Rowhammer
What is Rowhammer?
RowhammerA hardware vulnerability in DRAM where repeatedly activating one memory row causes bit flips in physically adjacent rows, undermining memory integrity.
Rowhammer exploits the fact that high-density DRAM cells lose charge faster than they can be refreshed when neighbouring rows are aggressively activated. By hammering a row hundreds of thousands of times per refresh cycle, an attacker can flip specific bits in adjacent rows that they have no right to write — bypassing all software permission checks. Demonstrated against page tables, JavaScript via web browsers, mobile devices and FPGAs, Rowhammer has been weaponized for privilege escalation and sandbox escape. Mitigations include error-correcting memory (ECC), Target Row Refresh (TRR), pseudo-TRR, ECC plus refresh-rate doubling, and operating-system level isolation. Newer DDR5 modules implement more aggressive on-die refresh, though research continues to find variants such as RowPress.
● Examples
- 01
Project Zero's 2015 exploit flipping bits in PTEs to gain kernel privileges.
- 02
Drammer (2016) — Rowhammer-based root exploit on Android.
● Frequently asked questions
What is Rowhammer?
A hardware vulnerability in DRAM where repeatedly activating one memory row causes bit flips in physically adjacent rows, undermining memory integrity. It belongs to the Vulnerabilities category of cybersecurity.
What does Rowhammer mean?
A hardware vulnerability in DRAM where repeatedly activating one memory row causes bit flips in physically adjacent rows, undermining memory integrity.
How do you defend against Rowhammer?
Defences for Rowhammer typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Rowhammer?
Common alternative names include: Row hammer attack.