hammerRow hammerMain
Open search
Row hammer
Community hub
Row hammer
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Row hammer
Row hammer
Row hammer
View on Wikipedia
from Wikipedia

Rowhammer (also written as row hammer or RowHammer) is a computer security exploit that takes advantage of an unintended and undesirable side effect in dynamic random-access memory (DRAM) in which memory cells interact electrically between themselves by leaking their charges, possibly changing the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times.[1][2][3]

The Rowhammer effect has been used in some privilege escalation computer security exploits,[2][4][5][6] and network-based attacks are also theoretically possible.[7][8]

Different hardware-based techniques exist to prevent the Rowhammer effect from occurring, including required support in some processors and types of DRAM memory modules.[9][10]

Background

[edit]
A high-level illustration of DRAM organization, which includes memory cells (blue squares), address decoders (green rectangles), and sense amplifiers (red squares)

In dynamic RAM (DRAM), each bit of stored data occupies a separate memory cell that is electrically implemented with one capacitor and one transistor. The charge state of a capacitor (charged or discharged) is what determines whether a DRAM cell stores "1" or "0" as a binary value. Huge numbers of DRAM memory cells are packed into integrated circuits, together with some additional logic that organizes the cells for the purposes of reading, writing, and refreshing the data.[11][12]

Memory cells (blue squares in both illustrations) are further organized into matrices and addressed through rows and columns. A memory address applied to a matrix is broken into the row address and column address, which are processed by the row and column address decoders (in both illustrations, vertical and horizontal green rectangles, respectively). After a row address selects the row for a read operation (the selection is also known as row activation), bits from all cells in the row are transferred into the sense amplifiers that form the row buffer (red squares in both illustrations), from which the exact bit is selected using the column address. Consequently, read operations are of a destructive nature because the design of DRAM requires memory cells to be rewritten after their values have been read by transferring the cell charges into the row buffer. Write operations decode the addresses in a similar way, but as a result of the design entire rows must be rewritten for the value of a single bit to be changed.[1]: 2–3 [11][12][13]

As a result of storing data bits using capacitors that have a natural discharge rate, DRAM memory cells lose their state over time and require periodic rewriting of all memory cells, a process known as refreshing.[1]: 3 [11] As another result of the design, DRAM memory is susceptible to random changes in stored data, which are known as soft memory errors and attributed to cosmic rays and other causes. There are different techniques that counteract soft memory errors and improve the reliability of DRAM, of which error-correcting code (ECC) memory and its advanced variants (such as lockstep memory) are most commonly used.[14]

Overview

[edit]
Rapid row activations (yellow rows) may change the values of bits stored in victim row (purple row).[15]: 2 

Increased densities of DRAM integrated circuits have led to physically smaller memory cells containing less charge, resulting in lower operational noise margins, increased rates of electromagnetic interactions between memory cells, and greater possibility of data loss. As a result, disturbance errors have been observed, being caused by cells interfering with each other's operation and manifesting as random changes in the values of bits stored in affected memory cells. The awareness of disturbance errors dates back to the early 1970s and Intel 1103 as the first commercially available DRAM integrated circuits; since then, DRAM manufacturers have employed various mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing. However, researchers proved in a 2014 analysis that commercially available DDR3 SDRAM chips manufactured in 2012 and 2013 are susceptible to disturbance errors, while using the term Rowhammer to name the associated side effect that led to observed bit flips.[1][3][15]

The opportunity for the Rowhammer effect to occur in DDR3 memory[16] is primarily attributed to DDR3's high density of memory cells and the results of associated interactions between the cells, while rapid DRAM row activations have been determined as the primary cause. Frequent row activations cause voltage fluctuations on the associated row selection lines, which have been observed to induce higher-than-natural discharge rates in capacitors belonging to nearby (adjacent, in most cases) memory rows, which are called victim rows; if the affected memory cells are not refreshed before they lose too much charge, disturbance errors occur. Tests show that a disturbance error may be observed after performing around 139,000 subsequent memory row accesses (with cache flushes), and that up to one memory cell in every 1,700 cells may be susceptible. Those tests also show that the rate of disturbance errors is not substantially affected by increased environment temperature, while it depends on the actual contents of DRAM because certain bit patterns result in significantly higher disturbance error rates.[1][2][15][17]

