The takeaway: Researchers have spent over a decade studying Rowhammer attacks, in which hackers corrupt memory by repeatedly accessing cells to flip bits through power leakage. A new study suggests the risk is broader than previously thought, and that the widely recommended ECC mitigation is not foolproof.
A study from researchers at UNC Chapel Hill and Georgia Tech shows that GDDR6-based Rowhammer attacks can grant kernel-level access to Linux systems equipped with GPUs based on Nvidia's Ampere and Ada Lovelace architectures. The vulnerability appears significantly more severe than what was outlined in a paper last year.
Rowhammer attacks work by repeatedly accessing a graphics card's memory cells to induce power leakage, flipping bits in adjacent cells. Researchers previously showed that this method can degrade AI model accuracy in Linux workstations using GPUs with GDDR6 memory, such as the Nvidia RTX A6000. Nvidia advised users to enable system-level error-correcting code (ECC) as a mitigation, though doing so carries roughly a 10% performance penalty.
The new research shows that more aggressive techniques, such as multi-sided Rowhammer attacks that target cells from multiple directions, can corrupt far more data. In some cases, successful attacks can grant arbitrary read and write access to both GPU and CPU memory.
Worse, ECC, which is designed to correct errors in affected cells, can only slow these attacks rather than stop them entirely. The researchers instead recommend additional hardware-level protections.
One option is Target Row Refresh (TRR), deployed in DDR4 memory, which proactively refreshes rows adjacent to frequently accessed cells to prevent bit flips. However, sufficiently aggressive multi-sided attacks can still overwhelm TRR.
Another approach, Refresh Management (RFM), sends a back-off signal to the memory controller when excessive activity is detected in a row, giving neighboring cells more time to recover. While RFM is more effective than earlier mitigations and is standardized for DDR5 and GDDR6, studies indicate that CPUs with DDR5 memory controllers have yet to implement it.
The researchers later told Ars Technica that the RTX 3060 is also vulnerable, and that restricting certain memory pathways by enabling input-output memory management units (IOMMU) in BIOS settings can help mitigate the issue.
Although Rowhammer has only been demonstrated on the RTX 3060 and A6000 so far, other GPUs and memory types may also be susceptible. Furthermore, Rowhammer has not been reported in the wild, but users should remain vigilant, as the exploit does not require physical system access.