New Rowhammer Attacks Achieve Full System Compromise via Nvidia GPUs
Two independent research teams have demonstrated novel Rowhammer attacks against Nvidia GPUs that can grant attackers full root control of host machines.
Two independent research teams have demonstrated novel Rowhammer attacks against Nvidia GPUs that can grant attackers full root control of host machines.
The Attacks: GDDRHammer and GeForge
Both attacks target GDDR DRAM on Nvidia's Ampere-generation GPU cards. Unlike last year's proof-of-concept that achieved only 8 bitflips, these new techniques leverage GPU memory bit flips to gain arbitrary read/write access to all CPU memory, resulting in complete system compromise.
Critical Condition: IOMMU Must Be Disabled
The attacks require IOMMU to be disabled — which is the default BIOS setting on most systems. With GPUs costing $8,000+ frequently shared among users in cloud environments, this represents a serious security risk.
Rowhammer's Evolution
- 2014: Initial DDR3 bit flip demonstration
- 2015: Targeted attacks for privilege escalation
- 2025: First GPU Rowhammer proof-of-concept
- 2026: Full system compromise via GPU Rowhammer
Recommendations
- Enable IOMMU in BIOS/UEFI settings immediately
- Monitor for unusual GPU memory access patterns
- Cloud providers should consider isolating GPU tenants at the hardware level
← Previous: Google Releases Gemma 4: Open Models Ranging from 2B to 31B ParametersNext: Switzerland Launches 'CERN of Semiconductor Research' Initiative →
0