Nvidia recommends users activate System Level Error-Correcting Code (ECC), as graphics cards with GDDR6 memory are vulnerable to the Rowhammer attack.
“The risk of successfully exploiting the Rowhammer vulnerability depends on the DRAM model, platform, architectural features, and system settings,” the manufacturer reports.
Recall that the original Rowhammer attack was devised in 2014 by experts from Carnegie Mellon University. Its essence was based on the fact that intensive manipulation of certain memory cells could cause a change in the bit state of adjacent cells.
Memory cells store information in the form of electrical charges, which determine bit values as 1 or 0. Due to increased cell density, repeated “hammering” (when an application accesses the same areas thousands of times within fractions of a second) can alter the charge state in adjacent rows, leading to “bit flipping.” This phenomenon is where the name Rowhammer comes from.
Such deliberate bit flips can be used by attackers who ultimately gain access to confidential data, can decrypt and tamper with it, as well as exploit the issue remotely, escalate privileges, and more.
The advisory released by Nvidia is related to a new study published by experts from the University of Toronto. The researchers demonstrated that Rowhammer can be adapted to attack the Nvidia A6000. This attack has been named GPUHammer.
Although carrying out a Rowhammer attack on GDDR6 is more challenging — due to greater latency and faster refresh compared to DDR4 in regular RAM — researchers have proven that such attacks on GPUs are generally possible.
“We executed GPUHammer on an Nvidia RTX A6000 (48 GB GDDR6), tested four memory banks (DRAM), and recorded eight different single-bit flips (failures occurred in all tested banks),” the specialists write. “The minimum number of activations (TRH) required to induce a flip was about 12,000, which aligns with previous observations for DDR4. Using these flips, we conducted the first-ever Rowhammer attack on a GPU, which reduces the accuracy of machine learning models.”
GPUHammer can reduce the accuracy of an AI model from 80% to 0.1% with just a single bit flip on an A6000 GPU.
The aforementioned error-correcting codes (System Level Error-Correcting Codes, ECC) help maintain data integrity by adding redundant bits and correcting single-bit errors to ensure data reliability and accuracy.
For graphics cards designed for workstations and data centers, where VRAM handles large data sets and precise computations related to AI, System Level ECC should be enabled to prevent critical errors.
In its security bulletin, Nvidia highlights that researchers from the University of Toronto demonstrated a “potential Rowhammer attack on the Nvidia A6000 GPU with GDDR6 memory,” where the System Level ECC feature was disabled.
In addition to the RTX A6000, Nvidia also recommends enabling System Level ECC for the following products.
Graphics Cards for Data Centers:
- Ampere — A100, A40, A30, A16, A10, A2, A800;
- Ada — L40S, L40, L4;
- Hopper — H100, H200, GH200, H20, H800;
- Blackwell — GB200, B200, B100;
- Turing — T1000, T600, T400, T4;
- Volta — Tesla V100, Tesla V100S.
Graphics Cards for Workstations:
- Ampere RTX — A6000, A5000, A4500, A4000, A2000, A1000, A400;
- Ada RTX — 6000, 5000, 4500, 4000, 4000 SFF, 2000;
- Blackwell RTX PRO;
- Turing RTX — 8000, 6000, 5000, 4000;
- Volta — Quadro GV100.
Embedded and industrial solutions:
- Jetson AGX Orin Industrial;
- IGX Orin.
At the same time, Nvidia notes that newer GPUs, including the Blackwell RTX 50 Series (GeForce), Blackwell Data Center GB200, B200, B100, and Hopper Data Center H100, H200, H20, and GH200, are equipped with built-in ECC protection, which does not require user intervention.
It is worth noting that, according to the researchers’ estimates, enabling System Level ECC may slow down the performance of AI models by 10% and also reduce the available memory capacity by up to 6.5% under any type of load.
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.02.09 — Abandoned AWS S3 buckets could be used in attacks targeting supply chains
watchTowr discovered plenty of abandoned Amazon S3 buckets that could be used by attackers to deliver malware and backdoors to government agencies and large corporations. The researchers discovered…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →