GDDRHammer and GeForge Rowhammer Attacks Grant Complete Control of NVIDIA GPU Systems

Researchers uncovered two new Rowhammer attack methods targeting NVIDIA graphics cards on April 3, 2026, according to reports from Ars Technica and multiple security outlets. The attacks successfully breach GPU memory isolation, gain unrestricted read and write access to CPU memory, and ultimately allow threat actors to take complete control of users' computers.

Two Attack Variants Show Dramatic Efficacy Increases

The research documented two distinct Rowhammer exploits:

GDDRHammer:

Targeted at the RTX 6000 GPU
Causes an average of 129 bit flips per memory bank
Represents a 64-fold increase compared to previous Rowhammer attack efficacy documented in 2025

GeForge:

Proved more destructive in testing
Induced 1,171 bit flips on the RTX 3060
Induced 202 bit flips on the RTX 6000

Ampere Architecture GPUs Confirmed Vulnerable

Based on current test evidence, GDDRHammer and GeForge attacks are effective against NVIDIA's Ampere architecture GPUs, specifically the RTX 3060 and RTX A6000, with potentially other Ampere-based cards affected. NVIDIA states that GDDR7 devices, including GeForce RTX 50 series, implement on-die ECC that indirectly helps protect against Rowhammer.

Catastrophic Impact on AI Workloads

A related disclosure from July 2025 showed that a single GPU Rowhammer bit flip could drop AI model accuracy from 80% to 0.1%, highlighting the catastrophic impact on AI workloads. The new variants represent an evolution of this threat.

Mitigation Options Available With Performance Trade-offs

Three mitigation approaches exist:

Enable IOMMU feature in BIOS (disabled by default, may cause performance degradation)
Enable ECC on GPUs (incurs performance overhead, some attacks can bypass ECC)
Follow NVIDIA guidance released in July 2025 for defending GDDR6 GPUs

As of April 3, 2026, there is no evidence that threat actors have deployed these attack methods in real-world malicious campaigns, though public disclosure means this could change. An arXiv paper titled 'GPUHammer: Rowhammer Attacks on GPU Memories are Practical' documents the technical details.

Key Takeaways

GDDRHammer causes an average of 129 bit flips per memory bank on RTX 6000, a 64-fold increase over 2025 Rowhammer efficacy
GeForce induced 1,171 bit flips on RTX 3060 and 202 bit flips on RTX 6000 in testing
Both attacks successfully breach GPU memory isolation and grant complete control of affected systems
Confirmed vulnerable hardware includes NVIDIA Ampere architecture GPUs (RTX 3060, RTX A6000)
No evidence of real-world malicious deployment as of April 3, 2026, but mitigation options require performance trade-offs

Two Attack Variants Show Dramatic Efficacy Increases

The research documented two distinct Rowhammer exploits:

GDDRHammer:

Targeted at the RTX 6000 GPU

Causes an average of 129 bit flips per memory bank

Represents a 64-fold increase compared to previous Rowhammer attack efficacy documented in 2025

GeForge:

Proved more destructive in testing

Induced 1,171 bit flips on the RTX 3060

Induced 202 bit flips on the RTX 6000

Ampere Architecture GPUs Confirmed Vulnerable

Mitigation Options Available With Performance Trade-offs

Three mitigation approaches exist:

Enable IOMMU feature in BIOS (disabled by default, may cause performance degradation)

Enable ECC on GPUs (incurs performance overhead, some attacks can bypass ECC)

Follow NVIDIA guidance released in July 2025 for defending GDDR6 GPUs

Key Takeaways

GDDRHammer causes an average of 129 bit flips per memory bank on RTX 6000, a 64-fold increase over 2025 Rowhammer efficacy

GeForce induced 1,171 bit flips on RTX 3060 and 202 bit flips on RTX 6000 in testing

Both attacks successfully breach GPU memory isolation and grant complete control of affected systems

Confirmed vulnerable hardware includes NVIDIA Ampere architecture GPUs (RTX 3060, RTX A6000)

No evidence of real-world malicious deployment as of April 3, 2026, but mitigation options require performance trade-offs