Rowhammer attacks are no longer limited to CPUs and DDR memory. New research indicates that NVIDIA GPUs using GDDR6 are also vulnerable, and the impact reaches beyond graphics hardware into the host system. Two independent teams, GDDRHammer and GeForge, developed working exploits that use Rowhammer-induced bit-flips in NVIDIA GPUs to gain complete control over the host CPU’s memory.
The attack applies to some NVIDIA GPU models spanning the Ampere to Ada Lovelace families. An attacker who succeeds can read and write anything stored in the machine’s main memory. Both teams introduced Rowhammer techniques tailored to GPU architecture, and these methods achieved a significantly higher rate of bit-flips on GDDR6 memory than previous approaches.
The key stage in both exploit chains targets the GPU memory allocator. Controlled bit-flips are used to corrupt the GPU’s page tables, and once those page tables are compromised, the attacker gains arbitrary read and write access to CPU memory. That collapses the security boundary between the graphics subsystem and the rest of the machine, enabling a full system compromise and root access without interacting with privileged software paths.
The affected GPUs include the GeForce RTX 3060, which experienced 1,171 bit-flips, and the RTX 6000 ‘Ada’ GPU, which saw 202 bit-flips from the attack. The findings show that the fragile nature of GDDR6 memory can be exploited in ways that directly compromise the CPU host, turning a long-known DRAM weakness into a broader platform security problem.
