Security researchers have uncovered a critical vulnerability in the hardware that powers modern artificial intelligence: the GPU. Two new attacks, dubbed GDDRHammer and GeForge, demonstrate that the high-performance memory (GDDR) used in Nvidia’s Ampere-generation cards is susceptible to Rowhammering. This technique involves rapidly accessing specific rows of memory to create electrical disturbances that cause neighboring data bits to spontaneously flip from 0 to 1 or vice versa.

While Rowhammer attacks were previously limited to standard computer memory (DRAM), these new exploits prove that graphics cards are equally vulnerable. By carefully orchestrating these bit flips—a process called memory massaging—attackers can corrupt the internal "map" (page tables) that the system uses to organize data. This allows a malicious user on a shared cloud server to break out of their restricted area and gain total control (root access) over the host machine's central processor and memory.

The implications for AI infrastructure are significant, as GPUs are frequently shared among multiple users in data centers to save costs. Although enabling security features like IOMMU (which manages how devices talk to memory) or Error Correcting Code (ECC) can block these attacks, they often come with a performance penalty. This discovery highlights a growing need for security researchers to look beyond the software and address the physical vulnerabilities inherent in the specialized hardware driving the current AI boom.

Security researchers have uncovered a critical vulnerability in the hardware that powers modern artificial intelligence: the GPU. Two new attacks, dubbed GDDRHammer and GeForge, demonstrate that the high-performance memory (GDDR) used in Nvidia’s Ampere-generation cards is susceptible to Rowhammering. This technique involves rapidly accessing specific rows of memory to create electrical disturbances that cause neighboring data bits to spontaneously flip from 0 to 1 or vice versa.

While Rowhammer attacks were previously limited to standard computer memory (DRAM), these new exploits prove that graphics cards are equally vulnerable. By carefully orchestrating these bit flips—a process called memory massaging—attackers can corrupt the internal "map" (page tables) that the system uses to organize data. This allows a malicious user on a shared cloud server to break out of their restricted area and gain total control (root access) over the host machine's central processor and memory.

The implications for AI infrastructure are significant, as GPUs are frequently shared among multiple users in data centers to save costs. Although enabling security features like IOMMU (which manages how devices talk to memory) or Error Correcting Code (ECC) can block these attacks, they often come with a performance penalty. This discovery highlights a growing need for security researchers to look beyond the software and address the physical vulnerabilities inherent in the specialized hardware driving the current AI boom.