TWO new Rowhammer attacks, GDDRHammer and GeForge, demonstrate how a malicious user can gain full root control of a host by hammering memory on Nvidia GPUs. The proofs-of-concept target Nvidia’s Ampere RTX 3060 and RTX 6000, showing that GDDR bitflips can override GPU page tables to read and write CPU memory, with the attacker effectively obtaining complete compromise of the machine when IOMMU is disabled by default in the BIOS.
The researchers achieved an average of 129 flips per memory bank with GDDRHammer, and GeForge registered 1,171 flips against the RTX 3060 and 202 flips against the RTX 6000, using memory massaging to bypass protections. The GPUs discussed are high-end, typically costing $8,000 or more, and Nvidia notes the only known vulnerable cards are the RTX 3060 and RTX 6000 from the Ampere generation, introduced in 2020.
Mitigations include enabling IOMMU and/or enabling ECC on the GPU, though both can incur performance or memory trade-offs. The work underscores that Rowhammer threats on GPU memory can have as serious security consequences as those on CPU memory, potentially affecting machine-wide security in cloud and other multi-tenant environments.