It's an interesting idea and nicely carried out, but in the real world I doubt this is of much concern. For the attack to be successful, all of the following must hold
1. memory susceptible to rowhammer attack (in itself not trivial - only few and given memory locations can be flipped)
2. VM manager merges physically identical pages of unrelated VMs (i.e., the identical memory pages of different VMs point to the same physical page)
3. attacker VM must know the contents of the page in the victim VM
4. attacker must register a page with the to-be-attacked contents before the victim VM does so that it can somewhat control its physical location and use rowhammer on it
Especially #3 is not easy. In the paper, the authors assume they know all SSH authorized keys of the victim page which seems a bit far-fetched. Pages holding OS contents are easier to guess; I think an attack on those is more probable.
Also, the fix is trivial. Don't buy cheap RAM that can be attacked with rowhammer for your data centers.