ECC.fail:

DDR memory is a type of memory widely used in consumer computers, workstations, servers, and other electronic devices. It is usually controlled by processors, or CPUs, to temporarily store data for later retrieval. DDR memory is essential for computers and servers to run. Below is an example picture of DDR4 memory used in servers: The picture below is an example of a server motherboard, there are several memory slots close to the processor where memory is installed.

In 2014, researchers first documented a reliability issue in DDR3 memory called "Rowhammer", where fast accessing to a particular memory location, a process named "hammering", would cause data corruption, or bit flips (0 changed to 1, or 1 to 0), on nearby memory locations. If Rowhammer bit flips are exploited maliciously, it can lead to security breaches including gaining root privilege, unauthorized reads or writes to memory, and breaking cryptographic primitives, in both native and browser environments.
Realizing the danger, DRAM vendors have introduced in-DRAM protection against Rowhammer attacks in newer DDR4 memory. However, researchers have proven that these mitigations can also be bypassed on personal computers used by end users. Our work finishes the puzzle, showing that server machines using DDR4 memory are also vulnerable to Rowhammer, despite using additional protections built by CPU and memory vendors.

ECC.fail is the first Rowhammer attack on DDR4 servers. Unlike their PC counterparts, servers have extra protections against memory data corruptions (e.g., Rowhammer or cosmic ray bit flips), in the form of error correcting codes. These can detect bit flips in memory, and even potentially correct them. ECC.fail bypasses these protections by carefully inducing Rowhammer bit flips at certain memory locations, based on our reverse-engineering of the ECC used in Intel servers. Thus, our work enables Rowhammer attacks on DDR4 servers for the first time, demonstrating how attackers can use Rowhammer-induced bitflips to break common security mechanisms such as RSA signatures.

In our setup, it takes 2.5 hours on average to get Rowhammer bit flips and about 10 hours on average to launch the RSA public key attack.

No. ECC.fail (like all Rowhammer attacks) can be exploited purely from software, without the need for physical access. While we did use physical access to our own servers during the development of ECC.fail, such access is not required for launching our attack.

Currently, our work only focuses on Intel server processors. Mounting Rowhammer attacks on AMD and ARM servers is ongoing work.

Likewise, our work focuses on SK Hynix memory modules. We leave testing Rowhammer susceptibility of other vendors' ECC memory as future work.

So far, we do not have any evidence that ECC.fail has been used in the wild.

We disclosed ECC.fail to Intel on Jan 24, 2025.

Compared to their PC counterparts, servers use ECC memory which offers error correction capabilities in case of bit flips. As such, it was believed that these protections would suffice to prevent Rowhammer and the resulting security exploits. However, our work has shown that with careful hammering it is possible to bypass these protections, allowing us to launch Rowhammer attacks against DDR4 servers with default configuration and without inducing crashes.

In order to store those extra checkbits for ECC functionality, ECC memory modules have extra memory chips compared to memory modules in personal computers.

Example picture of a server memory module:

Example picture of a PC memory module:

On servers, an Error Correcting Code, or ECC, is a functionality for improving reliability of server memory against random data corruptions. This is achieved by the CPU adding redundant bits, called checkbits, to the data stored in memory. The checkbits are calculated by server processors when writing cache line data to memory and can be used to detect and correct data corruptions happened in the memory module or during transmission.

Error correcting codes (ECC) are designed to address memory errors caused by many factors ranging from cosmic rays to disturbance errors. In the case of Rowhammer bit flips, ECC is able to correct single bit flips, and detect two or more random bit flips. However, as our work shows, even ECC has its limits. More specifically, carefully placed bit flips at certain memory locations are able to bypass the ECC, resulting in no ECC errors or ECC "miscorrections" of data. In both cases this results in Rowhammer-induced bit flips, allowing us to mount exploits against the machine's security primitives.

Server CPUs calculate ECC checkbits using an encoding matrix. Recovering the ECC implementation is essentially recovering the ECC encoding matrix. To recover the matrix, we need to know the corresponding checkbits of given cache line data. We use the logic analyzer to capture checkbits of cache line data written by our program to recover the matrix.

Because TRR is built inside DRAM chips, we use an FPGA (Field-Programmable Gate Array) to control commands sent to memory so that we can analyze characteristics of Hynix TRR.
Below is a picture of our FPGA setup with ECC memory installed: We find that TRR on the Hynix DIMMs we tested detects possible Rowhammer attacks by randomly sampling rows being accessed. However, we discovered that the sampler built in the memory does not sample uniformly, which enables us to craft Rowhammer patterns that can prevent our attack accesses from being sampled.

We currently tested a small number of Intel servers and SK Hynix memory modules. See our paper for details. However, now that we have demonstrated that Rowhammer attacks on servers is possible, we expect that others will improve our work to larger categories of server hardware.

If error reporting is properly configured on your server and a Rowhammer attack is taking place, we expect to see a large number of correctable and (un)correctable memory errors. While this might indicate potential memory failure, it can also be used as a crude method for detecting Rowhammer.

Contact your hardware vendors for CPU and memory and inquire about their Rowhammer protections. While completely mitigating Rowhammer is an open research problem, some memory modules are weaker than others making hammering them easier. In addition, we recommand configuring your system to properly report and log memory errors. Having a large amount of such errors in your infrastructure could indicate memory failure, as well as the possibility of Rowhammer attacks.

Yes, with rights waived via CC0. You can right-click each logo, which should list an option to save the image as a file.

Yes, with rights waived via CC0.
Here are the pictures without text labels:

The 'Read the Paper' button at the top of this website links to the academic paper for ECC.fail. ECC.fail will appear at the 2025 USENIX Security Symposium.

We publish the artifacts supporting our work, listed as follows:

• Source code, instructions, scripts, and/or files for TRR profiling and testing Rowhammer patterns using an FPGA memory controller, testing Rowhammer on a test platform and the tool that parses and modifies a UEFI image file.
• Source code and instructions for testing Intel's ECC implementation, data correction capabilities, and data scrambling, and the ECC generator matrix and parity check matrix for Intel's Skylake and Cascade Lake platforms
• Source code, instructions, and testing scripts for DDR4 Rowhammer with ECC and data scrambling enabled and for RSA

You can find artifacts for ECC.fail at https://doi.org/10.5281/zenodo.15579424.