New Rowhammer attacks give complete control of machines running Nvidia GPUs

Read the full articleNew Rowhammer attacks give complete control of machines running Nvidia GPUs on Ars Technica

↗

What Happened

GDDRHammer, GeForge and GPUBreach hammer GPU memory in ways that hijack the CPU.

Our Take

Honestly? Cool attack, overstated threat. GDDRHammer lets you hijack a CPU through GPU memory (neat trick), but you need code execution on the GPU first. Most cloud setups already isolate this.

The real world? Data centers have compartmentalization. Your laptop's GPU? If you've got code running on it, you've already lost. This matters for edge cases — shared GPU slices, research clusters with mixed workloads.

Nvidia can't hardware-patch their way out (DRAM's fundamental). The defense is isolation and don't run untrusted code on shared GPUs. Industry already knows this.

What To Do

Audit your GPU isolation if you're running multi-tenant workloads; otherwise move on.

Builder's Brief

Who

teams running multi-tenant GPU inference or training on shared cloud infrastructure

What changes

GPU memory isolation assumptions in security models need revisiting; cloud providers may restrict certain memory access patterns

When

months

Watch for

NVIDIA driver patch release or cloud provider security advisories referencing GDDRHammer

What Skeptics Say

Real-world exploitation requires attacker proximity or co-tenancy in shared GPU environments — conditions most cloud providers already mitigate via isolation. The threat is real but the 'complete control' framing overstates practical exploitability.

1 comment

Tariq Osei-Bonsu

complete control via GDDR memory hammering. every cloud provider running H100s should be sweating right now

Cited By

Ars Technica New Rowhammer attacks give complete control of machines running Nvidia GPUs