New Rowhammer Attacks Compromise NVIDIA GPUs, Leading to Full System Control
Executive Summary
In April 2026, independent research teams unveiled novel Rowhammer attacks targeting NVIDIA's Ampere-generation GPUs, specifically the RTX 3060 and RTX 6000 models. These attacks, named GDDRHammer and GeForge, exploit vulnerabilities in GDDR6 memory to induce bit flips, granting attackers arbitrary read/write access to CPU memory and leading to full system compromise. The attacks are particularly effective when IOMMU memory management is disabled, a common default in BIOS settings. (arstechnica.com)
The emergence of these GPU-focused Rowhammer attacks signifies a critical evolution in hardware-based vulnerabilities, extending beyond traditional CPU memory exploits. This development underscores the urgent need for enhanced security measures in GPU architectures, especially as GPUs play pivotal roles in cloud computing and AI applications. Organizations must reassess their hardware security protocols to mitigate these advanced threats.
Why This Matters Now
The discovery of GPU-targeted Rowhammer attacks highlights a significant shift in hardware vulnerabilities, emphasizing the necessity for immediate security enhancements in GPU architectures to protect against potential system-wide compromises.
Attack Path Analysis
An attacker exploits the Rowhammer vulnerability in NVIDIA GPUs to induce bit flips in GPU memory, leading to arbitrary code execution. This allows the attacker to escalate privileges by gaining control over the GPU's page tables, granting access to the host CPU's memory. The attacker then moves laterally within the system by manipulating memory mappings to access other processes and data. Establishing command and control, the attacker can execute arbitrary commands on the compromised system. Sensitive data is exfiltrated by reading and transmitting information from the host memory. Finally, the attacker achieves full system compromise, potentially leading to data corruption or destruction.
Kill Chain Progression
Initial Compromise
Description
The attacker exploits the Rowhammer vulnerability in NVIDIA GPUs to induce bit flips in GPU memory, leading to arbitrary code execution.
MITRE ATT&CK® Techniques
Hardware Additions
Firmware Corruption
Exploitation for Privilege Escalation
Endpoint Denial of Service
Exploitation for Client Execution
Disk Wipe
Inhibit System Recovery
Resource Hijacking
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – System Security Vulnerabilities Management
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Asset Management
Control ID: 3.1
NIS2 Directive – Security Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Hardware
NVIDIA GPU rowhammer attacks enable complete CPU memory control and system compromise, directly threatening hardware manufacturers' product security and reputation.
Computer Games
Gaming systems using NVIDIA RTX cards face privilege escalation risks through GDDR memory exploitation, compromising anti-cheat systems and user data.
Health Care / Life Sciences
Medical imaging and AI systems using NVIDIA GPUs vulnerable to memory corruption attacks, violating HIPAA compliance and patient data protection.
Financial Services
GPU-accelerated trading and analytics platforms face complete system compromise through rowhammer attacks, threatening financial data integrity and regulatory compliance.
Sources
- Rowhammer Attack Against NVIDIA Chipshttps://www.schneier.com/blog/archives/2026/05/rowhammer-attack-against-nvidia-chips.htmlVerified
- Security Notice: Rowhammer - July 2025https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025Verified
- Nvidia chips become the first GPUs to fall to Rowhammer bit-flip attackshttps://arstechnica.com/security/2025/07/nvidia-chips-become-the-first-gpus-to-fall-to-rowhammer-bit-flip-attacks/Verified
- GPUHammer: Rowhammer Attacks on GPU Memories are Practicalhttps://arxiv.org/abs/2507.08166Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could likely limit the attacker's ability to escalate privileges, move laterally, and exfiltrate data by enforcing strict segmentation and egress controls.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: While Aviatrix CNSF may not prevent the initial exploitation of hardware vulnerabilities, it could likely limit the attacker's ability to leverage this access to escalate privileges or move laterally within the cloud environment.
Control: Zero Trust Segmentation
Mitigation: Aviatrix Zero Trust Segmentation could likely limit the attacker's ability to escalate privileges by enforcing strict access controls between workloads and sensitive resources.
Control: East-West Traffic Security
Mitigation: Aviatrix East-West Traffic Security could likely constrain the attacker's lateral movement by monitoring and controlling internal traffic flows between workloads.
Control: Multicloud Visibility & Control
Mitigation: Aviatrix Multicloud Visibility & Control could likely detect and limit unauthorized command and control activities by providing centralized monitoring and policy enforcement across cloud environments.
Control: Egress Security & Policy Enforcement
Mitigation: Aviatrix Egress Security & Policy Enforcement could likely prevent unauthorized data exfiltration by controlling and monitoring outbound traffic from the cloud environment.
While Aviatrix CNSF may not prevent the initial system compromise, it could likely limit the overall impact by containing the attacker's activities and preventing further spread within the cloud environment.
Impact at a Glance
Affected Business Functions
- High-Performance Computing
- Machine Learning Training
- Data Center Operations
Estimated downtime: N/A
Estimated loss: N/A
Potential corruption of machine learning models and data processed on affected GPUs.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access between workloads and prevent lateral movement.
- • Enable East-West Traffic Security to monitor and control internal traffic, detecting unauthorized access attempts.
- • Deploy Threat Detection & Anomaly Response systems to identify and respond to unusual activities indicative of exploitation.
- • Utilize Inline IPS (Suricata) to detect and prevent known exploit patterns and malicious payloads.
- • Ensure Secure Hybrid Connectivity (DCE) to maintain encrypted and resilient connections between on-premises and cloud environments.
