GPUHammer Attack On NVIDIA GPUs Can Destroy AI Model Accuracy

HomeNews* NVIDIA GPUs are at risk from a new RowHammer-based security attack called GPUHammer.

• The attack can cause bit flips in GPU memory, degrading AI model accuracy from 80% to less than 1%.
• NVIDIA recommends enabling Error Correction Codes (ECC) to protect systems, though this may slow down workloads and reduce available memory.
• Newer NVIDIA GPUs with on-die ECC, such as the H100 and RTX 5090, are not affected by GPUHammer.
• Related research showed RowHammer attacks can also threaten cryptographic systems like the FALCON post-quantum signature scheme. NVIDIA has issued an alert to its customers following the discovery of a new RowHammer-based vulnerability named GPUHammer. The attack targets the company’s graphics processing units and allows attackers to alter data stored in GPU memory. Researchers demonstrated this exploit on models such as the NVIDIA A6000 GPU, highlighting significant risks to users running Artificial Intelligence workloads.

• Advertisement - According to a security advisory from NVIDIA, the effectiveness of RowHammer attacks varies with the type of DRAM, system design, and configuration. Company experts recommend users turn on System-level Error Correction Codes (ECC) to help prevent unauthorized changes in graphics memory. The researchers found that a single bit flip, triggered by GPUHammer, can cause major AI model failure, dropping accuracy from 80% to 0.1%.

The vulnerability enables a malicious GPU user to affect another user’s data in shared systems. “Enabling Error Correction Codes (ECC) can mitigate this risk, but ECC can introduce up to a 10% slowdown for [machine learning] inference workloads on an A6000 GPU,” noted study authors Chris Lin, Joyce Qu, and Gururaj Saileshwar. They also reported that using ECC reduces memory capacity by around 6.25%.

RowHammer attacks use repeated memory access to induce bit flips due to electrical interference in DRAM. Similar to how the Spectre and Meltdown vulnerabilities target CPUs, RowHammer targets memory chips inside computers or GPUs. The GPUHammer variant works against NVIDIA GPUs despite earlier defenses such as Target Row Refresh (TRR). In one proof-of-concept, researchers reduced an ImageNet deep neural network’s accuracy from 80% to less than 1% using a single targeted bit flip.

Users of new NVIDIA hardware like the H100 or RTX 5090 are not at risk due to on-die ECC, which can automatically detect and correct memory errors. The recommended defense for older GPUs is to activate ECC through the “nvidia-smi -e 1” command as described in NVIDIA’s official advisory.

In separate news, a similar RowHammer technique called CrowHammer was able to attack the FALCON post-quantum signature scheme, selected by NIST as a standard. Researchers showed that a specific bit flip could allow a Hacker to recover cryptographic signing keys from affected systems.

These new findings reveal that hardware-level attacks continue to pose challenges for both AI and cryptographic security, especially as memory chips become smaller and more densely packed.

• Advertisement - #### Previous Articles:

• AMD Stock Surges as Analysts Set Bullish Targets Amid AI Chip Hopes
• Bitcoin Soars to Record High After Musk, Trump Spur Crypto Rally
• Asia’s Tokenization Boom Draws Global Investors With Clear Regulation
• Bitcoin Hits $120K: Ether, Solana, Dogecoin, XRP Surge as Institutions Drive Rally
• Ethereum’s Bearish Clues: 3 Signs to Watch for 2025 Investors

• Advertisement -