NVIDIA is warning users to activate the System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. Rowhammer represents a real security concern that could cause data corruption or enable attacks in multi-tenant environments like cloud servers where vulnerable GPUs may be deployed. The GPU maker notes that newer GPUs like Blackwell RTX 50 Series (GeForce), Blackwell Data Center GB200, B200, B100, and Hopper Data Center H100, H200, H20, and GH200, come with built-in on-die ECC protection, which does nor require an intervention from the user. NVIDIA's security notice notes that researchers at the University of Toronto showed "a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory" where System-Level ECC was not enabled. System Level Error-Correcting Codes (ECC) can preserve the integirty of the data by adding redundant bits and correcting single-bit errors to maintain data reliability and accuracy. In workstation and data center GPUs where VRAM handles large datasets and precise calculations related to AI workloads, ECC must be enabled to prevent crucial errors in their operation. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. One way to check if System Level ECC is enabled is to use an out-of-band method that utilizes the system's BMC (Baseboard Management Controller) and hardware interface software, like the Redfish API, to check the "ECCModeEnabled" status. However, the real risk is context-dependent, and exploiting Rowhammer reliably is complicated, requiring specific conditions, high access rates, and precise control, making it an attack difficult to execute. The company is reinforcing the recommendation as new research demonstrates a Rowhammer attack against an NVIDIA A6000 GPU (graphical processing unit). If one location is bombarded with enough read-write operations, the value of the adjacent data bits can be flipped from one to zero and vice-versa, and thus change the in-memory information. Rowhammer is a hardware fault that can be triggered through software processes and stems from memory cells being too close to each other. A second In-Band method also exists, using the nvidia-smi command-line utility from the system's CPU to check and enable ECC where supported.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 11 Jul 2025 15:40:16 +0000