Rowhammer is the name for a disturbance effect in dynamic random-access memory (DRAM): rapidly and repeatedly activating one row of memory cells can corrupt the data stored in physically adjacent rows, even though the program doing the hammering never reads or writes those neighboring rows. The effect was characterized in detail in 2014 by Yoongu Kim and colleagues in the paper “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors,” presented at the 41st International Symposium on Computer Architecture (ISCA 2014).
The underlying cause is the relentless miniaturization of DRAM. Each bit is stored as charge in a tiny capacitor, and as cells are packed closer together, activating one row’s wordline can leak charge from or otherwise disturb the capacitors in nearby rows. Normally this charge loss is harmless because the cells are refreshed periodically. But if an attacker hammers a row many thousands of times within a single refresh interval, the accumulated disturbance can push a neighboring cell across the threshold and flip its stored bit. The ISCA 2014 paper tested a large population of commodity DRAM modules and found that the great majority from the major vendors exhibited these disturbance errors.
What made Rowhammer alarming was not just that it existed but that it was deterministic enough to weaponize. The original paper framed it primarily as a reliability and correctness problem, but it explicitly noted the security implications of being able to corrupt memory an attacker is not authorized to modify. Within a year, other researchers demonstrated practical exploits: by hammering carefully chosen addresses, an unprivileged process could flip bits in page-table entries or other sensitive structures and escalate its own privileges, escaping the protections the operating system was supposed to enforce.
Rowhammer blurred a line that hardware designers had long relied on. Memory protection assumes that a program can only affect data it is permitted to address; Rowhammer showed that the physical substrate underneath that abstraction could leak across protection boundaries through nothing but a pattern of legitimate accesses. It connected the world of memory-reliability engineering, where bit flips from cosmic rays and aging had long been studied, to the world of security exploitation.
Mitigations followed at several layers, including more frequent refresh, on-die counters that track and neutralize aggressor rows, and error-correcting memory, but each generation of countermeasure has tended to be met by a new generation of hammering technique. Rowhammer remains a live area of research and a standing reminder that as devices shrink toward physical limits, reliability flaws and security vulnerabilities are increasingly the same problem.