CVE-2025-6202 - Vulnerability Details - OpenCVE

Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00016.

Exploitation poc

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://comsec.ethz.ch/phoenix
https://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html

History

Mon, 15 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
References		https://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html

Mon, 15 Sep 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-404
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 15 Sep 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.
Title		Phoenix: Rowhammer attack on Hynix DDR5 devices
References		https://comsec.ethz.ch/phoenix
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2025-09-15T15:06:22.635Z

Updated: 2025-09-15T18:04:47.567Z

Reserved: 2025-06-17T13:04:58.615Z

Link: CVE-2025-6202

Vulnrichment

Updated: 2025-09-15T15:54:54.297Z

NVD

Status : Awaiting Analysis

Published: 2025-09-15T15:15:55.077

Modified: 2025-09-15T18:15:39.903

Link: CVE-2025-6202

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6202", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2025-06-17T13:04:58.615Z", "datePublished": "2025-09-15T15:06:22.635Z", "dateUpdated": "2025-09-15T18:04:47.567Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["x86"], "product": "DDR5", "vendor": "SK Hynix", "versions": [{"status": "affected", "version": "DIMMs produced from 2021-1 until 2024-12"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12."}], "value": "Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security.\u00a0This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12."}], "impacts": [{"capecId": "CAPEC-440", "descriptions": [{"lang": "en", "value": "CAPEC-440 Hardware Integrity Attack"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2025-09-15T18:04:47.567Z"}, "references": [{"url": "https://comsec.ethz.ch/phoenix"}, {"url": "https://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Phoenix: Rowhammer attack on Hynix DDR5 devices", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Improper Resource Shutdown or Release"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-15T15:28:27.724253Z", "id": "CVE-2025-6202", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T15:55:02.766Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6202", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-15T15:28:27.724253Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T15:54:54.297Z"}}], "cna": {"title": "Phoenix: Rowhammer attack on Hynix DDR5 devices", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-440", "descriptions": [{"lang": "en", "value": "CAPEC-440 Hardware Integrity Attack"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SK Hynix", "product": "DDR5", "versions": [{"status": "affected", "version": "DIMMs produced from 2021-1 until 2024-12"}], "platforms": ["x86"], "defaultStatus": "unaffected"}], "references": [{"url": "https://comsec.ethz.ch/phoenix"}, {"url": "https://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security.\u00a0This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.", "base64": false}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2025-09-15T18:04:47.567Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6202", "state": "PUBLISHED", "dateUpdated": "2025-09-15T18:04:47.567Z", "dateReserved": "2025-06-17T13:04:58.615Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2025-09-15T15:06:22.635Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security.\u00a0This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12."}], "id": "CVE-2025-6202", "lastModified": "2025-09-15T18:15:39.903", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2025-09-15T15:15:55.077", "references": [{"source": "vulnerability@ncsc.ch", "url": "https://comsec.ethz.ch/phoenix"}, {"source": "vulnerability@ncsc.ch", "url": "https://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}