A variant called double-sided hammering involves targeted activations of two DRAM rows surrounding a victim row: in the illustration provided in this section, this variant would be activating both yellow rows with the aim of inducing bit flips in the purple row, which in this case would be the victim row. Tests show that this approach may result in a significantly higher rate of disturbance errors, compared to the variant that activates only one of the victim row's neighboring DRAM rows.[4][18]: 19–20 [19]

As DRAM vendors have deployed mitigations, patterns had to become more sophisticated to bypass Rowhammer mitigations. More recent Rowhammer patterns include non-uniform, frequency-based patterns.[20] These patterns consist of many double-sided aggressors pairs where each of them is hammered with a different frequency, phase, and amplitude. Using this and synchronizing patterns with the REFRESH command, it is possible to very effectively determine "blind spots" where the mitigation is not able to provide protection anymore. Based on this idea, academics built a Rowhammer fuzzer named Blacksmith[21] that can bypass existing mitigations on all DDR4 devices.

Mitigation

[edit]

Different methods exist for more or less successful detection, prevention, correction or mitigation of the Rowhammer effect. Tests show that simple error correction code, providing single-error correction and double-error detection (SECDED) capabilities, are not able to correct or detect all observed disturbance errors because some of them include more than two flipped bits per memory word.[1]: 8 [15]: 32  Furthermore, research shows that precisely targeted three-bit Rowhammer flips prevents ECC memory from noticing the modifications.[22][23]

A less effective solution is to introduce more frequent memory refreshing, with the refresh intervals shorter than the usual 64 ms,[a] but this technique results in higher power consumption and increased processing overhead; some vendors provide firmware updates that implement this type of mitigation.[24] One of the more complex prevention measures performs counter-based identification of frequently accessed memory rows and proactively refreshes their neighboring rows; another method issues additional infrequent random refreshes of memory rows neighboring the accessed rows regardless of their access frequency. Research shows that these two prevention measures cause negligible performance impacts.[1]: 10–11 [25]

Since the release of Ivy Bridge microarchitecture, Intel Xeon processors support the so-called pseudo target row refresh (pTRR) that can be used in combination with pTRR-compliant DDR3 dual in-line memory modules (DIMMs) to mitigate the Rowhammer effect by automatically refreshing possible victim rows, with no negative impact on performance or power consumption. When used with DIMMs that are not pTRR-compliant, these Xeon processors by default fall back on performing DRAM refreshes at twice the usual frequency, which results in slightly higher memory access latency and may reduce the memory bandwidth by up to 2–4%.[9]

The LPDDR4 mobile memory standard published by JEDEC[26] includes optional hardware support for the so-called target row refresh (TRR) that prevents the Rowhammer effect without negatively impacting performance or power consumption.[10][27][28] Additionally, some manufacturers implement TRR in their DDR4 products,[29][30] although it is not part of the DDR4 memory standard published by JEDEC.[31] Internally, TRR identifies possible victim rows, by counting the number of row activations and comparing it against predefined chip-specific maximum activate count (MAC) and maximum activate window (tMAW) values, and refreshes these rows to prevent bit flips. The MAC value is the maximum total number of row activations that may be encountered on a particular DRAM row within a time interval that is equal or shorter than the tMAW amount of time before its neighboring rows are identified as victim rows; TRR may also flag a row as a victim row if the sum of row activations for its two neighboring rows reaches the MAC limit within the tMAW time window.[26][32] Research showed that TRR mitigations deployed on DDR4 UDIMMs and LPDDR4X chips from devices produced between 2019 and 2020 are not effective in protecting against Rowhammer.[20]

Due to their necessity of huge numbers of rapidly performed DRAM row activations, Rowhammer exploits issue large numbers of uncached memory accesses that cause cache misses, which can be detected by monitoring the rate of cache misses for unusual peaks using hardware performance counters.[4][33]

Version 5.0 of the MemTest86 memory diagnostic software, released on December 3, 2013, added a Rowhammer test that checks whether computer RAM is susceptible to disturbance errors, but it only works if the computer boots UEFI; without UEFI, it boots an older version with no hammer test.[34]

Implications

[edit]

Memory protection, as a way of preventing processes from accessing memory that has not been assigned to each of them, is one of the concepts behind most modern operating systems. By using memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, in which programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task. Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system.[35][36]

Disturbance errors (explained in the section above) effectively defeat various layers of memory protection by "short circuiting" them at a very low hardware level, practically creating a unique attack vector type that allows processes to alter the contents of arbitrary parts of the main memory by directly manipulating the underlying memory hardware.[2][4][18][37] In comparison, "conventional" attack vectors such as buffer overflows aim at circumventing the protection mechanisms at the software level, by exploiting various programming mistakes to achieve alterations of otherwise inaccessible main memory contents.[38]

