University of Toronto researchers developed a technique that compromises artificial intelligence model performance on graphics processing units through memory manipulation attacks. The team targeted NVIDIA RTX A6000 cards equipped with GDDR6 video memory to demonstrate vulnerabilities similar to traditional RowHammer exploits. Their GPUHammer method induced single-bit errors within memory banks that drastically reduced neural network accuracy from 80 percent to merely 0.1 percent across ImageNet classification tasks. The attack succeeded despite existing hardware protections like target row refresh mechanisms designed to prevent such intrusions. Researchers achieved these results by reverse-engineering memory bank structures and synchronizing attacks with refresh cycles.
The vulnerability appears limited to specific hardware configurations rather than affecting all graphics cards universally. Testing revealed that RTX 3080 models remained unaffected, likely due to memory chip variations from different manufacturers such as Samsung, SK Hynix, and Micron. Similarly, newer RTX 5090 cards and data center solutions like A100 and H100 systems with high-bandwidth memory showed no susceptibility to the attack method. NVIDIA has acknowledged the security concern and recommended enabling error-correcting code features on vulnerable systems. However, activating these protections reduces machine learning performance by up to 10 percent while consuming 6.25 percent of available memory capacity.
The vulnerability appears limited to specific hardware configurations rather than affecting all graphics cards universally. Testing revealed that RTX 3080 models remained unaffected, likely due to memory chip variations from different manufacturers such as Samsung, SK Hynix, and Micron. Similarly, newer RTX 5090 cards and data center solutions like A100 and H100 systems with high-bandwidth memory showed no susceptibility to the attack method. NVIDIA has acknowledged the security concern and recommended enabling error-correcting code features on vulnerable systems. However, activating these protections reduces machine learning performance by up to 10 percent while consuming 6.25 percent of available memory capacity.
