## Epistemology of Rowhammer Attacks:

Threats to Rowhammer Research Validity

Martin Heckel<sup>1,2</sup>, Hannes Weissteiner<sup>1</sup>, Florian Adamsky<sup>2</sup>, and Daniel Gruss<sup>1</sup>



September 22, 2025

- <sup>1</sup> Graz University of Technology
- <sup>2</sup> Hof University of Applied Sciences





## Outline

Background

Methodology

Threats to Rowhammer Research Validity

Background

#### DRAM - Cells

- · A single cell consists of:
  - · Capacitor storing the data in form of electric charge
  - Transistor controlling the access to the capacitor
- Reading procedure: Enable the control pin and read the voltage at the access pin
- Writing procedure: Apply the level that should be written to the access pin and enable the control pin



### DRAM - Array

- · Multiple cells are organized in an array
- Control pins of the cells connected in rows (only entire rows can be enabled)
- Access pins of the cells conneted in columns (entire rows are accessed at once)
- Capacitors loose chage over time, so it is required to refresh the cells periodically (64 ms by default)



System DRAM



Channel



#### DIMM













#### Structure within a DRAM bank



## DRAM addressing

- · Data is stored in physical memory:
  - · Channel
  - · DIMM
  - Rank
  - · Bank
  - Row
  - · Column
- The Memory Controller translates physical addresses to memory locations



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```





```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
mp hammer
```

| Page 0 | Χ | Page 1 |   |  |
|--------|---|--------|---|--|
| Page 2 |   | Page 3 |   |  |
| Page 4 |   | Page 5 | Υ |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |

```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```

| Page 0 | X | Page 1 |   |  |
|--------|---|--------|---|--|
| Page 2 |   | Page 3 |   |  |
| Page 4 |   | Page 5 | Υ |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |

```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
imp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
imp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
imp hammer
```



```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
mpp hammer
```

| Page 0 | Χ | Page 1 |   |  |
|--------|---|--------|---|--|
| Page 2 |   | Page 3 |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
| Page 4 |   | Page 5 | Υ |  |

```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
imp hammer
```



#### Rowhammer

```
hammer:
mov eax, X
mov ebx, Y
clflush X
clflush Y
jmp hammer
```

| Page 0 | X | Page 1 |   |  |
|--------|---|--------|---|--|
| Page 2 |   | Page 3 |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
|        |   |        |   |  |
| Page 4 |   | Page 5 | Υ |  |

Source code from Kim et al. [1]

#### Rowhammer



Figure 1: Examples of rowhammer patterns

#### Rowhammer: Academia vs Real-World Exploitation

- · Academia:
  - The vast majority of systems is susceptible to Rowhammer
  - Exploitation of affected systems works in many cases
  - · Exploitation works on multiple different platforms (x86, ARM, etc.)
  - Increasing number of papers related to Rowhammer
- However, no known case of Rowhammer being used in real-world attacks to the best of our knowledge

# Methodology

#### Methodology

- Google Scholar search for the word *Rowhammer*: 2509 publications
- Publications with  $\geq$  5 mentions of the word *Rowhammer*: 463 publications
- Peer-reviewed papers that perform Rowhammer attacks: 55 publications
- Papers at A or A\* conferences: 22 publications
- Added other relevant papers: 32 publications with 48 experimental evaluations

Threats to Rowhammer Research

Validity

## ${\mathcal T}$ 1 Sample Sizes Too Small

- · Multiple potential causes for bit flips:
  - **Bad memory cells**
  - 8<sup>†</sup> Temperature fluctuations
  - → Cosmic rays
  - Voltage fluctuations
  - · 🕍 Manufacturing variations

#### $\mathcal{T}$ 1 Sample Sizes Too Small



#### $\mathcal{T}$ 1 Sample Sizes Too Small

**R1**: DIMMs used in empirical research must be tested for other problems, e.g., using Memtest86 (except for integrated Rowhammer tests), to ensure that no other (non-Rowhammer) problems are present.

 $\mathcal{R}2$ : Increase the sample size to  $\geq$  30 DIMMs total, spread across 3 major vendors, each with at least 2 different capacities.

**R3**: Do more reproduction studies of published work to gain more insights regarding the prevalence. More venues should accept reproduction studies.

#### $\mathcal{T}$ 2 Dependence on Elevated Attacker Privileges

- · Seaborn [2] demonstrated two exploits based on Rowhammer in 2015
- · Following, virtual-to-physical address mapping was made privileged
- Newer attacks use other concepts like uncached memory, Transparent Hugepages (THPs), or 1GB Hugepages
- Many prequisites of exploits have been mitigated as a reaction to the publication of these techniques
- Elevated attacker privileges make the attack more difficult to reproduce and may decrese trust in empirical results

#### T2 Dependence on Elevated Attacker Privileges

**R4**: Attacks should only be classified as such when assessed under realistic attack scenarios, and there should be a more apparent distinction between actual attacks and potential (theoretical) attacks.

#### $\mathcal{T}$ 3 Uncertain Practical Applicability

- · Some experiments are performed on:
  - Specialized hardware
  - Commodity hardware with extreme parameters
  - · Rowhammer simulators
- While essential for understanding the Rowhammer effect, these results cannot be directly applied to real-world attacks
- R4 applies again

# $\mathcal{T}$ 3 Uncertain Practical Applicability



#### $\mathcal{T}$ 4 Comparability across Publications

- The position and number of bit flips depends on environmental parameters and the system and DIMMs that are evaluated
- · In some publications, the experimental setup is not described sufficiently
- Even DIMMs that are the same model are affected differently by Rowhammer
- Hard to compare novel and existing attacks

#### $\mathcal{T}$ 5 Unspecified Age and Wear of Hardware

- · Aging affects the reliability of DRAM
- · Bit flips induced by Rowhammer can "burn in"
- The implementation of on-DIMM mitigations like TRR strongly depends on the vendor and model of the DIMM
- In many publications, these information are not submitted, which increases the difficulty of reproducing results

#### $\mathcal{T}$ 5 Unspecified Age and Wear of Hardware

· Aging affects the reliability of DRAM



#### $\mathcal{T}$ 5 Unspecified Age and Wear of Hardware



#### ${\cal T}$ 5 Unspecified Age and Wear of Hardware

**R5**: Authors should publish the manufacturing date of the DIMMs used in experimental evaluation.

 $\mathcal{R}6$ : Authors should submit information about the DIMMs' wear in experimental evaluation.

#### $\mathcal{T}$ 6 Suboptimal Metrics for Comparison

- There are different metrics for the suscepbitility of systems:
  - · Absolute number of bit flips in a given time or memory area
  - · Minimal number of aggressor activations until the first bit flip
  - Percentage of times a bit flipped at a tested location
  - · Time until the first (exploitable) bit flip is observed
- Different metrics are hard to compare
- · Some metrics strongly depend on definitions, e.g., of exploitable

## ${\cal T}$ 6 Suboptimal Metrics for Comparison

 $\mathcal{R}$ 7: Authors should use multiple metrics for bit flips to allow for better comparisons to other works.

#### Conclusion

- There is a significant discrepance between Rowhammer Results in academia and real-world exploitation
- We analyzed 32 publications with 48 experimental evaluations
- · We identified 6 threats to Rowhammer Research Validity
- · We identified 7 recommendations future research should follow

# Epistemology of Rowhammer Attacks:

Threats to Rowhammer Research Validity

Martin Heckel September 22, 2025

- <sup>1</sup> Graz University of Technology
- <sup>2</sup> Hof University of Applied Sciences





