Scientists from the Computer data-analytics-id=”inline-link” href=”https://www.tomshardware.com/tag/security” data-auto-tag-linker=”true” data-before-rewrite-localise=”https://www.tomshardware.com/tag/security”>Security Group (COMSEC) at the ETH Zürich college, in conjunction with data-analytics-id=”inline-link” href=”https://www.tomshardware.com/tag/google” data-auto-tag-linker=”true” data-before-rewrite-localise=”https://www.tomshardware.com/tag/google”>Google, have published a proof-of-concept attack on DDR5 RAM called data-analytics-id=”inline-link” href=”https://comsec.ethz.ch/research/dram/phoenix/” target=”_blank” data-url=”https://comsec.ethz.ch/research/dram/phoenix/” referrerpolicy=”no-referrer-when-downgrade” data-hl-processed=”none”>Phoenix, with the CVE number 2025-6202. The new attack causes bit-flips in memory, leading to a set of vulnerabilities that includes high-level privilege escalation. Phoenix adeptly bypasses DDR5’s preventive measures for data-analytics-id=”inline-link” href=”https://www.tomshardware.com/pc-components/gpus/new-rowhammer-attack-silently-corrupts-ai-models-on-gddr6-nvidia-cards-gpuhammer-attack-drops-ai-accuracy-from-80-percent-to-0-1-percent-on-rtx-a6000″ data-before-rewrite-localise=”https://www.tomshardware.com/pc-components/gpus/new-rowhammer-attack-silently-corrupts-ai-models-on-gddr6-nvidia-cards-gpuhammer-attack-drops-ai-accuracy-from-80-percent-to-0-1-percent-on-rtx-a6000″> Rowhammer-style attacks, and neither ECC nor ODECC (on-die ECC) are of help.
It’s worth noting that COMSEC only…
