University of Toronto researchers have demonstrated 'GPUHammer,' a practical Rowhammer attack against NVIDIA GPUs, specifically degrading machine learning model accuracy from 80% to 0.1% with a single bit flip on an NVIDIA A6000. This marks the first successful Rowhammer attack on GPUs, previously confined to CPUs. While NVIDIA confirmed the vulnerability and recommends System-level ECC as a mitigation, researchers note this can reduce performance and memory capacity, presenting a critical new cybersecurity and operational risk for GPU-dependent AI/ML infrastructure, with the proof-of-concept extensible to other Nvidia Ampere GPUs.
A novel cybersecurity vulnerability, named GPUHammer, has been demonstrated by researchers, extending the well-known Rowhammer attack from CPUs to GPUs for the first time. The attack was proven practical against an Nvidia (NVDA) A6000 GPU, where a single induced bit flip in the GDDR6 memory caused a deep neural network's accuracy to collapse from 80% to 0.1%. This presents a significant operational risk for the integrity of AI and machine learning models, a core growth driver for Nvidia. While Nvidia has acknowledged the findings and advised customers to enable System-level ECC (error-correcting code) as a mitigation, this solution introduces a material trade-off, as researchers note it can reduce both performance and available memory capacity. The vulnerability is believed to be extensible to other GPUs based on Nvidia's Ampere architecture, suggesting a broader product-line risk that is difficult to quantify fully due to the high cost of testing on hardware with soldered DRAM.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.60
Ticker Sentiment
