Rowhammer in the Wild - Large-Scale Insights from FlippyR.AM

Explore the real-world prevalence of Rowhammer vulnerabilities through a comprehensive conference talk that presents findings from the largest-scale Rowhammer study to date. Learn about the latest developments in Rowhammer research throughout 2024, including evidence that DDR5 memory is as vulnerable as previous generations, new column-based attack vectors, browser-based Rowhammer attacks with Posthammer, and ECC bypass techniques on DDR4 memory. Discover how the automated cross-platform framework FlippyR.AM was used to collect data from 1,006 datasets across 822 unique systems with various CPUs, DRAM generations, and vendors between December 2024 and June 2025. Understand the study's key findings: while 453 datasets successfully reverse-engineered DRAM addressing functions, only 126 systems (12.5%) exhibited bit flips in fully automated attacks, revealing that weaponizable Rowhammer attacks work on fewer systems than laboratory experiments suggested but remain a practical threat vector. Examine the two primary challenges limiting Rowhammer exploitability: the need for more reliable reverse-engineering tools for DRAM addressing functions and the development of consistent Rowhammer attacks across diverse processor microarchitectures. Gain insights into how addressing these challenges could potentially double the number of vulnerable systems and make Rowhammer a more pressing real-world security threat.