Rowhammer Attack Against NVIDIA Chips

Rowhammer attacks have long haunted CPU designers, but the recent publications from two independent teams extend the threat to modern graphics processors. By hammering specific rows in GDDR6 memory, the researchers were able to induce controlled bit flips that corrupt the GPU’s last‑level page tables or directories. This manipulation grants the attacker direct read/write primitives on the host’s main memory, effectively bypassing traditional isolation mechanisms. The initial proofs of concept required the IOMMU—a hardware guard against rogue DMA—to be disabled, a setting many BIOS configurations still use by default.

The technical depth of the attacks is striking. GDDRHammer reported over a thousand bit flips on an RTX 3060 and more than two hundred on an RTX 6000, while GeForge demonstrated similar success by targeting the page directory instead of the page table. Both exploits culminate in a root shell on the host machine, proving that a compromised GPU can become a conduit for full system takeover. For cloud providers, AI research labs, and enterprises that lease GPU‑accelerated instances, the risk translates into potential data exfiltration, ransomware deployment, or sabotage of critical workloads.

Mitigation will likely involve a combination of firmware updates, stricter IOMMU enforcement, and memory‑controller hardening. NVIDIA has hinted at forthcoming microcode patches, and motherboard vendors are urged to ship BIOS defaults with IOMMU enabled. In the meantime, organizations should audit GPU configurations, isolate high‑value workloads, and monitor for anomalous memory‑access patterns. As GPUs become integral to edge computing and autonomous systems, the industry must treat rowhammer as a cross‑component vulnerability rather than a CPU‑only curiosity.