Exploits

[edit]
hammer:
  mov (X), %eax  // read from address X
  mov (Y), %ebx  // read from address Y
  clflush (X)    // flush cache for address X
  clflush (Y)    // flush cache for address Y
  jmp hammer
A snippet of x86 assembly code that induces the row hammer effect (memory addresses X and Y must map to different DRAM rows in the same memory bank)[1]: 3 [4][18]: 13–15 

The initial research into the Rowhammer effect, published and presented in June 2014 at the International Symposium on Computer Architecture, described and analyzed the nature of DRAM read disturbance errors in DDR3 DRAM chips. This paper[1] experimentally studied 129 real DDR3 DRAM modules from three DRAM manufacturers and demonstrated read disturbance bitflips in 110 of them. It also showed that a user-level program run on two real systems from Intel and AMD induces bitflips in main memory. The work indicated the potential for constructing an attack, saying that "With some engineering effort, we believe we can develop Code 1a into a disturbance attack that injects errors into other programs, crashes the system, or perhaps even hijacks control of the system. We leave such research for the future since the primary objective in this work is to understand and prevent DRAM disturbance errors."[1]

A subsequent October 2014 research paper did not imply the existence of any security-related issues arising from the Rowhammer effect.[16]

On March 9, 2015, Google's Project Zero revealed two working privilege escalation exploits based on the Rowhammer effect, establishing its exploitable nature on the x86-64 architecture. One of the revealed exploits targets the Google Native Client (NaCl) mechanism for running a limited subset of x86-64 machine instructions within a sandbox,[18]: 27  exploiting the Rowhammer effect to escape from the sandbox and gain the ability to issue system calls directly. This NaCl vulnerability, tracked as CVE-2015-0565, has been mitigated by modifying the NaCl so it does not allow execution of the clflush (cache line flush[39]) machine instruction, which was previously believed to be required for constructing an effective Rowhammer attack.[2][4][37]

The second exploit revealed by Project Zero runs as an unprivileged Linux process on the x86-64 architecture, exploiting the Rowhammer effect to gain unrestricted access to all physical memory installed in a computer. By combining the disturbance errors with memory spraying, this exploit is capable of altering page table entries[18]: 35  used by the virtual memory system for mapping virtual addresses to physical addresses, which results in the exploit gaining unrestricted memory access.[18]: 34, 36–57  Due to its nature and the inability of the x86-64 architecture to make clflush a privileged machine instruction, this exploit can hardly be mitigated on computers that do not use hardware with built-in Rowhammer prevention mechanisms. While testing the viability of exploits, Project Zero found that about half of the 29 tested laptops experienced disturbance errors, with some of them occurring on vulnerable laptops in less than five minutes of running row-hammer-inducing code; the tested laptops were manufactured between 2010 and 2014 and used non-ECC DDR3 memory.[2][4][37]

In July 2015, a group of security researchers published a paper that describes an architecture- and instruction-set-independent way for exploiting the Rowhammer effect. Instead of relying on the clflush instruction to perform cache flushes, this approach achieves uncached memory accesses by causing a very high rate of cache eviction using carefully selected memory access patterns. Although the cache replacement policies differ between processors, this approach overcomes the architectural differences by employing an adaptive cache eviction strategy algorithm.[18]: 64–68  The proof of concept for this approach is provided both as a native code implementation, and as a pure JavaScript implementation that runs on Firefox 39. The JavaScript implementation, called Rowhammer.js,[40] uses large typed arrays and relies on their internal allocation using large pages; as a result, it demonstrates a very high-level exploit of a very low-level vulnerability.[41][42][43][44]

In October 2016, researchers published DRAMMER, an Android application that uses Rowhammer, together with other methods, to reliably gain root access on several popular smartphones.[45] The vulnerability was acknowledged as CVE-2016-6728[46] and a mitigation was released by Google within a month. However, due to the general nature of possible implementations of the attack, an effective software patch is difficult to be reliably implemented. As of June 2018, most patch proposals made by academia and industry were either impractical to deploy or insufficient in stopping all attacks. As a mitigation, researchers proposed a lightweight defense that prevents attacks based on direct memory access (DMA) by isolating DMA buffers with guard rows.[47][48]

In May 2020, the TRRespass work[49] showed that existing DDR4 DRAM chips, which are claimed to be protected and resilient against Rowhammer, are actually vulnerable to Rowhammer. This work introduced a new access pattern, called many-sided hammering, which circumvents Rowhammer protections that were put into place inside DDR4 DRAM chips.

