Deutsch
English
Español
Français
Nederlands
Português
What is Rowhammer? Understanding the Decade-Old Memory Vulnerability
Rowhammer is a computer security exploit that takes advantage of an unintended side effect in dynamic random-access memory (DRAM) where memory cells interact electrically between themselves by leaking charges, potentially changing the contents of nearby memory rows that weren't originally accessed. First identified in 2014, this vulnerability occurs due to high cell density in modern DRAM and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times. For over a decade, Rowhammer attacks have primarily targeted CPU memory, but in 2026, researchers have demonstrated that the same physics-based vulnerability now threatens GPU infrastructure, specifically Nvidia's high-performance graphics cards.
Breaking News: Three New GPU Rowhammer Attacks Emerge
In April 2026, security researchers unveiled three groundbreaking Rowhammer attacks targeting Nvidia GPUs that allow attackers to gain complete root control of host machines. These attacks exploit memory hardware vulnerabilities in GDDR6 memory used by Nvidia's Ampere generation GPUs, specifically affecting RTX 6000 and RTX 3060 models. The research represents a significant escalation in hardware security threats, demonstrating that vulnerabilities previously thought to primarily affect CPUs now pose serious risks to GPU systems.
GDDRHammer: Greatly Disturbing DRAM Rows
GDDRHammer (Greatly Disturbing DRAM Rows) works against the RTX 6000 from Nvidia's Ampere generation. Using novel hammering patterns and a technique called memory massaging, GDDRHammer induced an average of 129 flips per memory bank—a 64-fold increase over previous GPUHammer attacks from 2025. The attack manipulates the memory allocator to break isolation of GPU page tables, allowing attackers to acquire both read and write access to GPU memory and, ultimately, full control over host CPU memory.
GeForge: Hammering GDDR Memory to Forge GPU Page Tables
GeForge takes a similar approach but manipulates the last-level page directory rather than the page table. Researchers achieved 1,171 bitflips against the RTX 3060 and 202 bitflips against the RTX 6000. Like GDDRHammer, GeForge uses memory massaging to corrupt GPU page table mappings in GDDR6 memory, acquiring read and write access to the GPU memory space and then escalating to host CPU memory control. The proof-of-concept exploit against the RTX 3060 concludes by opening a root shell window that allows the attacker to issue commands with unfettered privileges.
GPUBreach: The IOMMU-Bypassing Attack
GPUBreach represents the most sophisticated of the three attacks, working even when IOMMU (Input-Output Memory Management Unit) memory management is enabled. Unlike the other two attacks that require IOMMU to be disabled (which is the default BIOS setting), GPUBreach exploits memory-safety bugs in Nvidia's GPU driver itself. 'By corrupting metadata within those permitted buffers, causing the driver to perform out-of-bounds writes that the attacker controls—bypassing IOMMU protection without needing it disabled,' explained the researchers. This attack will be presented at IEEE S&P 2026 and has earned a $600 bug bounty from Google.
How Do These GPU Rowhammer Attacks Work?
The attacks follow a three-stage process that mirrors traditional Rowhammer attacks but adapts them for GPU environments:
- Setup Phase: Attackers allocate memory in specific patterns to position sensitive data structures in vulnerable memory regions
- Hammering Phase: Rapid, repeated access to specific DRAM rows causes electrical interference that flips bits in adjacent memory cells
- Exploitation Phase: Corrupted GPU page tables or driver metadata provide arbitrary read/write access to system memory
What makes these attacks particularly dangerous is their ability to bypass existing CPU-side Rowhammer protections. As Andrew Kwong, co-author of the GDDRHammer paper, explained: 'What our work does that separates us from prior attacks is that we uncover that Rowhammer on GPU memory is just as severe of a security consequence as Rowhammer on the CPU and that Rowhammer mitigations on CPU memory are insufficient when they do not also consider the threat from Rowhammering GPU memory.'
Who is Vulnerable and What Are the Risks?
