Nvidia recommends users activate System Level Error-Correcting Code (ECC), as graphics cards with GDDR6 memory are vulnerable to the Rowhammer attack.
“The risk of successfully exploiting the Rowhammer vulnerability depends on the DRAM model, platform, architectural features, and system settings,” the manufacturer reports.
Recall that the original Rowhammer attack was devised in 2014 by experts from Carnegie Mellon University. Its essence was based on the fact that intensive manipulation of certain memory cells could cause a change in the bit state of adjacent cells.
Memory cells store information in the form of electrical charges, which determine bit values as 1 or 0. Due to increased cell density, repeated “hammering” (when an application accesses the same areas thousands of times within fractions of a second) can alter the charge state in adjacent rows, leading to “bit flipping.” This phenomenon is where the name Rowhammer comes from.
Such deliberate bit flips can be used by attackers who ultimately gain access to confidential data, can decrypt and tamper with it, as well as exploit the issue remotely, escalate privileges, and more.
The advisory released by Nvidia is related to a new study published by experts from the University of Toronto. The researchers demonstrated that Rowhammer can be adapted to attack the Nvidia A6000. This attack has been named GPUHammer.
Although carrying out a Rowhammer attack on GDDR6 is more challenging — due to greater latency and faster refresh compared to DDR4 in regular RAM — researchers have proven that such attacks on GPUs are generally possible.
“We executed GPUHammer on an Nvidia RTX A6000 (48 GB GDDR6), tested four memory banks (DRAM), and recorded eight different single-bit flips (failures occurred in all tested banks),” the specialists write. “The minimum number of activations (TRH) required to induce a flip was about 12,000, which aligns with previous observations for DDR4. Using these flips, we conducted the first-ever Rowhammer attack on a GPU, which reduces the accuracy of machine learning models.”
GPUHammer can reduce the accuracy of an AI model from 80% to 0.1% with just a single bit flip on an A6000 GPU.
The aforementioned error-correcting codes (System Level Error-Correcting Codes, ECC) help maintain data integrity by adding redundant bits and correcting single-bit errors to ensure data reliability and accuracy.
For graphics cards designed for workstations and data centers, where VRAM handles large data sets and precise computations related to AI, System Level ECC should be enabled to prevent critical errors.
In its security bulletin, Nvidia highlights that researchers from the University of Toronto demonstrated a “potential Rowhammer attack on the Nvidia A6000 GPU with GDDR6 memory,” where the System Level ECC feature was disabled.
In addition to the RTX A6000, Nvidia also recommends enabling System Level ECC for the following products.
Graphics Cards for Data Centers:
- Ampere — A100, A40, A30, A16, A10, A2, A800;
- Ada — L40S, L40, L4;
- Hopper — H100, H200, GH200, H20, H800;
- Blackwell — GB200, B200, B100;
- Turing — T1000, T600, T400, T4;
- Volta — Tesla V100, Tesla V100S.
Graphics Cards for Workstations:
- Ampere RTX — A6000, A5000, A4500, A4000, A2000, A1000, A400;
- Ada RTX — 6000, 5000, 4500, 4000, 4000 SFF, 2000;
- Blackwell RTX PRO;
- Turing RTX — 8000, 6000, 5000, 4000;
- Volta — Quadro GV100.
Embedded and industrial solutions:
- Jetson AGX Orin Industrial;
- IGX Orin.
At the same time, Nvidia notes that newer GPUs, including the Blackwell RTX 50 Series (GeForce), Blackwell Data Center GB200, B200, B100, and Hopper Data Center H100, H200, H20, and GH200, are equipped with built-in ECC protection, which does not require user intervention.
It is worth noting that, according to the researchers’ estimates, enabling System Level ECC may slow down the performance of AI models by 10% and also reduce the available memory capacity by up to 6.5% under any type of load.
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →