{"id":14446,"date":"2025-07-16T01:12:46","date_gmt":"2025-07-16T01:12:46","guid":{"rendered":"https:\/\/newestek.com\/?p=14446"},"modified":"2025-07-16T01:12:46","modified_gmt":"2025-07-16T01:12:46","slug":"alert-nvidia-gpus-are-vulnerable-to-rowhammer-attacks","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14446","title":{"rendered":"Alert: Nvidia GPUs are vulnerable to Rowhammer attacks"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Nvidia has issued a security reminder to application developers, computer manufacturers, and IT leaders that modern memory chips in graphic processors are potentially susceptible to so-called Rowhammer exploits after Canadian university researchers proved that an Nvidia A6000 GPU could be successfully compromised with a similar attack.<\/p>\n

A Rowhammer attack is a\u00a0software-based fault-injection attack that allows the attacker to infer information about certain victim secrets stored in memory cells and to alter values in memory. Vulnerable memory, Nvidia said in its warning, doesn\u2019t have system level ECC (error correction code) enabled.<\/p>\n

\u201cFor enterprise customer environments that require enhanced levels of assurance and integrity, Nvidia recommends using professional and data center products (instead of consumer-grade graphics hardware) and ensuring that ECC is enabled to prevent Rowhammer-style attacks\u201d the caution said<\/a>. ECC is enabled by default on the company\u2019s Hopper and Blackwell data center class of GPUs.<\/p>\n

Single versus multi-tenant GPU tenancy should also be considered when assessing the risk, Nvidia adds, noting that simultaneous access to the GPU is required to execute a Rowhammer attack between tenants.<\/p>\n

\u201cThis is not easily exploitable, and will likely only be exploited in very specific targeted attacks,\u201d said Johannes Ullrich<\/a>, dean of research at the SANS Institute. \u201cSo you have time, and should focus on shared systems that run code provided by untrusted entities. For the most part, this will affect cloud systems, and mitigation will be up to the cloud provider.\u201d<\/p>\n

Rowhammer is a vulnerability in DDR (double data rate) memory architecture, he noted. \u201cAny system using modern DDR memory is potentially vulnerable to Rowhammer.\u201d<\/p>\n

An attacker exploiting GPUhammer will quickly flip bits to which they have access to in order to affect other memory bits to which they do not have access, Ullrich explained. Nvidia recommends enabling ECC error correction, which will detect and possibly prevent these unauthorized changes to memory content. ECC isn\u2019t perfect, he said, but if enabled will likely make the exploit less practical.<\/p>\n

The attack also requires the attacker to execute specific code, he pointed out. This is more of a threat to systems that are shared between users and allow different users to affect each other\u2019s data than single user systems, he said.<\/p>\n

The researchers\u2019 paper states that some of the abstractions of graphics cards make it a bit more difficult to access memory to trigger the Rowhammer exploit, he added. Unlike DDR memory connected to normal CPU buses, GPUs have a more controlled access to memory. \u201cBut in the end,\u201d he said, \u201call Rowhammer needs is to quickly flip specific bits on and off, which is still possible for GPUs. It just takes more work to figure out which bits to flip, which is the main contribution of the paper.\u201d<\/p>\n

A Rowhammer attack on Intel and AMD CPUs with DDR and LPDDR memories enables an attacker to induce bit-flips in memory cells by rapidly accessing neighboring rows of memory. In theory, GPUs should be harder to exploit because they have proprietary mapping of physical memory to GDDR banks and rows, and have high memory latency, faster refresh rates, and DDR memory that hinders effective hammering.<\/p>\n

The security researchers created a technique called GPUhammer by reverse-engineering GDDR DRAM row mappings that use GPU-specific memory access optimizations to amplify hammering intensity and bypass mitigations.<\/p>\n

\u201cThe implications are pretty serious,\u201d Gururaj Saileshwar<\/a>, a member of the University of Toronto\u2019s computer science faculty and co-author of the research paper<\/a>, said in an interview. Not only can data be poisoned, an attack on GPUs could interfere with AI data models, he explained.<\/p>\n

While the attack was demonstrated on Nvidia GPUs with GDDR6 DRAM, it could work on any GPU, he said.<\/p>\n

Saileshwar, who focuses on researching hardware vulnerabilities, and his team had been working on an attack since last summer.<\/p>\n

IT pros have known about the possibility of Rowhammer attacks<\/a> on CPUs since 2015. In 2018, the vulnerabilities were given names<\/a>: Spectre and Meltdown. By 2020, IT pros were being warned to expect a major Rowhammer exploit<\/a> to be released within a year. The paper has shown that GPUs are also at risk.<\/p>\n

Asked about the research, an Nvidia spokesperson said, \u201cNVIDIA recommends users follow security best practices by following existing DRAM mitigations to prevent or lessen the likelihood of a Rowhammer attack.\u201d\u00a0\u00a0<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Nvidia has issued a security reminder to application developers, computer manufacturers, and IT leaders that modern memory chips in graphic processors are potentially susceptible to so-called Rowhammer exploits after Canadian university researchers proved that an Nvidia A6000 GPU could be successfully compromised with a similar attack. A Rowhammer attack is a\u00a0software-based fault-injection attack that allows the attacker to infer information about certain victim secrets stored… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14446","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14446"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14446\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}