Nvidia GPU Rowhammer Attacks: Malicious Users Can Seize Full Root Control of Shared Cloud Hosts

Two new attacks demonstrate a critical escalation in hardware-level threats, showing how a malicious user can gain complete root control of a host machine by performing novel Rowhammer attacks on high-performance Nvidia GPU cards. This is particularly dangerous given the economics of cloud computing, where these expensive GPUs—often costing $8,000 or more—are routinely shared among dozens of users. The attacks exploit a fundamental hardware vulnerability: the increasing susceptibility of memory to bit flips, where 0s switch to 1s and vice versa due to electrical interference.

The core technique, known as Rowhammer, involves rapidly and repeatedly accessing specific rows of DRAM memory to induce these bit flips. While first demonstrated on CPUs in 2014 and weaponized for privilege escalation a year later, these new attacks mark a significant migration of the threat model from the CPU to the GPU. By targeting the memory on Nvidia's high-performance GPUs, attackers can potentially bypass security sandboxes and escalate from an unprivileged user to a privileged root account on the shared host system.

This development signals a new pressure point for cloud security and hardware integrity. It moves the attack surface from a system's central processor to its specialized, high-value accelerators, which are often pooled in multi-tenant environments. The research underscores a persistent, decade-long hardware vulnerability that manufacturers have struggled to fully mitigate, now resurfacing in a new, critical context. It raises immediate questions about the security isolation of GPU resources in shared infrastructure and could prompt renewed scrutiny of memory protection mechanisms across the entire hardware stack.