In May 2021, a Google research team announced a new exploit, Half-Double that takes advantage of the worsening physics of some of the newer DRAM chips.[50]

In March 2024, a group of researchers at ETH Zürich announced ZenHammer, a rowhammer exploit for AMD Zen chips, and also announced the first use of rowhammer to exploit DDR5 SDRAM.[51][52]

In June 2024, a group of researchers at ETH Zürich announced RISC-H, a rowhammer exploit for RISC-V chips, this is the first Rowhammer study on RISC-V.[53]

In September 2025, a group of researchers at ETH Zürich announced Phoenix, which successfully bypassed all Rowhammer Target Row Refresh mitigations in one of the largest DDR5 SDRAM manufacturer's sample by using longer and more advanced patterns, and demonstrated the vulnerability in practice.[54]

See also

[edit]
  • Memory scrambling – memory controller feature that turns user data written to the memory into pseudo-random patterns
  • Radiation hardening – the act of making electronic components resistant to damage or malfunctions caused by ionizing radiation
  • Single event upset  – a change of state caused by ions or electromagnetic radiation striking a sensitive node in an electronic device
  • Soft error – a type of error involving erroneous changes to signals or data but no changes to the underlying device or circuit

Notes

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Row hammer

View on Grokipedia
from Grokipedia
Rowhammer is a hardware vulnerability affecting (DRAM) chips, in which repeated activation of a single memory row induces bit flips—unintended changes from 0 to 1 or vice versa—in adjacent or nearby rows due to electrical interference and charge leakage between cells. This phenomenon, also known as a DRAM disturbance error, arises from voltage fluctuations on the wordline during frequent row accesses, accelerating the natural leakage of charge in neighboring DRAM cells and potentially corrupting data without direct access to those cells. First rigorously characterized in 2014 through experiments on 129 commodity DRAM modules from three major manufacturers, rowhammer was found to affect 110 of them, with all modules produced between 2012 and 2013 exhibiting the issue; errors could be induced with as few as 139,000 accesses, and up to 1 in 1,700 cells proved susceptible in the worst cases. The vulnerability has significant security implications, as it undermines the isolation provided by and hypervisors, allowing a malicious user-level to potentially corrupt in other processes, the kernel, or even remote systems. For instance, in 2015, researchers demonstrated a practical exploit using rowhammer to escalate privileges from a user application to kernel level on systems by flipping specific bits in sensitive locations, such as entries. This has enabled diverse attacks, including , denial-of-service, and data corruption in virtualized environments, , and mobile devices; by 2019, rowhammer persisted across DDR4, ECC-protected, and low-power DRAM variants, with ongoing research highlighting its exploitability in scenarios like GPU and remote attacks over . Recent developments as of 2025 have extended concerns to , such as discrete GPUs with GDDR6 —where bit flips across multiple banks have been achieved—and even systems vulnerable to analogous cross-talk effects. To mitigate rowhammer, hardware and software defenses have been developed and partially adopted by industry. Early proposals included the probabilistic adjacent row activation (PARA) scheme, which refreshes nearby rows with a low probability during normal operation to prevent bit flips without excessive overhead. Increasing DRAM refresh rates—potentially by up to 7.8 times—can eliminate errors in vulnerable modules but incurs energy and bandwidth costs of 10–23%. By the late 2010s, vendors like , , and implemented target row refresh (TRR) mechanisms in memory controllers to track and proactively refresh at-risk rows, while companies such as Apple and integrated software-based counters and monotonic counters for added protection in their ecosystems. Despite these advances, rowhammer remains an active research area, with 2024–2025 studies revealing limitations in defenses like per-row activation counting (PRAC) against timing-based side-channel attacks and new vectors in high-bandwidth interfaces like PCIe.

