NVIDIA Ampere GPUs Vulnerable to Rowhammer Attack Enabling Full Host System Compromise, Researchers Warn

Two independent research teams have demonstrated a new rowhammer attack against NVIDIA Ampere-generation graphics cards that allows adversaries to gain complete control over CPU memory, effectively compromising the entire host machine. The attack, detailed in separate papers, exploits GDDR bitflips—a vulnerability in graphics memory—to bypass system protections and achieve arbitrary read/write access to all CPU memory. The findings represent a significant escalation of rowhammer techniques from isolated GPU attacks to full-system compromise.

The attack specifically targets GDDR memory in modern GPUs, leveraging what researchers term "cross-component" exploitation. According to Andrew Kwong, co-author of the paper titled "GDDRHammer: Greatly Disturbing DRAM Rows—Cross-Component Rowhammer Attacks from Modern GPUs," the technique demonstrates how an attacker can induce bit flips on the GPU to access the CPU's memory space. A critical prerequisite for the attack is that IOMMU memory management must be disabled—a configuration that remains the default in most BIOS settings, significantly expanding the attack surface.

Security researchers emphasize that the technique proves rowhammer vulnerabilities, extensively documented in CPU environments, pose equally serious risks on GPU architectures. The implications extend across multiple sectors where NVIDIA Ampere chips are deployed, including data centers, cloud infrastructure, and high-performance computing environments. Both research teams presented their findings independently, suggesting the vulnerability class is both reproducible and potentially more widespread than initially recognized. Organizations utilizing affected hardware are advised to verify IOMMU settings and monitor for the characteristic memory access patterns associated with rowhammer exploitation.