Silent Rowhammer attack corrupts AI models on GDDR6 Nvidia graphics cards, dubbed 'GPUHammer'; AI accuracy plummeting from 80% to a mere 0.1% on RTX A6000.

In a recent development, a new attack known as GPUHammer has been unveiled, targeting NVIDIA GPUs and posing a significant threat to shared GPU environments like cloud gaming servers, AI training clusters, and VDI setups. This attack, which is a GPU-focused version of the known hardware issue called Rowhammer, can corrupt AI models on NVIDIA GPUs by flipping bits in memory.

The risk of GPUHammer applies to a wide range of Ampere, Ada, Hopper, and Turing GPUs, especially those used in workstations and servers. The attack was tested on an RTX A6000, but its potential impact extends beyond this model.

In regulated industries such as healthcare, finance, or autonomous driving, such changes could cause serious problems, including wrong decisions, security failures, and legal consequences. Attacks like GPUHammer can tamper with the integrity of AI, affecting how models behave or make decisions.

NVIDIA has responded to this threat by publishing a full list of affected models and recommending Error Correcting Code (ECC) for most of them. ECC adds redundancy to memory to help detect and fix errors, but it comes with a small performance trade-off (around 10% slower for machine learning tasks, and about 6-6.5% less usable VRAM). Enabling ECC can be done using Nvidia's command-line tool.

Interestingly, newer GPUs like the RTX 5090 and H100 have built-in ECC directly on the chip, which handles this issue automatically. This development underscores the evolving nature of GPU technology and the need for robust memory safety measures.

It is important to note that the attack doesn't require access to your data. An attacker sharing the same GPU in a cloud environment or server could potentially interfere with your workload. However, the origin of GPUHammer's discovery cannot be determined from the provided information.

As the industry continues to rely heavily on GPUs for AI, creative work, and productivity, the risks associated with these devices are increasing. GPUHammer serves as a wake-up call, emphasising the core idea that memory on a GPU can be tampered with silently, especially as more games, apps, and services start leaning on AI.

For up-to-date news, analysis, and reviews on GPUHammer and related topics, follow Tom's Hardware on Google News. The entire industry needs to take seriously the need for enhanced memory safety measures as GPUs continue to evolve and play a crucial role in our digital world.

Silent Rowhammer attack corrupts AI models on GDDR6 Nvidia graphics cards, dubbed 'GPUHammer'; AI accuracy plummeting from 80% to a mere 0.1% on RTX A6000.