Background

Discovery and Definition

Row hammer is a hardware vulnerability inherent to dynamic random-access memory (DRAM) in which the repeated and aggressive activation of a single memory row—known as "hammering"—induces unintended bit flips in physically adjacent rows due to electrical interference between neighboring cells. This phenomenon arises from disturbance errors, where the voltage fluctuations during row activations accelerate charge leakage in nearby capacitors, potentially corrupting stored data without direct access to the affected cells. To understand row hammer, it is essential to grasp the basic structure of DRAM, which organizes data in a two-dimensional of cells. Each cell consists of a tiny that stores an electrical charge to represent a binary bit (charged for 1, discharged for 0) and an access that connects the capacitor to a bitline during read or write operations. Cells are arranged in rows (activated via wordlines) and columns (connected via bitlines), with activating a row charging its wordline to open the transistors and allow charge sharing with bitlines for data sensing. The vulnerability was first discovered and systematically characterized in 2014 through experimental research conducted by Yoongu Kim and colleagues from and Intel Labs, as detailed in their seminal paper presented at the International Symposium on (ISCA). The term "row hammer," which originated in industry contexts such as Intel patents around 2012, was used in this work to describe the attack pattern of repeatedly accessing the same row to provoke errors in adjacent "victim" rows. The key experiments involved testing 129 commodity DDR3 DRAM modules sourced from major manufacturers (2010–2013 production), using a custom FPGA-based platform for precise, cycle-accurate control over accesses independent of standard CPU controllers. Researchers hammered target rows by activating them repeatedly—as few as 139,000 times within the DRAM's refresh interval—while monitoring adjacent rows for bit via targeted read patterns, all at ambient temperatures (50 ± 2°C) and without hardware modifications. Disturbance manifested in 110 of the 129 modules (across 836 of 972 individual chips), with vulnerable modules showing bit flip rates up to 1 per 1,700 cells, confirming the issue's prevalence in real-world DRAM deployed in systems at the time. Subsequent studies have extended these findings, revealing that row hammer affects later DRAM types including DDR4.

Historical Context

Early observations of DRAM cell coupling and disturbance failures date back to the 1970s, coinciding with the commercialization of the first DRAM chips. Manufacturers recognized these issues in devices like the , where repeated accesses to nearby cells could induce charge leakage through inter-cell interference, prompting initial mitigation strategies in design. Throughout the and , researchers documented specific coupling effects, such as wordline and bitline noise in megabit-scale DRAMs, leading to techniques like twisted bit lines to reduce . For instance, studies in the late analyzed adjacent bitline coupling in multi-Mb DRAMs, while early work explored wordline coupling reduction to maintain reliability as cell densities increased. By the , production tests incorporated "hammer" patterns to screen for disturbance errors, highlighting ongoing concerns with cell-to-cell interference in scaled arrays. DRAM scaling from early generations to DDR3 significantly exacerbated these reliability challenges by increasing cell density and proximity, which amplified leakage currents and reduced noise margins. As feature sizes shrank below 100 nm, the closer packing of cells intensified electromagnetic coupling and charge leakage, making retention times more variable and susceptible to interference from aggressive access patterns. This progression, observed in studies from the early , underscored how sub-50 nm technologies in DDR3-era chips heightened vulnerability to row-to-row disturbances without proportional improvements in isolation techniques. Leakage mechanisms, including sub-threshold currents in access transistors, became more pronounced, necessitating higher refresh frequencies to preserve . Industry awareness of these issues was reflected in pre-2014 standards, which specified refresh intervals—such as 7.8 μs for DDR3 under normal —to counteract leakage-induced from cell . Manufacturer reports from the late emphasized adjusting refresh rates for extended ranges, acknowledging the role of scaling in worsening disturbance effects. Key milestones in the timeline include 1977 patents for reliability enhancements against , 1999 introduction of tests in fault screening, and 2011 analyses linking scaling to in high-density DRAM. Academic work in 2012–2013 began hinting at errors from repeated row activations, setting the stage for the formal identification of the Rowhammer vulnerability in 2014.