The primary affected devices are Nvidia's Ampere generation GPUs with GDDR6 memory, specifically the RTX 6000 and RTX 3060 models. However, researchers note that other RTX 30 Series GPUs may also be at risk. The vulnerability poses the greatest threat in cloud computing environments where expensive GPUs (typically $8,000 or more) are shared among dozens of users. A malicious user could potentially compromise an entire host machine, gaining root access to systems running sensitive workloads.
This vulnerability is particularly concerning for cloud security infrastructure that relies on hardware isolation between tenants. The attacks demonstrate that GPU memory operates in a different trust domain than CPU memory, with fewer established defenses against Rowhammer attacks. As high-performance GPUs become increasingly critical for AI workloads, scientific computing, and rendering pipelines, securing these systems becomes paramount.
Mitigation Strategies and Protection Measures
Organizations and users can implement several mitigation strategies to protect against these GPU Rowhammer attacks:
| Mitigation | Effectiveness | Performance Impact |
|---|---|---|
| Enable IOMMU in BIOS | Protects against GDDRHammer and GeForge | Minor performance overhead |
| Activate GPU ECC (Error-Correcting Code) | Partial protection against single-bit errors | Reduces available memory and performance |
| Update Nvidia Drivers | Addresses driver vulnerabilities exploited by GPUBreach | Minimal impact |
| Use Newer GPU Generations | Hopper and Blackwell architectures have built-in mitigations | Requires hardware upgrade |
It's important to note that enabling ECC on Nvidia cards can take a significant performance hit, as they do not include extra DRAM for ECC. On a 32 GB workstation GPU, the amount of usable memory is reduced to 28 GB, and if that extra memory was being used, performance tanks as the remaining 4 GB gets paged out to host CPU memory.
The Future of Hardware Security
These GPU Rowhammer attacks represent a significant shift in hardware security threats. For years, memory safety vulnerabilities have primarily affected CPUs, but this research demonstrates that GPUs are equally vulnerable to sophisticated hardware attacks. As Zhenkai Zhang, co-author of the GeForge paper, noted: 'By manipulating GPU address translation, we launch attacks that breach confidentiality and integrity across GPU contexts. More significantly, we forge system aperture mappings in corrupted GPU page tables to access host physical memory, enabling user-to-root escalation on Linux.'
The research community and industry must now develop comprehensive defenses that consider both CPU and GPU memory systems. Nvidia has incorporated mitigations in newer Hopper and Blackwell generation GPUs, but existing Ampere-based systems remain vulnerable. Organizations running critical workloads on shared GPU infrastructure should prioritize implementing the recommended mitigations and consider upgrading to newer hardware generations with built-in protections.
Frequently Asked Questions About GPU Rowhammer Attacks
What is Rowhammer and how does it work?
Rowhammer is a hardware vulnerability where repeated, rapid access to specific DRAM rows causes electrical disturbances that flip bits in adjacent memory cells, potentially changing stored data from 0 to 1 or vice versa.
Which Nvidia GPUs are vulnerable to these attacks?
The primary affected models are RTX 6000 and RTX 3060 from Nvidia's Ampere generation with GDDR6 memory. Other RTX 30 Series GPUs may also be at risk.
Can these attacks be prevented with existing security measures?
IOMMU protection works against GDDRHammer and GeForge but not GPUBreach. ECC provides partial protection but reduces performance. Newer GPU generations have built-in mitigations.
Are cloud computing environments at particular risk?
Yes, cloud environments where expensive GPUs are shared among multiple users are particularly vulnerable, as a malicious user could potentially compromise the entire host machine.
What should organizations do to protect their systems?
Enable IOMMU in BIOS settings, activate GPU ECC where possible, update to the latest Nvidia drivers, and consider upgrading to newer GPU generations with built-in Rowhammer protections.
Sources and Further Reading
Ars Technica: New Rowhammer attacks give complete control of machines running Nvidia GPUs
GPUBreach Research Project Website
Wikipedia: Rowhammer Vulnerability
Follow Discussion