Security researchers have demonstrated a powerful new class of Rowhammer attacks targeting NVIDIA GPUs, raising fresh concerns about hardware-level security as graphics processors become central to AI and cloud computing. The newly disclosed techniques, capable of escalating from memory corruption to full system takeover, mark a significant shift in how attackers can exploit modern computing infrastructure.
The research, published this week and gaining attention across the cybersecurity community, shows how vulnerabilities in GDDR6 memory can be exploited to gain arbitrary read and write access. In practical terms, that means an attacker could move beyond disrupting GPU workloads and potentially seize control of the host CPU and system memory.
At the centre of the findings are attack variants known as GDDRHammer and GeForce/GeForge. These techniques adapt the long-studied Rowhammer method — where repeated access to specific memory rows induces bit flips in adjacent cells — to GPU memory for the first time at this scale. Researchers reported generating more than 100 targeted bit flips per memory bank in some scenarios, while bypassing existing GPU protections.
Unlike earlier GPU-focused exploits, which were largely limited to degrading application performance or interfering with AI model accuracy, the new attacks demonstrate end-to-end compromise capabilities. By carefully manipulating memory faults, attackers can tamper with page tables and memory mappings, effectively creating a bridge between GPU and CPU memory spaces.
This breakthrough allows unauthorized access to system memory, opening the door to privilege escalation, data exfiltration, and in some cases, full control over the machine. More advanced variants can even redirect GPU memory operations directly into CPU memory regions, expanding the attack beyond the graphics processor itself.
Shared GPU environments face heightened risk
The implications are particularly serious for cloud platforms and AI infrastructure, where GPUs are commonly shared across multiple users or workloads. In these environments, an attacker may not need direct access to a target system. Simply running processes on the same physical GPU could be enough to interfere with neighbouring workloads or escalate privileges.
This makes multi-tenant GPU clusters — widely used in AI training, research environments and enterprise deployments — a potential high-risk target. As demand for GPU compute continues to surge, especially with the growth of generative AI, the attack surface is expanding faster than traditional security models have accounted for.
The findings also reinforce a broader shift in cybersecurity thinking. Hardware components, once assumed to be reliable trust boundaries, are increasingly being exposed as potential entry points. GPUs, in particular, are evolving from specialised accelerators into critical infrastructure — and with that transition comes a new class of risks.
Mitigation remains complex and imperfect
Defending against Rowhammer-style attacks has long been a challenge due to their roots in physical memory behaviour rather than software flaws. Potential mitigations include enabling error-correcting code (ECC) memory, increasing memory refresh rates, and restricting GPU access to system memory using isolation technologies such as IOMMU.
However, these approaches often come with performance trade-offs or limited effectiveness against more advanced attack techniques. Researchers note that even modern DRAM protections are not always sufficient, particularly as memory density increases and attack methods become more sophisticated.
The emergence of GPU-based Rowhammer attacks suggests that existing safeguards may need to be re-evaluated, especially in high-performance and shared computing environments. For organisations heavily reliant on GPUs, the challenge is no longer confined to software vulnerabilities or network threats.
As highlighted in recent coverage by Ars Technica, the research signals a deeper shift: hardware itself can no longer be treated as a secure foundation. Instead, it must be actively monitored, hardened and integrated into broader, cross-layer security strategies.
With GPUs now powering everything from AI models to cloud infrastructure, the line between performance hardware and security risk is becoming increasingly blurred — and for many organisations, that shift may already be underway.
You may like this report on the 2026 Guelph Bitcoin fraud case, which looks at how crypto scams are evolving and why investors need to stay alert.
Make Swikblog your go-to source on Google for reliable updates, smart insights, and daily trends.