Technical Mechanism

DRAM Cell Interference

Dynamic random-access memory (DRAM) cells are typically organized in a two-dimensional array, where each cell consists of a capacitor to store charge representing data and an access transistor to connect the capacitor to bitlines for read/write operations. These cells are arranged in rows and columns, with rows sharing a common wordline that activates multiple cells simultaneously during access, and columns connected via bitlines for sensing the stored charge. In this structure, adjacent rows share proximity along wordlines and bitlines, enabling electrical interactions that can disturb neighboring cells without direct access. Rowhammer interference arises primarily from charge leakage in victim cells adjacent to a frequently accessed (hammered) row, accelerated by repeated wordline activations. between adjacent wordlines causes voltage fluctuations during hammering, partially turning on access transistors in victim rows and allowing unintended charge sharing or leakage from their capacitors. Additionally, these activations induce voltage disturbances that stress nearby cells, while in high-density chips, electron migration—such as through —can further degrade cell isolation by altering transistor thresholds or increasing leakage currents over time. Vulnerability to this interference is influenced by manufacturing process variations, which create inconsistencies in cell and leakage paths, making some chips more prone to errors. plays a role by accelerating charge leakage, though its impact varies; for instance, error rates can increase modestly at higher temperatures like 50°C compared to room conditions. Supply voltage reductions, common in modern designs, narrow noise margins and heighten susceptibility, while smaller feature sizes—such as the 20 nm nodes in DDR3 DRAM—exacerbate the issue by decreasing cell spacing and , thereby intensifying coupling effects. Experimental studies have measured interference thresholds, revealing that bit flips can occur after as few as 139,000 activations of a single row in vulnerable DDR3 modules, with the minimum hammer cycles dropping to around 10,000 in more susceptible modern DDR4 and LPDDR4 chips due to scaling. Across tested devices, up to 1 in 1,700 cells showed interference, confirming the physical root cause as wordline voltage disturbances leading to accelerated leakage.

Bit Flipping Process

In (DRAM), the bit flipping process during a Rowhammer attack begins with the repeated of a specific row, known as the aggressor row, through a sequence of activate-precharge cycles. This hammering involves rapidly opening and closing the aggressor row without directly accessing the in adjacent victim rows, which are physically neighboring in the same memory bank. Each causes voltage fluctuations on the shared wordline, leading to unintended electrical interference that disturbs the charge stored in the capacitors of nearby cells. Over numerous cycles—typically on the order of 100,000 to 200,000 s—these disturbances accelerate charge leakage in the victim rows, creating imbalances where stored charge either leaks excessively (causing a '1' to flip to '0') or, less commonly, gains charge (causing a '0' to flip to '1'). The resulting errors primarily manifest as single-bit flips in the victim rows, though multi-bit errors can occur across multiple cells within the same 64-bit word, complicating detection by error-correcting codes (ECC). Empirical studies on commodity DRAM modules have shown that susceptible chips exhibit bit flip rates where up to 1 in 1,700 cells may be vulnerable, with errors inducible after as few as 139,000 under controlled conditions; in more fragile devices, multi-bit flips can affect dozens of bits per row. Probability models for these flips depend on the hammering frequency and DRAM timing parameters, such as the activation interval (typically 55–500 ns), with higher rates correlating to faster access patterns that exacerbate leakage before refresh operations restore charge. Bit flips propagate primarily to physically adjacent rows within the same bank, where the row layout consists of a linear array of cells organized by wordlines and bitlines, making rows immediately above and below the aggressor (e.g., row N-1 and N+1 for hammered row N) the most susceptible. Interference can also follow diagonal patterns due to the two-dimensional cell arrangement in the DRAM array, where an aggressor cell influences victim cells not directly aligned but offset in both row and column directions, as observed in patterns spanning multiple pages per row. These mechanics are confined to the same bank to maximize disturbance, as cross-bank accesses do not induce significant interference. To detect and measure these bit flips in controlled environments, researchers employ techniques such as FPGA-based DRAM testers that systematically rows while varying intervals and monitoring error rates through bulk or targeted read-back operations. Software tools, including error counters integrated into operating systems or custom benchmarks, track discrepancies by comparing pre- and post- memory states, often using timing instructions like RDTSC to correlate flips with access patterns; soft-offlining methods can isolate and log faulty regions for analysis without permanent hardware disabling. These approaches have quantified flip probabilities across diverse DRAM modules, revealing variability by vendor and technology node.

