Researchers demonstrated two new Rowhammer attacks targeting Nvidia GPU GDDR memory that escalate unprivileged cloud users to full root control of the host machine.
Security researchers published two novel Rowhammer attack techniques that exploit bit-flip vulnerabilities in Nvidia GPU GDDR memory (GDDR6/6X). Unlike earlier GPU Rowhammer work that only achieved 8 bit-flips with limited impact, these new attacks generate enough controlled bit-flips to achieve full root privilege escalation on the host machine. The attacks are particularly dangerous in multi-tenant cloud GPU environments — such as AWS, GCP, or Azure GPU instances — where a single physical card may be shared among dozens of users. GPUs costing $8,000+ are prime shared infrastructure targets.
If you're running multi-tenant workloads on shared Nvidia GPU instances (A100, H100, etc.), you are now on hardware that has been proven exploitable by co-tenants for full root escalation. This is not a software patch away — it's a DRAM hardware class vulnerability. Any application that runs ML inference or training on shared cloud GPU nodes needs a threat model update. Dedicated instances or bare-metal GPU provisioning just became a defensible engineering decision, not just a performance one.
Audit your current cloud GPU provisioning this week: check whether your workloads run on shared multi-tenant GPU instances (e.g., AWS p4d, g5) versus dedicated bare-metal or isolated hosts, and document the exposure delta.
Run: curl -s http://169.254.169.254/latest/meta-data/instance-type (on your cloud GPU instance) to confirm instance type
Tags
Signals by role
Also today
Tools mentioned