Uncategorized

Phoenix: Rowhammer Attacks on DDR5 Memory – AMD ID: AMD-SB-7048 (17-09-2025)

Leave a comment

Preface: The researchers behind the related “ZenHammer” work found that using traditional timing side-channel methods for synchronization was less reliable on AMD Zen platforms compared to Intel CPUs. The Phoenix attack was designed to overcome these challenges using a “self-correcting” technique.

Background: Phoenix attack does not use XOR or similar software-level bit manipulation. Instead, it exploits physical properties of DRAM cells — flipping bits by repeatedly accessing adjacent rows (hammering), which causes electrical interference. The “Phoenix” attack, a system-level Rowhammer attack against DDR5 memory, requires monitoring timing to maintain synchronization with the memory’s refresh commands, which are essential for the attack’s success and for triggering bit flips despite mitigations like Targeted Row Refresh (TRR). The attack uses a “self-correcting” synchronization method that realigns the hammer pattern whenever a missed refresh is detected, allowing it to remain synchronized over long periods and bypass defenses that would otherwise prevent bit flips.

A CPU/GPU bit flip is an unintentional change of a digital bit’s value (from 0 to 1, or 1 to 0) within the Central Processing Unit (CPU) or Graphics Processing Unit (GPU). These errors can stem from hardware malfunctions, electromagnetic interference, cosmic rays, or manufacturing defects, potentially leading to incorrect calculations, data corruption, or system crashes. Modern processors often use techniques like Error Correcting Code (ECC) to detect and fix these errors, especially in high-assurance environments.

Vulnerability details: Researchers were able to use rowhammering techniques on DDR5 memory to obtain bitflips in order to escalate privileges.AMD believes this to be a memory issue. Susceptibility to rowhammer attacks varies based on the DRAM device, vendor, technology, and system settings. AMD recommends contacting your DRAM or system manufacturer to determine susceptibility.

Official announcement: Please refer to the link for more details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7048.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.