Mitigation Techniques

Hardware-Based Approaches

Hardware-based approaches to mitigate Rowhammer integrate protective mechanisms directly into DRAM chips or memory controllers, aiming to detect aggressive access patterns and prevent bit flips in victim rows without relying on software intervention. These solutions prioritize low-overhead detection and correction at the hardware level, leveraging standards from organizations like to ensure compatibility across devices. By addressing the root cause of cell interference during row activations, they provide a foundational layer of defense in modern systems. A of these mitigations is Target Row Refresh (TRR), a mechanism developed by DRAM manufacturers for DDR4 modules to counter Rowhammer vulnerabilities. TRR employs an in-DRAM sampler to monitor row activation counts within each bank over a 64 ms refresh window; if activations exceed a manufacturer-specific Maximum Activation Count (typically ranging from 20,000 to 60,000), the mechanism triggers proactive refreshes of adjacent victim rows to restore charge levels and avert bit flips. This approach effectively neutralizes basic single-sided and double-sided hammering patterns by distributing extra refresh operations during standard refresh cycles, though advanced many-sided patterns can bypass it, with lab evaluations demonstrating error rate reductions exceeding 90% under targeted stress tests. However, TRR incurs a modest penalty from additional refresh latency, typically adding 1-5% to overall system latency in high-access workloads. Early proposals included the probabilistic adjacent row activation (PARA) scheme, which refreshes nearby rows with a low probability during normal operation to prevent bit flips without excessive performance overhead. Increasing DRAM refresh rates—potentially by up to 7.8 times—can eliminate errors in vulnerable modules but incurs and bandwidth costs of 10–23%. Complementing TRR, on-die error-correcting (ECC) integrates single-error correction capabilities directly within the DRAM die, enabling real-time detection and masking of bit flips that may arise from residual Rowhammer interference. In DDR4, on-die ECC corrects isolated errors using a compact scheme, while DDR5 enhances this with more robust implementations, support for higher densities (up to 8x that of DDR4 in some configurations), and improved refresh options to further suppress vulnerability across denser cell arrays. These features collectively reduce the likelihood of uncorrectable errors, with studies indicating on-die ECC alone can mitigate over 99% of single-bit disturbances in controlled environments. Additional techniques include voltage modulation and reinforced cell architectures in newer DRAM generations. Reducing wordline voltage during diminishes between adjacent rows, thereby increasing the hammer count threshold required for bit flips by up to 85.8% without altering core DRAM timing. DDR5 further employs improved isolation trenches and staggered scheduling in controllers to minimize simultaneous row disturbances, enhancing overall resilience in high-density layouts. These hardware innovations, while varying by manufacturer, collectively ensure scalable protection as DRAM densities continue to rise. As of 2025, has highlighted limitations in advanced mitigations like per-row (PRAC), vulnerable to timing-based side-channel attacks, and new vectors in high-bandwidth interfaces like PCIe.

Software and System-Level Defenses

Software and system-level defenses against Rowhammer focus on operating , , and mechanisms that detect, isolate, or disrupt attack patterns without requiring hardware modifications. These approaches often involve randomizing memory allocations or inserting protective barriers to reduce the likelihood of bit flips propagating to sensitive data. One seminal example is the introduction of probabilistic countermeasures in OS kernels, such as the ZebRAM , which isolates DRAM rows using a zebra-striping pattern where guard rows absorb potential disturbances from hammered aggressor rows. Implemented as a prototype in the (version 4.4) with QEMU-KVM, ZebRAM remaps memory via extensions to separate safe and unsafe rows, employing integrity checks like SHA-256 hashing and optional compression for guard rows to maintain usability. This randomization of page allocations dilutes predictable hammering patterns, preventing attackers from targeting adjacent victim rows containing critical data, though it incurs a performance overhead of approximately 5% on SPEC CPU2006 benchmarks. Virtualization protections extend these principles at the hypervisor level to enforce isolation between guests and hosts. In environments like KVM or VMware, mechanisms limit guest access to physical rows that could be hammered to affect hypervisor or other VM memory. For instance, AMD's Secure Memory Encryption (SME) integrates with hypervisors to encrypt DRAM contents using AES-128, mitigating the impact of bit flips by rendering flipped ciphertext unintelligible without the key, thus protecting against exploitation in virtualized setups. Similarly, Intel's Trust Domain Extensions (TDX) incorporate Rowhammer-specific mitigations within its confidential computing framework, including enhanced memory isolation and error detection to prevent inter-VM disturbances, as verified in TDX 1.0 modules. These firmware-assisted features ensure that even if a bit flip occurs in a guest's memory, it does not compromise the integrity of the host or other domains, with minimal additional overhead beyond baseline encryption costs. Monitoring tools provide runtime detection of anomalous access patterns to trigger proactive mitigations. Software detectors, such as , leverage existing hardware performance counters to track DRAM access locality without dedicated hardware. Upon identifying frequent activations indicative of hammering—via metrics like last-level cache misses— selectively refreshes potential victim rows, achieving a under 1% and an average slowdown of 1% across SPEC2006 workloads. This approach integrates into OS schedulers to pause suspicious processes or isolate affected pages, offering a lightweight layer of defense compatible with environments. Industry standards emphasize balanced implementation of these soft mitigations, as outlined in high-impact publications, recommending trade-offs like 2-10% CPU overhead for monitoring to ensure practicality in production systems. Guidance prioritizes comprehensive coverage through layered defenses—combining allocation , isolation, and detection—while evaluating impacts on throughput and latency to avoid over-provisioning resources. These strategies have been widely adopted in kernel prototypes and virtualized platforms, providing protection against many established Rowhammer variants, though ongoing research as of 2025 highlights limitations against advanced attacks, including those on DDR5 and GPU memories.

