Rising DRAM densities exacerbate Rowhammer vulnerability, yet prior work overlooks fine-grained spatial patterns in bit flips. Method: We systematically discover and quantify high-frequency localized adjacent-bit flips—e.g., 87% of 4-bit same-byte flips are contiguous—identifying their physical origins and demonstrating their ability to bypass hardware mitigations. Leveraging this phenomenon, we devise two novel fault-injection attacks: (1) efficient recovery of OpenSSL ECDSA private keys via correlated bit flips; and (2) silent, system-level instruction rewriting by corrupting security-critical prompt tokens in GGUF-format LLM tokenizer dictionaries. Results: Evaluated across mainstream DRAM modules, both attacks succeed without triggering existing protections. Our findings reveal that conventional memory safeguards are ineffective against physically grounded, spatially targeted Rowhammer exploits—highlighting a critical, previously underestimated coupling between DRAM physics and upper-layer security guarantees.

The increasing density of modern DRAM has heightened its vulnerability to Rowhammer attacks, which induce bit flips by repeatedly accessing specific memory rows. This paper presents an analysis of bit flip patterns generated by advanced Rowhammer techniques that bypass existing hardware defenses. First, we investigate the phenomenon of adjacent bit flips--where two or more physically neighboring bits are corrupted simultaneously--and demonstrate they occur with significantly higher frequency than previously documented. We also show that if multiple bits flip within a byte, they are more likely to be adjacent than randomly distributed: for example, if 4 bits flip within a byte, there is an 87% chance that they are all adjacent. We also demonstrate that bit flips within a row will naturally cluster together likely due to the underlying physics of the attack. We then investigate two fault injection attacks enabled by multiple adjacent or nearby bit flips. First, we show how these correlated flips enable efficient cryptographic signature correction attacks, successfully recovering ECDSA private keys from OpenSSL implementations where single-bit approaches would be unfeasible. Second, we introduce a targeted attack against large language models by exploiting Rowhammer-induced corruptions in tokenizer dictionaries of GGUF model files. This attack effectively rewrites safety instructions in system prompts by swapping safety-critical tokens with benign alternatives, circumventing model guardrails while maintaining normal functionality in other contexts. Our experimental results across multiple DRAM configurations reveal that current memory protection schemes are inadequate against these sophisticated attack vectors, which can achieve their objectives with precise, minimal modifications rather than random corruption.