Two research teams unveiled new Rowhammer exploits against Nvidia GPUs, showing that GPU memory can be hammered to flip bits and give an attacker full control of the host system.
GDDRHammer and GeForge extend Rowhammer into the GPU domain by manipulating GDDR memory. In tests on Ampere-era cards such as the RTX 3060 and RTX 6000, researchers achieved hundreds to thousands of bit flips, enabling read/write access to memory mappings that govern both GPU and CPU memory.
GDDRHammer uses a technique known as memory massaging to create many bit flips and can disrupt the GPU’s page tables, effectively breaking isolation between processes and facilitating host access. GeForge instead targets the GPU’s page directory to forge GPU page tables, which then unlocks access to the host memory and yields a root-level foothold on Linux systems.
The work builds on decades of Rowhammer research, which began with DDR3 DRAM and has gradually extended to GDDR memory used in high-performance GPUs. Unlike earlier GPU results, which mainly degraded neural network outputs, these attacks demonstrate practical, privilege-escalating effects.
Mitigations include enabling IOMMU in system BIOS so that the GPU is prevented from accessing restricted host memory, and turning on ECC protections. Both mitigations come with performance costs, and some Rowhammer variants can still bypass ECC. The researchers caution that cloud providers should reassess GPU memory protections as GPU-driven Rowhammer threats evolve.
For more, the researchers publish details at their project pages. The findings underscore a potential shift in GPU security, with Rowhammer threats now extending from CPUs to GPUs and back again to compromise system integrity.
