GPUHammer: New RowHammer Attack Variant Compromises AI Model Integrity on NVIDIA GPUs

NVIDIA is advising customers to activate System-level Error Correction Codes (ECC) as a safeguard against a newly identified variant of the RowHammer attack targeting its graphics processing units (GPUs). “The likelihood of successful RowHammer exploitation varies depending on DRAM device, platform, design specifications, and system settings,” the company noted in a recent advisory. Named GPUHammer, this marks the first incident of a RowHammer exploit impacting NVIDIA GPUs, such as the A6000 with GDDR6 memory. This attack allows malicious users to manipulate other users’ data by inducing bit flips in GPU memory. Researchers from the University of Toronto highlighted a particularly alarming outcome: the accuracy of an AI model can plummet from 80% to below 1%. RowHammer poses a similar risk to modern DRAMs as Spectre and Meltdown do for contemporary CPUs, representing critical hardware-level security vulnerabilities.

GPUHammer: New RowHammer Attack Variant Threatens AI Performance on NVIDIA GPUs

On July 12, 2025, NVIDIA issued a critical advisory urging its customers to activate System-level Error Correction Codes (ECC) to combat a newly revealed variant of RowHammer attacks targeting its graphics processing units (GPUs). Identified as GPUHammer, this attack represents the first known exploit of its kind against NVIDIA’s GPU architecture, particularly impacting models such as the NVIDIA A6000 equipped with GDDR6 memory.

The GPUHammer vulnerability allows malicious actors to manipulate data stored in the GPU’s memory, resulting in detrimental bit flips. Significant research from the University of Toronto has indicated that such interference can lead to a dramatic decline in the accuracy of artificial intelligence (AI) models—plummeting from 80% to below 1%. This degradation poses a severe risk to organizations dependent on AI for decision-making and operational efficiency.

RowHammer attacks exploit inherent weaknesses in dynamic random-access memory (DRAM), similar to how threats like Spectre and Meltdown have targeted modern CPUs. While both exploitations manipulate hardware at a fundamental level, the implications for GPU-based AI applications are particularly alarming, as they can silently corrupt data critical to machine learning processes.

NVIDIA emphasized that the risk associated with these RowHammer attacks is contingent on several factors, including the specific DRAM devices used, the platform architecture, and the relevant design specifications. This complexity underscores the varied landscape of vulnerabilities that business owners must navigate and protect against.

The advisory also hints at broader cybersecurity implications. By invoking the MITRE ATT&CK framework, it is evident that tactics such as initial access through exploiting physical memory vulnerabilities and potential privilege escalation from unauthorized access to GPU memory could be relevant. These techniques outline how adversaries may gain footholds in systems reliant on NVIDIA GPUs, potentially impacting a wide range of industries.

As organizations increasingly integrate AI into their workflows, the stakes of maintaining robust security measures are higher than ever. Decisions regarding hardware configurations should prioritize the implementation of ECC as a mitigative strategy against such sophisticated attacks. The necessity for vigilance in cyber defense cannot be understated, especially as the landscape of threats continues to evolve.

In a digital age characterized by rapid technological advancement, understanding and addressing these vulnerabilities is crucial. As business owners weigh the benefits of AI enhancement against potential cybersecurity risks, awareness of issues like GPUHammer will be integral to maintaining not only performance but also data integrity.

Source link

Related Posts

Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions

July 4, 2025
By Cybersecurity Insights

Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:

  • CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.

  • CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.

Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.

Warning: Exposed JDWP Interfaces are Being Exploited for Crypto Mining; Hpingbot Targets SSH for DDoS

Date: July 5, 2025
Category: Vulnerability / Botnet

Cybercriminals are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to gain code execution access and deploy cryptocurrency miners on compromised systems. According to Wiz researchers Yaara Shriki and Gili Tikochinski, “The attacker utilized a modified version of XMRig with a hard-coded configuration, allowing them to evade detection from suspicious command-line arguments that security measures often flag.” They added that the mining payload employed proxies to obscure the cryptocurrency wallet address, complicating investigations. The cloud security firm, recently acquired by Google Cloud, reported observing this activity on its honeypot servers running TeamCity, a well-known continuous integration and delivery (CI/CD) tool. JDWP, a debugging communication protocol for Java, enables users to manage Java applications in separate processes.

CISA Adds Four High-Risk Vulnerabilities to KEV Catalog Amid Ongoing Exploitation

July 8, 2025
Cyber Attacks / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The identified vulnerabilities are as follows:

  • CVE-2014-3931 (CVSS score: 9.8): A buffer overflow flaw in Multi-Router Looking Glass (MRLG) allowing remote attackers to perform arbitrary memory writes and cause memory corruption.
  • CVE-2016-10033 (CVSS score: 9.8): A command injection vulnerability in PHPMailer enabling attackers to execute arbitrary code within the application or trigger a denial-of-service (DoS) condition.
  • CVE-2019-5418 (CVSS score: 7.5): A path traversal vulnerability in Ruby on Rails’ Action View that may expose the contents of arbitrary files on the target system’s filesystem.
  • CVE-2019-9621 (CVSS score: 7.5): A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could…

Microsoft Addresses 130 Vulnerabilities, Including Critical Issues in SPNEGO and SQL Server

July 9, 2025
Endpoint Security / Vulnerability

In its first Patch Tuesday update of 2025, Microsoft has rolled out fixes for 130 vulnerabilities, marking a shift as no exploited security flaws were included in this batch. Notably, one flaw addressed had already been publicly disclosed. The update also tackles 10 additional non-Microsoft CVEs impacting Visual Studio, AMD, and the Chromium-based Edge browser. Among the patched vulnerabilities, 10 are classified as Critical, while the remainder are deemed Important. “This marks the end of an 11-month streak of fixing at least one zero-day exploitation,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. The vulnerabilities include 53 related to privilege escalation, 42 for remote code execution, 17 for information disclosure, and 8 for security feature bypasses. Furthermore, the update builds on two other flaws previously fixed in the Edge browser since the last month’s Patch Tuesday.