Overview
- University of Toronto researchers publicly demonstrated GPUHammer, a Rowhammer-style exploit targeting GDDR6 memory.
- Single-bit flips induced by GPUHammer can collapse AI accuracy from around 80 percent to under 1 percent on an RTX A6000.
- GPUHammer requires only co-residency on the same GPU in cloud or server environments, avoiding any need to access user code or data.
- Nvidia’s security advisory lists affected Ampere, Ada, Hopper and Turing models with a recommendation to activate ECC on GDDR6-based cards.
- New Nvidia GPUs including the RTX 5090 and H100 integrate on-chip ECC to automatically guard against bit-flip attacks.