CyberSecurityBoard
Sponsor Register Login

NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer

NVIDIA is warning users to activate the System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. Rowhammer represents a real security concern that could cause data corruption or enable attacks in multi-tenant environments like cloud servers where vulnerable GPUs may be deployed. The GPU maker notes that newer GPUs like Blackwell RTX 50 Series (GeForce), Blackwell Data Center GB200, B200, B100, and Hopper Data Center H100, H200, H20, and GH200, come with built-in on-die ECC protection, which does nor require an intervention from the user. NVIDIA's security notice notes that researchers at the University of Toronto showed "a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory" where System-Level ECC was not enabled. System Level Error-Correcting Codes (ECC) can preserve the integirty of the data by adding redundant bits and correcting single-bit errors to maintain data reliability and accuracy. In workstation and data center GPUs where VRAM handles large datasets and precise calculations related to AI workloads, ECC must be enabled to prevent crucial errors in their operation. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. One way to check if System Level ECC is enabled is to use an out-of-band method that utilizes the system's BMC (Baseboard Management Controller) and hardware interface software, like the Redfish API, to check the "ECCModeEnabled" status. However, the real risk is context-dependent, and exploiting Rowhammer reliably is complicated, requiring specific conditions, high access rates, and precise control, making it an attack difficult to execute. The company is reinforcing the recommendation as new research demonstrates a Rowhammer attack against an NVIDIA A6000 GPU (graphical processing unit). If one location is bombarded with enough read-write operations, the value of the adjacent data bits can be flipped from one to zero and vice-versa, and thus change the in-memory information. Rowhammer is a hardware fault that can be triggered through software processes and stems from memory cells being too close to each other. A second In-Band method also exists, using the nvidia-smi command-line utility from the system's CPU to check and enable ECC where supported.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 11 Jul 2025 15:40:16 +0000


Cyber News related to NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer

NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer - NVIDIA is warning users to activate the System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. Rowhammer represents a real security concern that could cause ...
2 months ago Bleepingcomputer.com
GPUHammer - First Rowhammer Attack Targeting NVIDIA GPUs - Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses ...
2 months ago Cybersecuritynews.com Inception
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory - A newly discovered attack named "New Phoenix" has been found to bypass existing Rowhammer defenses in DDR5 memory modules. Rowhammer is a hardware vulnerability that allows attackers to manipulate memory cells by repeatedly accessing adjacent rows, ...
3 weeks ago Bleepingcomputer.com
Nvidia To Build Network Of AI Chip Plants In Japan - Nvidia chief Jensen Huang says company to work with local companies to build network of AI chip plants in Japan. Nvidia is to collaborate with local companies to build a network of semiconductor manufacturing facilities in Japan to meet demand for ...
1 year ago Silicon.co.uk
Nvidia sued after video call mistake showed 'stolen' data - According to a lawsuit filed against tech giant Nvidia, senior staff member Mohammad Moniruzzaman made this error with disastrous consequences. In the course of it, Valeo claims he accidentally displayed a file proving he stole its tech secrets. The ...
1 year ago Bbc.com
Apple, AMD, Qualcomm, Imagination GPUs open to data theft The Register - A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users. On a non-shared system, malware that manages to run on the box could abuse the weakness to ...
1 year ago Go.theregister.com Hunters
CVE-2021-42114 - Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, ...
3 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks - A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. Tracked as CVE-2023-4969, the security issue enables data ...
1 year ago Bleepingcomputer.com CVE-2023-4969
Cohesity partners with NVIDIA to harness the power of generative AI - Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. ...
1 year ago Helpnetsecurity.com
CVE-2020-10255 - Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker ...
5 years ago
Five AI topics to discuss with your CEO - At Cisco Live EMEA in Amsterdam in early February, you couldn't swing an Ethernet cable without hitting someone who was talking about it. Even though AI comes with especially useful applications and some very practical downsides, it's important to ...
1 year ago Feedpress.me
Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA - With NVIDIA accelerated computing and AI software, cybersecurity leaders like Palo Alto Networks can safeguard vast amounts of sensitive information with unprecedented speed and accuracy, ushering in a new era of AI-driven data protection. The ...
1 year ago Paloaltonetworks.com
Attackers Could Eavesdrop on AI Conversations on GPUs - Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the ...
1 year ago Techrepublic.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
1 year ago Feedpress.me
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability - Organizations utilizing managed AI services from major cloud providers face immediate exposure, as a single malicious container could compromise entire host systems and access sensitive data belonging to multiple tenants. The vulnerability affects ...
2 months ago Cybersecuritynews.com
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
1 year ago Infoworld.com
ASD's ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies - This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services. The guidance contains a range of internal and external considerations and offers sample questions to leverage at ...
1 year ago Cisa.gov
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
1 year ago Darkreading.com Cozy Bear
US Allies Issue Joint Guidance on Software Bill of Materials (SBOMs) to Enhance Cybersecurity - US allies have collaboratively issued new guidance on Software Bill of Materials (SBOMs) to strengthen cybersecurity defenses across critical infrastructure and software supply chains. This joint effort emphasizes the importance of transparency and ...
1 month ago Infosecurity-magazine.com
Nvidia Targets Insider Threats with Digital Fingerprinting Technology - Nvidia recently announced a new technology to help detect and prevent insider threats. The tech, known as Digital Fingerprinting, is designed to detect unauthorized attempts to access sensitive data or systems within a company's network. The ...
2 years ago Csoonline.com
Surveillance Self-Defense: 2023 Year in Review - It's been a big year for Surveillance Self-Defense, our repository of self-help resources for helping better protect you and your friends from online spying. We've done a number of updates and tackled a few new emerging topics with blog posts. ...
1 year ago Eff.org
Vultr Cloud Inference simplifies AI deployment - Vultr launched Vultr Cloud Inference, a new serverless platform. Leveraging Vultr's global infrastructure spanning six continents and 32 locations, Vultr Cloud Inference provides customers with scalability, reduced latency, and enhanced cost ...
1 year ago Helpnetsecurity.com
Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - Attackers could crash analysis tools or leak memory contents by distributing weaponized cubin files – a critical risk for AI development teams sharing pre-trained models. These vulnerabilities, spanning the cuobjdump and nvdisasm utilities, expose ...
7 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)