We have been investigating the security of DDR5 DRAM against Rowhammer attacks since December of 2021 when we could buy a system with such DRAM devices for the first time. What was supposed to be a quick project, showing that these devices are similarly affected to our non-uniform patterns on DDR4, turned out to be a four-year project involving major infrastructure building, reverse engineering of memory controllers, and eventually reverse engineering of in-DRAM mitigations on a major DRAM vendor. Phoenix is the culmination of all this effort that we published at IEEE S&P 2026. In a nutshell, Phoenix shows that bypassing Rowhammer mitigations on DDR5 DRAM requires significantly longer patterns (compared to DDR4) and a sophisticated self-correcting refresh synchronization technique as a result. Phoenix is the first work that triggers bit flips on DDR5 DRAM with the latest TRR mitigations.
Phoenix received media attention due to its impact from several outlets such as BleepingComputer, Cyber Security News, The Hacker News, and Security Week. Additionally, Phoenix was honored with a Distinguished Paper Award at the IEEE S&P 2026. This link provides more information about the technical contributions of Phoenix including a demo that shows a reliable privilege escalation attack using these DDR5 bit flips that runs under two minutes.