Security Implications

Recent Developments and Vulnerabilities

In 2025, researchers from and introduced the Phoenix attack, a novel Rowhammer variant (CVE-2025-6202) that bypasses advanced target row refresh (TRR) defenses in DDR5 memory through self-correcting synchronization techniques. This method monitors and aligns thousands of refresh operations to induce bit flips reliably, succeeding on all 15 tested DDR5 devices and enabling in under 109 seconds, even against on-die error-correcting code (ECC). The attack highlights persistent gaps in DDR5's Rowhammer resistance, as disclosed on September 15, 2025, and is slated for presentation at IEEE Security & Privacy 2026. Also in 2025, the GPUHammer attack marked the first practical demonstration of Rowhammer on discrete graphics processing units (GPUs), targeting 's A6000 with GDDR6 memory. Developed by researchers, it leverages programs to hammer rows and inject up to 8 bit flips across four DRAM banks, evading existing mitigations like TRR. issued a July 9, 2025, security notice acknowledging the vulnerability and recommending activation of system-level ECC to mitigate risks, particularly in AI workloads where bit flips could degrade model integrity. The ρHammer framework, unveiled in October 2025, revived Rowhammer attacks on modern architectures by exploiting prefetching instructions to amplify hammering efficiency and overcome mitigation-induced challenges. This approach systematically addresses timing inconsistencies and access restrictions in contemporary x86 and systems, restoring attack viability despite enhanced hardware protections. These 2025 developments underscore a trend of escalating Rowhammer sophistication, with attacks increasingly targeting specialized hardware like GPUs and next-generation DDR5, outpacing mitigation advancements and posing broader threats to system integrity.

References

  1. https://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf
  2. https://people.inf.ethz.ch/omutlu/pub/RowHammer-Retrospective_ieee_tcad19.pdf
  3. https://www.blackhat.com/docs/us-15/materials/us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges.pdf
  4. https://patents.google.com/patent/US20140006703A1/en
  5. https://arxiv.org/abs/1904.09724
  6. https://www.researchgate.net/publication/224231258_A_study_of_scaling_effects_on_DRAM_reliability
  7. http://www.pdl.cmu.edu/PDL-FTP/NVM/dram-retention_isca13.pdf
  8. https://user.eng.umd.edu/~blj/papers/ieeetc65-1.pdf
  9. https://people.inf.ethz.ch/omutlu/pub/Revisiting-RowHammer_isca20.pdf
  10. https://people.inf.ethz.ch/omutlu/pub/RowHammer-Retrospective_ieee_tcad19-official.pdf
  11. https://vvdveen.com/publications/drammer.pdf
  12. https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
  13. https://download.vusec.net/papers/trrespass_sp20.pdf
  14. https://arxiv.org/abs/2206.09999
  15. https://arxiv.org/abs/2505.10111
  16. https://www.usenix.org/system/files/osdi18-konoth.pdf
  17. https://forums.anandtech.com/threads/amd-secure-memory-encryption-is-not-vulnerable-to-rowhammer-attacks.2532829/
  18. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/tdx-security-research-and-assurance.html
  19. https://dl.acm.org/doi/10.1145/2980024.2872390
  20. https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html
  21. https://www.usenix.org/conference/usenixsecurity25/presentation/nazaraliyev
  22. https://comsec.ethz.ch/phoenix
  23. https://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
  24. https://gpuhammer.com/
  25. https://www.usenix.org/conference/usenixsecurity25/presentation/lin-shaopeng
  26. https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%253A-rowhammer---july-2025
  27. https://arxiv.org/abs/2510.16544
  28. https://www.researchgate.net/publication/396715159_rHammer_Reviving_RowHammer_Attacks_on_New_Architectures_via_Prefetching
  29. https://www.csoonline.com/article/4059680/new-rowhammer-technique-against-ddr5-achieves-privilege-escalation.html
Add your contribution
Related Hubs
User Avatar
No comments yet.