Critical Rowhammer Exploits Target NVIDIA GPUs, Enable Full System Takeover

Breaking: New GPU Rowhammer Attacks Compromise Host CPUs

Two independent research teams have unveiled a new class of Rowhammer attacks targeting NVIDIA’s Ampere-generation GPUs that give adversaries complete control over the host machine’s CPU and memory. The attacks—dubbed GDDRHammer and GeForge—exploit bit flips in GDDR6 memory to bypass security boundaries and achieve full system compromise.

“Our work shows that Rowhammer, which is well-studied on CPUs, is a serious threat on GPUs as well,” said Andrew Kwong, co-author of the GDDRHammer paper. “With our work, we show how an attacker can induce bit flips on the GPU to gain arbitrary read/write access to all of the CPU’s memory, resulting in complete compromise of the machine.”

Both exploits were demonstrated this week on cards like the NVIDIA RTX 3060 and RTX A6000 from the company’s Ampere lineup. The attacks require that the Input-Output Memory Management Unit (IOMMU) be disabled, which is the default in most BIOS settings.

Background: How the Exploits Work

Rowhammer is a hardware vulnerability that causes rapid reads and writes to specific memory rows, resulting in bit flips in adjacent rows. While previously seen on CPUs, these new attacks prove GPUs are equally vulnerable.

GDDRHammer manipulates the last-level page table to gain read/write access to CPU memory. GeForge takes a similar approach but corrupts the last-level page directory, achieving the same end. GeForge induced 1,171 bit flips on the RTX 3060 and 202 on the RTX A6000, enough to escalate privileges to a root shell.

On Friday, a third team presented an attack on the RTX A6000 that works even with IOMMU enabled, raising the stakes significantly. That exploit also achieves privilege escalation to a root shell, proving that current defenses are insufficient.

What This Means

These attacks demonstrate that GPUs are no longer safe from Rowhammer threats and can be weaponized to compromise the entire host system. Because IOMMU is typically disabled by default, millions of systems with NVIDIA Ampere GPUs are potentially at risk.

Enterprise cloud environments and gaming PCs that rely on GPU acceleration are particularly exposed. The ability to gain root access from GPU memory can lead to data theft, ransomware deployment, and complete system takeover. Researchers urge immediate review of IOMMU settings and mitigation techniques such as error-correcting code (ECC) memory or stricter memory partitioning.

“This is a wake-up call for the industry,” said a cybersecurity expert speaking on condition of anonymity. “We need to rethink hardware isolation between GPUs and CPUs. A GPU should not be a backdoor to the entire machine.”

Immediate Actions for Users

• Enable IOMMU in BIOS if it is currently disabled. This reduces attack surface, but does not fully block all variants.
• Monitor for firmware updates from NVIDIA and motherboard vendors.
• Disable GPU compute features in untrusted environments until patches are available.

NVIDIA has not yet issued a public statement. However, given the severity of full system compromise, a rapid patch cycle is expected. The research papers will be presented at upcoming security conferences; full technical details are already available for peer review.

This is a developing story. Check back for updates on mitigation patches and further analysis.