Phoenix: Rowhammer Attacks on DDR5 with Self-Correcting Synchronization

DDR5 has shown an increased resistance to Rowhammer attacks in production settings. Surprisingly, DDR5 achieves this without additional refresh management commands, pointing to the deployment of more sophisticated inDRAM Target Row Refresh (TRR) mechanisms. This paper reverse engineers such advanced TRR schemes in DDR5 devices for the first time. Our findings show that compared to older mitigations deployed in DDR4, these new schemes have considerably fewer blind spots spread over many refresh intervals. This means that an effective DDR5 Rowhammer pattern must precisely track thousands of refresh operations, which we show is not possible with existing techniques. To address this challenge, our new DDR5 Rowhammer attack, called Phoenix, self-corrects the pattern whenever it detects a missed refresh operation during the attack. Our evaluation shows that Phoenix triggers bit flips on 15 out of 15 DDR5 devices in our test pool. Using these bit flips, we build the first Rowhammer privilege escalation exploit that obtains root on a production DDR5 system with default settings in as little as 109 seconds. These results provide further evidence that a principled Rowhammer mitigation, such as per-row activation counters, is mandatory for a secure operation of future devices.