NVIDIA Responds to Demo of First Rowhammer Attack on GPUs

Academic researchers introduced GPUHammer, a new attack method that brings Rowhammer-style memory exploits to graphics processing units (GPUs), successfully demonstrating it on NVIDIA’s RTX A6000 graphics card. The exploit targets memory vulnerabilities in DRAM and is the first known instance of a Rowhammer attack affecting GPU memory.

Last week, a research team from the University of Toronto publicly demonstrated the attack, confirming that “GPUHammer is the first Rowhammer attack on GPU’s,” according to their peer-reviewed study. These types of attacks exploit physical weaknesses in DRAM chip modules where data is stored and enable hackers to alter or corrupt data stored in memory.

In response to the demonstration targeting NVIDIA GPUs, NVIDIA recommended mitigation strategies for customers of its NVIDIA RTX A6000 GPU line. The GPU used in the attack demo, the NVIDIA A6000 GPU with GDDR6 Memory, is known for its high-performance computing capabilities.

A new era in Rowhammer-style attacks

Historically, Rowhammer-style attacks have focused on CPU memory, but the implications of GPU-based memory corruption are severe, particularly in AI and shared cloud environments.

Rowhammer exploits the physical structure of DRAM by repeatedly activating a single row to cause charge leakage, leading to bit flips in adjacent memory rows, the researchers explained. GPUHammer applies this principle to graphics memory, compromising the integrity of critical workloads processed on the GPU.

The attack’s success suggests that DRAM vulnerabilities once limited to CPUs may now pose risks to GPU-based systems, which are often used in multi-tenant environments and cloud-based AI training pipelines.

While years of defense research have focused on CPU attacks, GPU vulnerabilities have been viewed as less of a threat; however, the attacks on exposed memory integrity could now enable malicious actors to interfere with other users’ GPU data.

NVIDIA responds to GPUHammer demo

In response to the findings, NVIDIA issued a customer advisory recommending the activation of Error Correction Codes (ECC) at the system level as a precaution. NVIDIA stated: “Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings.”

To enable ECC, NVIDIA advises users to run the command “nvidia-smi -e 1.” ECC status can be verified with “nvidia-smi -q | grep ECC.” These steps are intended to help prevent flip attacks, although the researchers found that GPUHammer was able to bypass some existing mitigations such as target row refresh.

A threat to AI integrity

While GPUHammer operates at the hardware level, its effects on AI systems could be far-reaching. The researchers showed that a single-bit flip was enough to reduce the accuracy of a deep neural network model from 80% to 0.1%.

The attack on GPU-level faults can have strong effects on the integrity of AI models, as models have become highly reliant on GPUs to perform parallel processing and execute other computationally demanding tasks.

Malicious users in shared GPU environments, such as cloud ML platforms, could use GPUHammer to silently interfere with neighboring workloads. These types of attacks can corrupt AI model parameters or degrade interference accuracy without requiring direct access to the victim’s code or data.

Furthermore, the severe threats posed toward low-level memory corruption has serious implications for autonomous systems, edge AI, and other areas where silent failures may go undetected.

How to mitigate risks like GPUHammer

The researchers urge organizations to reassess their hardware security postures and incorporate GPU memory integrity checks into their existing adult frameworks. Given the growing reliance on GPUs for AI workloads, ensuring memory isolation and hardening physical memory protections will be key in preventing future Rowhammer-style exploits.

Missed what NVIDIA CEO Jensen Huang said this week at the Beijing Expo about China’s AI trajectory? Read our coverage of Huang’s take on China’s AI momentum and geopolitical implications.

Keep your entertainment at your fingertips with the Amazon Fire TV Stick 4K! Enjoy streaming in 4K Ultra HD with access to top services like Netflix, Prime Video, Disney+, and more. With an easy-to-use interface and voice remote, it’s the ultimate streaming device, now at only $21.99 — that’s 56% off!

With a 4.7/5-star rating from 43,582 reviews and 10K+ bought in the past month, it’s a top choice for home entertainment! Buy Now for $21.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!