CVE-2025-6202

Name of the Vulnerable Software and Affected Versions SK Hynix DDR5 versions produced from January 2021 through December 2024

Description A vulnerability exists in SK Hynix DDR5 memory, allowing a local attacker to trigger Rowhammer bit flips, impacting hardware integrity and system security. The attack, dubbed “Phoenix” (CVE-2025-6202), bypasses existing protections like Error Correction Code (ECC) and Target Row Refresh (TRR). Successful exploitation can lead to bit flips within 109 seconds, potentially compromising RSA keys, escalating privileges to root, and enabling unauthorized access to sensitive data. The attack involves manipulating DRAM refresh cycles to achieve stable bit flips, even with protective measures in place. The vulnerability affects standard production-grade DDR5 systems.

Recommendations Increase the DRAM refresh rate threefold (3x) to mitigate the risk of exploitation.